Access Control Models and Architectures for Iot and Cyber Physical Systems

1 Introduction: Requirements for Access Control in IoT and CPS

1.1 Introduction and Motivation

1.1.1 IoT Architectures

1.1.2 IoT and CPS Security Issues

1.2 Access Control Models

1.2.1 State of the Art

1.2.2 Access Control Models for Smart Connected Systems

1.3 Publish-Subscribe Paradigm

1.4 IoT and CPS Integration with Cloud and Edge Computing

1.5 Current Trends

1.6 Access Control Challenges and Research Needs

1.7 Summary

References

2 Access Control Oriented Architectures Supporting IoT and CPS

2.1 Introduction

2.1.1 Chapter Organization

2.2 Primitives for Cloud and Edge Assisted Io

2.2.1 Taxonomy of Smart Devices

2.2.2 Cloud and Edge Hybrid Architectures

2.3 Access Control Oriented Architectures

2.3.1 Edge Gateway Supported ACO Architecture

2.3.2 Extended ACO Architecture with Clustered Objects

2.4 Illustrative IoT and CPS using Proposed Architectures

2.4.1 Remote Patient Monitoring (RPM)

2.4.2 Intelligent Transportation System (ITS)

2.5 Summary

References

3 Authorization Frameworks for Smart and Connected Ecosystems 9

3.1 Introduction

3.1.1 Chapter Organization

3.2 Access Control Framework for Cloud Enabled Wearable IoT

3.2.1 Access Control Framework

3.2.2 RPM Wearable IoT Use Case

3.3 Framework for Smart Connected Cars Ecosystem

3.3.1 Access Control Framework

3.3.2 Identified Access Control Approaches

3.3.3 Single and Multi-Cloud Cyber Physical Systems

3.4 Objectives of Proposed Frameworks

3.5 Summary

References

4 Access Control Models in Cloud IoT Services

4.1 Introduction

4.1.1 Chapter Organization 4

4.2 AWS Access Control Model5

4.3 Access Control in AWS Internet of Things: AWS-IoTAC

4.3.1 Motivation 8

4.3.2 Formal Model and Definitions

4.3.3 AWS-IoTAC and ACO Architecture

4.3.4 Use Case

4.4 Google Cloud Platform Access Control Model

4.4.1 GCP Access Control (GCPAC) Model

4.4.2 Access Control in GCP Internet of Things

4.4.3 E-Health Use Case

4.5 Limitations and Fine Grained Enhancements

4.5.1 Proposed Enhancements in AWS IoTAC

4.5.2 Proposed Enhancements in GCP IoTAC

4.6 Summary

References

5 Secure Virtual Objects Communication

5.1 Introduction

5.1.1 Chapter Organization

5.2 Operational Access Control for VO Communication

5.2.1 ACL and Capability Based (ACL-Cap) Operational Model

5.2.2 ABAC Operational Model

5.2.3 RBAC Limitations

5.3 Administrative Access Control for VO Communication

5.3.1 Administrative ACL Model

5.3.2 Administrative RBAC Model

5.3.3 Administrative ABAC Model

5.4 AWS-IoT-ACMVO Model for AWS IoT Shadows Communication

5.5 Issues in enforcing ACO-IoT-ACMsVO within AWS-IoT-ACMVO

5.6 A Use Case: Sensing Speeding Cars

5.6.1 Sensing the Speed of a Single Car

5.6.2 Sensing the Speed of Multiple Cars

5.6.3 Performance Evaluation and Discussion

5.7 Summary

References

6 Attribute Based Access Control for Intelligent Transportation5

6.1 Introduction

6.1.1 Chapter Organization

6.2 Authorization Requirements in ITS

6.2.1 Multi-Layer and User Privacy Preferences

6.2.2 Relevance of Groups

6.3 Dynamic Groups and ABAC Model

6.3.1 CV-ABACG Model Overview

6.3.2 Components Definitions

6.4 AWS Enforcement

6.4.1 Use Case Overview

6.4.2 Prototype Implementation

6.4.3 Performance Evaluation

6.5 Summary

References

7 Fine Grained Communication Contr