Research Article
A Bi-directional Attribute Synchronization Mechanism for Access Control in IoT Environments
@INPROCEEDINGS{10.1007/978-3-031-31891-7_6, author={Bruno Cremonezi and Luciano F. da Rocha and Alex B. Vieira and Jos\^{e} Nacif and Andr\^{e} L. de Oliveira and Edelberto Franco Silva}, title={A Bi-directional Attribute Synchronization Mechanism for Access Control in IoT Environments}, proceedings={Mobile Computing, Applications, and Services. 13th EAI International Conference, MobiCASE 2022, Messina, Italy, November 17-18, 2022, Proceedings}, proceedings_a={MOBICASE}, year={2023}, month={4}, keywords={IoT Access Control ABAC Age of Information UPPAAL}, doi={10.1007/978-3-031-31891-7_6} }- Bruno Cremonezi
Luciano F. da Rocha
Alex B. Vieira
José Nacif
André L. de Oliveira
Edelberto Franco Silva
Year: 2023
A Bi-directional Attribute Synchronization Mechanism for Access Control in IoT Environments
MOBICASE
Springer
DOI: 10.1007/978-3-031-31891-7_6
Abstract
The Attribute-Based Access Control (ABAC) model is widely used for IoT due to its capacity to express access policies through attributes, making this method granular and flexible. However, if we assume that attributes are essentially mutable, the irreducible network latency and the architectures proposed to acquire a better communication performance of the IoT expose the point where those policies are evaluated as outdated attributes. Therefore, access policies can be wrongly evaluated, resulting in consistency and security problems. In this paper, we propose a method to reduce this exposure through a bi-directional attribute synchronization capable of mapping all attributes and evaluating their current consistency after a change. If the modified attribute does not affect the access, it will remain valid. Otherwise, a revocation occurs, reducing the risks of unintended accesses. Our modeling allows demonstrating the correctness of our method and its capability to revoke every unintended access that may occur after an attribute change.
