A lazy approach to access control as a service (ACaaS) for IoT: An AWS case study

Tahir Ahmad, Umberto Morelli, Silvio Ranise, Nicola Zannone

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

8 Citations (Scopus)
1 Downloads (Pure)

Abstract

The Internet of Things (IoT) is receiving considerable attention from both industry and academia because of the new business models that it enables and the new security and privacy challenges that it generates. Major Cloud Service Providers (CSPs) have proposed platforms to support IoT by combining cloud and edge computing. However, the security mechanisms available in the cloud have been extended to IoT with some shortcomings with respect to the management and enforcement of access control policies. Access Control as a Service (ACaaS) is emerging as a solution to overcome these difficulties. The paper proposes a lazy approach to ACaaS that allows the specification and management of policies independently of the CSP while leveraging its enforcement mechanisms.We demonstrate the approach by investigating (also experimentally) alternative deployments in the IoT platform offered by Amazon Web Services on a realistic smart lock solution.

Original languageEnglish
Title of host publicationSACMAT 2018 - Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies
PublisherAssociation for Computing Machinery, Inc
Pages235-246
Number of pages12
ISBN (Electronic)9781450356664
DOIs
Publication statusPublished - 7 Jun 2018
Event23rd ACM Symposium on Access Control Models and Technologies (SACMAT 2018) - Indianapolis, United States
Duration: 13 Jun 201815 Jun 2018
Conference number: 23
http://www.sacmat.org

Conference

Conference23rd ACM Symposium on Access Control Models and Technologies (SACMAT 2018)
Abbreviated titleSACMAT 2018
CountryUnited States
CityIndianapolis
Period13/06/1815/06/18
Internet address

Keywords

  • Attribute-based access control
  • Edge computing
  • Internet of things
  • IoT platforms
  • Policy specification and management

Fingerprint Dive into the research topics of 'A lazy approach to access control as a service (ACaaS) for IoT: An AWS case study'. Together they form a unique fingerprint.

  • Cite this

    Ahmad, T., Morelli, U., Ranise, S., & Zannone, N. (2018). A lazy approach to access control as a service (ACaaS) for IoT: An AWS case study. In SACMAT 2018 - Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies (pp. 235-246). Association for Computing Machinery, Inc. https://doi.org/10.1145/3205977.3205989