Access Control Models and Technologies for the Internet of Things

物联网访问控制模型和技术

• 批准号: RGPIN-2020-05238
• 负责人: Fong, Philip
• 金额: $ 1.75万
• 依托单位: University of Calgary
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2021
• 资助国家: 加拿大
• 起止时间: 2021-01-01 至 2022-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=740471
• 关键词: Access; Control; Models; Technologies; Internet

Access Control is the security feature of a computer system that ensures access to resources is only granted to authorized users under legitimate circumstances. Ross Anderson once said that Access Control is the "traditional center of gravity of computer security." The advent of the Internet of Things (IoT), namely, the inter-connected network of smart devices that are embedded in our physical environment, necessitates a significant rethinking of how Access Control is to be achieved. Mindlessly deploying IoT devices into our smart homes, vehicular networks, and industrial control systems (ICS) without properly addressing these emerging challenges will not only cause us loss of valuable digital assets, but also impact our physical safety. In this work, I will address three access control challenges in current IoT environments. The first challenge arises from the sheer scale of the massively distributed system composed of inter-connection of smart devices. How does one write down a properly formulated access control policy that accounts for the many devices and unanticipated access scenarios? Note that any errors in policy formulation could lead to the leakage of access to devices that affects our safety. With IoT becoming a global phenomenon, it is unrealistic to assume that all the users and devices are registered to a single Identity Management System. That assumption is as unreasonable as asking everyone in the world to have a Facebook or Google account (or to use the same Internet Service Provider). The second protection challenge is to support scenarios in which users (or their devices) who do not know one another want to share resources when they encounter one another in a casual and transient manner. The crux is to enable total strangers to establish trust of one another during chance encounters, without resorting to a global Identity Management System. The third protection challenge concerns the fact that smart devices are embedded in the physical world. Misuse is not simply about whether a single access has been granted to unauthorized parties, but about how, over time, the access pattern that emerge. The challenge is about the control of behavior pattern, as well as the pattern of collaboration among multiple devices. The objective of the proposed research program is to design, analyze, and develop novel Access Control models and technologies that address the aforementioned challenges.

访问控制是计算机系统的安全功能，它确保只有在合法情况下授权用户才能访问资源。罗斯·安德森曾说过，访问控制是“计算机安全的传统重心”。物联网(IoT)的出现，即嵌入在我们物理环境中的智能设备的互联网络，需要对如何实现访问控制进行重大反思。如果不妥善应对这些新出现的挑战，盲目地将物联网设备部署到我们的智能家居、车载网络和工业控制系统(IC)中，不仅会导致我们损失宝贵的数字资产，还会影响我们的物理安全。在这项工作中，我将解决当前物联网环境中的三个访问控制挑战。第一个挑战来自由智能设备互连组成的大规模分布式系统的巨大规模。如何写下正确制定的访问控制策略，以应对众多设备和意外访问场景？请注意，政策制定中的任何错误都可能导致设备访问权限泄露，从而影响我们的安全。随着物联网成为一种全球现象，假设所有用户和设备都注册到一个身份管理系统是不现实的。这种假设就像要求世界上的每个人都拥有Facebook或谷歌账户(或者使用相同的互联网服务提供商)一样不合理。第二个保护挑战是支持彼此不认识的用户(或他们的设备)在偶然和短暂地相遇时希望共享资源的场景。关键是让完全陌生的人在偶遇期间建立彼此信任，而不是求助于全球身份管理系统。第三个保护挑战涉及智能设备嵌入物理世界的事实。滥用不仅仅是关于是否向未经授权的各方授予了单一访问权限，而是关于随着时间的推移，如何出现访问模式。挑战在于对行为模式的控制，以及多个设备之间的协作模式。拟议研究计划的目标是设计、分析和开发新的访问控制模型和技术，以应对上述挑战。