Evaluation of an OI (Operation Interruption) Protocol to Prevent Illegal Information Flow in the IoT

摘要

Various types and millions of nodes including not only computers like servers but also devices like sensors and actuators are interconnected in the IoT (Internet of Things). Here, devices have to be prevented from maliciously accessed. The CapBAC (Capability-Based Access Control) model is proposed to make IoT devices secure. In the CapBAC model, an owner of a device issues a capability token, i.e. a set of access rights to a subject. Here, the subject is allowed to manipulate the device according to the access rights authorized in the capability token. Suppose a subject sbi is allowed to get data from a device d_2 but not allowed to get data from a device d_1. If another subject can get data from the device d_1 and sends the data to the device d_2, the subject sbi can get the data of the device d_1 from the device d_2. Here, the data in the device d_1 illegally flows to the subject sbi. In order to prevent illegal information flow, an OI (Operation Interruption) protocol is proposed in our previous studies. Here, illegal get operations are interrupted. In this paper, we evaluate the OI protocol in terms of the number of illegal get operations. In the evaluation, we show the ratio of the number of illegal get operations to the total number of get operations is kept constant even if the number of subjects increases in the OI protocol.