Toward Semi-Automated Role Mapping for IoT Systems in Smart Cities

摘要

Some smart city applications may be dynamic and involve IoT devices from multiple domains that are not aware of each other in advance. How to perform access control in such open scenarios is a challenge. Attribute based access control (ABAC) and trust-based access control (TBAC) have been considered in the literature for IoT systems, but they do not consider the potential inconsistency of attributes or trusts across different domains. Cross domain alignment has been considered for role-based access control (RBAC), but they rely on a manual process, which is not feasible when cross domain accesses happen dynamically and the access rights have to be validated dynamically.We introduce a semi-automated role mapping process in smart city settings to enable access control of dynamic accesses. When entities from domain arrive in domain, similarities between the roles in to the roles in are evaluated and the potential role mappings for the entities in are computed. The system then informs the security officers to make approval decisions for these new mappings. In urgent situations, the automatically derived role mappings may be used directly to provide timely access control. Activities based on role mappings without authority approvals are tracked and in case some mappings violate security rules, mitigation actions will be taken. We use a disaster relief scenario as an example to illustrate our approach and show its feasibility.