TARAS : trust-aware role-based access control system in the public Internet-of-Things = 공공 사물인터넷 환경에서의 신뢰도 인지 역할 기반 접근 제어 시스템trust-aware role-based access control system in the public Internet-of-Things
In recent years, an Internet of Things (IoT) environment is growing remarkably and smart objects are located in every space, including a public place. Although a role-based access control system (RBAC) is widely adopted as a part of an information security technique in an IoT environment, the scalability issue caused by role explosion make manual management of system administrators difficult. A trust-based access control system is proposed as a solution, it also requires manual authorization management by the system administrator. As a solution of the administrative issue, an adaptive access control system based on a behavior detection mechanism is proposed. Authorization decision in a public IoT place, users are mostly mobile and stay for a while and leave. In such an environment, risk analysis based on continuous behavior detection is insufficient. This paper propose an extended role-based access control model that access rights is determined adaptively, even for unknown requesters. The model uses MAPE-K feedback loop model and the trust management model for self-adaptation and I-sharing mechanism, which is based on a similarity of human groups, for initial authorization of unknown requesters.