Institute for Cyber Security

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Advertisements

1 Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair April 12, © Ravi Sandhu World-Leading.
Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Views of Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair March 25, © Ravi Sandhu.
SOURCE:2014 IEEE 17TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND ENGINEERING AUTHER: MINGLIU LIU, DESHI LI, HAILI MAO SPEAKER: JIAN-MING HONG.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
1 Secure Cloud Computing: A Research Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair Texas Fresh Air Big Data and Data Analytics Conference.
Unit 3 Virtualization.
Institute for Cyber Security
Institute for Cyber Security
Institute for Cyber Security
Institute for Cyber Security
World-Leading Research with Real-World Impact!
An Access Control Perspective on the Science of Security
Institute for Cyber Security (ICS) & Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director Professor of.
UTSA's New Center Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director of ICS and C-SPECC Professor.
Cloud Computing Dr. Sharad Saxena.
World-Leading Research with Real-World Impact!
Institute for Cyber Security: Research Vision
Attribute-Based Access Control: Insights and Challenges
Identity and Access Control in the
Cyber Security Research: Applied and Basic Combined*
On the Value of Access Control Models
Institute for Cyber Security
Institute for Cyber Security
ABAC Panel Prof. Ravi Sandhu Executive Director and Endowed Chair
IoT and AI Lalit Bhatt Nuro Technologies
Institute for Cyber Security
Attribute-Based Access Control (ABAC)
Cyber Security Research: Applied and Basic Combined*
Institute for Cyber Security: Research Vision
Security and Privacy in the Age of the Internet of Things:
Speaker: Jin-Wei Lin Advisor: Dr. Ho-Ting Wu
Intersection of Data, Policy and Privacy
Authentication and Authorization Federation
UTSA Cyber Security Ecosystem
Securing Home IoT Environments with Attribute-Based Access Control
Smart Learning concepts to enhance SMART Universities in Africa
Attribute-Based Access Control: Insights and Challenges
Technical Capabilities
Cyber Security and Privacy: An Optimist’s Perspective
Identity and Access Control in the
Nenad Stefanovic and Danijela Milosevic
Big Data and Privacy Panel Prof. Ravi Sandhu
Executive Director and Endowed Chair
Cloud Computing: Concepts
Tareq Khan, Ph.D. Assistant Professor,
Institute for Cyber Security Overview
Institute for Cyber Security
Cyber Security Research: A Personal Perspective
Cyber Security Research: Applied and Basic Combined*
Access Controls in Smart Cars: Needs and Solutions
Attribute-Based Access Control (ABAC)
Access Control Evolution and Prospects
Cyber Security R&D: A Personal Perspective
Ph.D. Dissertation Defense
INTERNET OF THINGS PRESENTED BY Mittal Institute of technology.
Access Control Evolution and Prospects
IoT Security and Privacy
Presentation transcript:

Institute for Cyber Security Access Control Model for AWS Internet of Things Prof. Ravi Sandhu Executive Director and Endowed Chair 11th International Conference on Network and System Security (NSS) Helsinki, Finland, 21-23 August, 2017 Smriti Bhatt, Farhan Patwa and Ravi Sandhu Department of Computer Science ravi.sandhu@utsa.edu www.profsandhu.com www.ics.utsa.edu © Bhatt et al World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! Outline Introduction Contribution AWS Access Control (AWSAC) Model Access Control Model for AWS IoT ACO Architecture for Cloud-Enabled IoT & AWS-IoTAC Use Case in AWS IoT Use Case – Scenario 1 Use Case – Scenario 2 ABAC Enhancements for AWS-IoTAC Conclusion and Future Work © Bhatt et al World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! Introduction Internet of Things (IoT) Interconnection of people and things, and things and things Rapidly evolving concept with billions of connected devices/things © Bhatt et al World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! Introduction (Contd.) Cloud-Enabled IoT Constrained IoT devices (limited resources) Cloud Computing capabilities enable IoT Seamless communication (devices-to-cloud, cloud-to-devices) Unlimited resources  compute, storage, etc. Meaningful insights  Analytics and Visualizations Facilitate application development  APIs Virtual things and management, Access Control policies, … Security Cloud IoT © Bhatt et al World-Leading Research with Real-World Impact!

Access Control in Cloud-Enabled IoT Current industrial Cloud-Enabled IoT solutions/platforms Amazon Web Services (AWS) IoT Microsoft Azure IoT Suite Google Cloud IoT … Utilize some customized form of Role-Based Access Control (RBAC) RBAC insufficient to address dynamic IoT requirements Lack a formal access control model for controlling access and authorization in cloud-enabled IoT © Bhatt et al World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! Contributions Many access control models and architecture for IoT Capability-Based Access Control (CAPBAC), Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), … Our Contributions: Develop a formal access control model for AWS IoT, known as AWS-IoTAC Present a smart-home IoT use case depicting different access control points and authorizations in a cloud-enabled IoT platform Propose some ABAC enhancements for the AWS-IoTAC model for more flexible and fine-grained access control policies © Bhatt et al World-Leading Research with Real-World Impact!

AWS Access Control (AWSAC) Model Fig 1: AWS Access Control within a Single Account * * Zhang, Y., Patwa, F., Sandhu, R.: Community-based secure information and resource sharing in AWS public cloud. In: 1st IEEE Conference on Collaboration and Internet Computing (CIC). pp. 46–53. IEEE (2015) © Bhatt et al World-Leading Research with Real-World Impact!

Access Control Model for AWS IoT Fig 2: AWS IoT Access Control (AWS-IoTAC) Model within a Single Account © Bhatt et al World-Leading Research with Real-World Impact!

Access Control Model for AWS IoT Fig 2: AWS IoT Access Control (AWS-IoTAC) Model within a Single Account © Bhatt et al World-Leading Research with Real-World Impact!

ACO Architecture for Cloud-Enabled IoT Fig 3: ACO Architecture for the Cloud-Enabled IoT * * Alshehri, A., Sandhu, R.: Access control models for cloud-enabled internet of things: a proposed architecture and research agenda. In: 2nd IEEE International Conference on Collaboration and Internet Computing (CIC), pp. 530–538. IEEE (2016) © Bhatt et al World-Leading Research with Real-World Impact!

ACO Architecture & AWS-IoTAC Fig 4: AWS-IoTAC Entities Mapping to ACO Architecture for Cloud-Enabled IoT © Bhatt et al World-Leading Research with Real-World Impact!

Smart Home Use Case in AWS IoT Fig 5: Smart-Home Use Case Utilizing AWS IoT and Cloud Services © Bhatt et al World-Leading Research with Real-World Impact!

Use Case – Scenario 1 Fig 6: Smart-Home Use Case Scenario 1 Simple Policy: Allows all the IoT operations on any resource in AWS IoT A temperature sensor and thermostat use case Fig 6: Smart-Home Use Case Scenario 1 © Bhatt et al World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! Use Case – Scenario 2 Sensor Attribute: Belongs = Home1 Light Attributes: Location = Outdoor Belongs = Home1 © Bhatt et al World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! Use Case – Scenario 2 Allows the sensor (client) to connect to AWS IoT only if it is connecting with a client ID as “Sensor_1” Allows the sensor to Publish, Subscribe, and Receive messages to any iot resource in AWS IoT only if the sensor has attribute “Belongs=Home1” © Bhatt et al World-Leading Research with Real-World Impact!

World-Leading Research with Real-World Impact! Use Case – Scenario 2 Utilizing target resource (things) attributes through AWS Lambda function Search and list things with attribute name = Location & attribute value = Outdoor Publish update on all thing shadows (outdoor lights here) that has attribute “Location = Outdoor” to turn on outdoor lights © Bhatt et al World-Leading Research with Real-World Impact!

ABAC Enhancements for AWS-IoTAC AWS IoT Attributes © Bhatt et al World-Leading Research with Real-World Impact!

ABAC Enhancements for AWS-IoTAC (Contd.) ABAC Including Attributes of Target Resources Attributes of things performing IoT operations Attributes of things on which the operations are being performed ABAC Including User and Group Attributes Attributes besides things attributes in access control policies Policy Management Utilizing the Policy Machine Policy-Explosion Customized policy management for enterprises © Bhatt et al World-Leading Research with Real-World Impact!

Conclusion and Future Work Presented a formal access control model for AWS IoT, a cloud-enabled IoT platform by the largest cloud services provider – Amazon Web Services (AWS) AWS-IoTAC, an initial step towards a general access control model for cloud- enabled IoT Demonstrated a practical use case along various access control configurations Proposed ABAC enhancements to the AWS-IoTAC model Future Work: Include ABAC enhancements in the AWS-IoTAC model Access control and authorization in other real-world cloud-enabled IoT platforms © Bhatt et al World-Leading Research with Real-World Impact!

Institute for Cyber Security Thank you!!! Questions??? © Bhatt et al World-Leading Research with Real-World Impact!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.