Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute for Cyber Security

Published byCoral Baker Modified over 6 years ago

Similar presentations

Presentation on theme: "Institute for Cyber Security"— Presentation transcript:

1 Institute for Cyber Security
Access Control Model for AWS Internet of Things Prof. Ravi Sandhu Executive Director and Endowed Chair 11th International Conference on Network and System Security (NSS) Helsinki, Finland, August, 2017 Smriti Bhatt, Farhan Patwa and Ravi Sandhu Department of Computer Science © Bhatt et al World-Leading Research with Real-World Impact!

2 World-Leading Research with Real-World Impact!
Outline Introduction Contribution AWS Access Control (AWSAC) Model Access Control Model for AWS IoT ACO Architecture for Cloud-Enabled IoT & AWS-IoTAC Use Case in AWS IoT Use Case – Scenario 1 Use Case – Scenario 2 ABAC Enhancements for AWS-IoTAC Conclusion and Future Work © Bhatt et al World-Leading Research with Real-World Impact!

3 World-Leading Research with Real-World Impact!
Introduction Internet of Things (IoT) Interconnection of people and things, and things and things Rapidly evolving concept with billions of connected devices/things © Bhatt et al World-Leading Research with Real-World Impact!

4 World-Leading Research with Real-World Impact!
Introduction (Contd.) Cloud-Enabled IoT Constrained IoT devices (limited resources) Cloud Computing capabilities enable IoT Seamless communication (devices-to-cloud, cloud-to-devices) Unlimited resources  compute, storage, etc. Meaningful insights  Analytics and Visualizations Facilitate application development  APIs Virtual things and management, Access Control policies, … Security Cloud IoT © Bhatt et al World-Leading Research with Real-World Impact!

5 Access Control in Cloud-Enabled IoT
Current industrial Cloud-Enabled IoT solutions/platforms Amazon Web Services (AWS) IoT Microsoft Azure IoT Suite Google Cloud IoT Utilize some customized form of Role-Based Access Control (RBAC) RBAC insufficient to address dynamic IoT requirements Lack a formal access control model for controlling access and authorization in cloud-enabled IoT © Bhatt et al World-Leading Research with Real-World Impact!

6 World-Leading Research with Real-World Impact!
Contributions Many access control models and architecture for IoT Capability-Based Access Control (CAPBAC), Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), … Our Contributions: Develop a formal access control model for AWS IoT, known as AWS-IoTAC Present a smart-home IoT use case depicting different access control points and authorizations in a cloud-enabled IoT platform Propose some ABAC enhancements for the AWS-IoTAC model for more flexible and fine-grained access control policies © Bhatt et al World-Leading Research with Real-World Impact!

7 AWS Access Control (AWSAC) Model
Fig 1: AWS Access Control within a Single Account * * Zhang, Y., Patwa, F., Sandhu, R.: Community-based secure information and resource sharing in AWS public cloud. In: 1st IEEE Conference on Collaboration and Internet Computing (CIC). pp. 46–53. IEEE (2015) © Bhatt et al World-Leading Research with Real-World Impact!

8 Access Control Model for AWS IoT
Fig 2: AWS IoT Access Control (AWS-IoTAC) Model within a Single Account © Bhatt et al World-Leading Research with Real-World Impact!

9 Access Control Model for AWS IoT
Fig 2: AWS IoT Access Control (AWS-IoTAC) Model within a Single Account © Bhatt et al World-Leading Research with Real-World Impact!

10 ACO Architecture for Cloud-Enabled IoT
Fig 3: ACO Architecture for the Cloud-Enabled IoT * * Alshehri, A., Sandhu, R.: Access control models for cloud-enabled internet of things: a proposed architecture and research agenda. In: 2nd IEEE International Conference on Collaboration and Internet Computing (CIC), pp. 530–538. IEEE (2016) © Bhatt et al World-Leading Research with Real-World Impact!

11 ACO Architecture & AWS-IoTAC
Fig 4: AWS-IoTAC Entities Mapping to ACO Architecture for Cloud-Enabled IoT © Bhatt et al World-Leading Research with Real-World Impact!

12 Smart Home Use Case in AWS IoT
Fig 5: Smart-Home Use Case Utilizing AWS IoT and Cloud Services © Bhatt et al World-Leading Research with Real-World Impact!

13 Use Case – Scenario 1 Fig 6: Smart-Home Use Case Scenario 1
Simple Policy: Allows all the IoT operations on any resource in AWS IoT A temperature sensor and thermostat use case Fig 6: Smart-Home Use Case Scenario 1 © Bhatt et al World-Leading Research with Real-World Impact!

14 World-Leading Research with Real-World Impact!
Use Case – Scenario 2 Sensor Attribute: Belongs = Home1 Light Attributes: Location = Outdoor Belongs = Home1 © Bhatt et al World-Leading Research with Real-World Impact!

15 World-Leading Research with Real-World Impact!
Use Case – Scenario 2 Allows the sensor (client) to connect to AWS IoT only if it is connecting with a client ID as “Sensor_1” Allows the sensor to Publish, Subscribe, and Receive messages to any iot resource in AWS IoT only if the sensor has attribute “Belongs=Home1” © Bhatt et al World-Leading Research with Real-World Impact!

16 World-Leading Research with Real-World Impact!
Use Case – Scenario 2 Utilizing target resource (things) attributes through AWS Lambda function Search and list things with attribute name = Location & attribute value = Outdoor Publish update on all thing shadows (outdoor lights here) that has attribute “Location = Outdoor” to turn on outdoor lights © Bhatt et al World-Leading Research with Real-World Impact!

17 ABAC Enhancements for AWS-IoTAC
AWS IoT Attributes © Bhatt et al World-Leading Research with Real-World Impact!

18 ABAC Enhancements for AWS-IoTAC (Contd.)
ABAC Including Attributes of Target Resources Attributes of things performing IoT operations Attributes of things on which the operations are being performed ABAC Including User and Group Attributes Attributes besides things attributes in access control policies Policy Management Utilizing the Policy Machine Policy-Explosion Customized policy management for enterprises © Bhatt et al World-Leading Research with Real-World Impact!

19 Conclusion and Future Work
Presented a formal access control model for AWS IoT, a cloud-enabled IoT platform by the largest cloud services provider – Amazon Web Services (AWS) AWS-IoTAC, an initial step towards a general access control model for cloud- enabled IoT Demonstrated a practical use case along various access control configurations Proposed ABAC enhancements to the AWS-IoTAC model Future Work: Include ABAC enhancements in the AWS-IoTAC model Access control and authorization in other real-world cloud-enabled IoT platforms © Bhatt et al World-Leading Research with Real-World Impact!

20 Institute for Cyber Security
Thank you!!! Questions??? © Bhatt et al World-Leading Research with Real-World Impact!

Download ppt "Institute for Cyber Security"

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
1 Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair April 12, 2013 © Ravi Sandhu World-Leading.

1 Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair April 12, © Ravi Sandhu World-Leading.
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015

1 Institute for Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Chair February 4, 2015
1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.

1 Big Data Applications in Cloud and Cyber Security Prof. Ravi Sandhu Executive Director and Endowed Professor UTSA COB Symposium on Big Data, Big Challenges.
1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, 2013 © Ravi Sandhu.

1 Cloud Computing and Security Prof. Ravi Sandhu Executive Director and Endowed Chair April 19, © Ravi Sandhu.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013

1 Panel on Data Usage Management: Technology or Regulation? Prof. Ravi Sandhu Executive Director and Endowed Chair DUMA 2013 May 23, 2013
1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.

1 Security and Privacy in Human-Centric Computing and Big Data Management Prof. Ravi Sandhu Executive Director and Endowed Chair CODASPY 2013 February.
1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.

1 Open Discussion PSOSM 2012 Prof. Ravi Sandhu Executive Director and Endowed Chair © Ravi Sandhu.
1 Views of Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair March 25, 2016 © Ravi Sandhu.

1 Views of Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair March 25, © Ravi Sandhu.
SOURCE:2014 IEEE 17TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND ENGINEERING AUTHER: MINGLIU LIU, DESHI LI, HAILI MAO SPEAKER: JIAN-MING HONG.

SOURCE:2014 IEEE 17TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND ENGINEERING AUTHER: MINGLIU LIU, DESHI LI, HAILI MAO SPEAKER: JIAN-MING HONG.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, 2016 © Ravi.

1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
1 Secure Cloud Computing: A Research Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair Texas Fresh Air Big Data and Data Analytics Conference.

1 Secure Cloud Computing: A Research Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair Texas Fresh Air Big Data and Data Analytics Conference.
Unit 3 Virtualization.

Unit 3 Virtualization.
Institute for Cyber Security

Institute for Cyber Security

Similar presentations

Ads by Google