Skip to Main content Skip to Navigation
Book sections

Enforcing Access Controls in IoT Networks

Abstract : The MQTT (Message Queuing Telemetry Transport) protocol has become the main protocol for managing messages on Internet of Things (IoT). In earlier papers, we defined a highly expressive ABAC (Attribute-Based Access Control) model for regulating MQTT-based IoT communications. Our model allows us to express various types of contextual security rules, (temporal security rules, content-based security rules, rules based on the frequency of events etc.). These rules regulate not only publications and subscriptions but also distribution of messages to subscribers. In this paper we present an access control enforcement system based on our model. Our system is built according to the XACML architecture standard. The Policy Enforcement Point (PEP) is written in Python and acts as a proxy between the nodes and the MQTT broker. It intercepts MQTT requests and transfer them to the Policy Decision Point (PDP). RDF and SHACL are used to represent security rules and more generally any knowledge contained in the Policy Information System (PIP). We conduct some experiments that show that our solution is viable in terms of performances.
Document type :
Book sections
Complete list of metadata
Contributor : Elodie Delcambre-Maillard Connect in order to contact the contributor
Submitted on : Friday, March 19, 2021 - 4:40:37 AM
Last modification on : Wednesday, November 17, 2021 - 12:32:27 PM

Links full text




Alban Gabillon, Romane Gallier, Emmanuel Bruno. Enforcing Access Controls in IoT Networks. Lecture Notes in Computer Science, vol. 11814, pp.429-445, 2019, ⟨10.1007/978-3-319-07998-1_23⟩. ⟨hal-03174188⟩



Les métriques sont temporairement indisponibles