Enforcing Access Controls in IoT Networks - Université de la Polynésie française Accéder directement au contenu
Chapitre D'ouvrage Année : 2019

Enforcing Access Controls in IoT Networks

Résumé

The MQTT (Message Queuing Telemetry Transport) protocol has become the main protocol for managing messages on Internet of Things (IoT). In earlier papers, we defined a highly expressive ABAC (Attribute-Based Access Control) model for regulating MQTT-based IoT communications. Our model allows us to express various types of contextual security rules, (temporal security rules, content-based security rules, rules based on the frequency of events etc.). These rules regulate not only publications and subscriptions but also distribution of messages to subscribers. In this paper we present an access control enforcement system based on our model. Our system is built according to the XACML architecture standard. The Policy Enforcement Point (PEP) is written in Python and acts as a proxy between the nodes and the MQTT broker. It intercepts MQTT requests and transfer them to the Policy Decision Point (PDP). RDF and SHACL are used to represent security rules and more generally any knowledge contained in the Policy Information System (PIP). We conduct some experiments that show that our solution is viable in terms of performances.

Dates et versions

hal-03174188 , version 1 (19-03-2021)

Identifiants

Citer

Alban Gabillon, Romane Gallier, Emmanuel Bruno. Enforcing Access Controls in IoT Networks. Lecture Notes in Computer Science, vol. 11814, pp.429-445, 2019, ⟨10.1007/978-3-319-07998-1_23⟩. ⟨hal-03174188⟩
67 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More