Published: Apr 2, 2018
The following paper has been accepted at the 23rd ACM Symposium on Access Control Models And Technologies (SACMAT 2018):
- Title: A Lazy Approach to Access Control as a Service (ACaaS) for IoT: An AWS Case Study
- Author: Tahir Ahmad, Umberto Morelli, Silvio Ranise, Nicola Zannone
- Abstract: The Internet of Things (IoT) is receiving considerable attention from both industry and academia because of the new business models that it enables and the new security and privacy challenges that it generates. Major Cloud Service Providers (CSPs) have proposed platforms to support IoT by combining cloud and edge computing. However, the security mechanisms available in the cloud have been extended to IoT with some shortcomings with respect to the management and enforcement of access control policies. Access Control as a Service (ACaaS) is emerging as a solution to overcome these difficulties. The paper proposes a lazy approach to ACaaS that allows the specification and management of policies independently of the CSP while leveraging its enforcement mechanisms. We demonstrate the approach by investigating (also experimentally) alternative deployments in the IoT platform offered by Amazon Web Services on a realistic smart lock solution.
- DOI: 10.1145/3205977.3205989
About the conference
- Name: 23rd ACM Symposium on Access Control Models And Technologies (SACMAT 2018)
- Date: from June 13, 2018 to June 15, 2018
- Location: Indianapolis, USA
- Website: http://www.sacmat.org/2018/