TY - JOUR
T1 - FECAC
T2 - Fine-Grained and Efficient Capability-Based Access Control for Enterprise-Scale IoT Systems
AU - Wang, Qiong
AU - Feng, Xia
AU - Wang, Liangmin
AU - Wu, Haiqin
AU - Düdder, Boris
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2024
Y1 - 2024
N2 - In enterprise-scale Internet of Things, users need to query data by accessing the resource-constrained smart nodes. Such queries typically include Data from One Node (DON), and Data from One Catalog of multiple nodes (DOC). Traditional access control mechanisms often prove inadequate due to the lack of efficient policy management. Their authorization time for queries is linear with respect to the number of access control rules in the policy, which greatly impedes access granularity, efficiency, and scale. To address this issue, we propose FECAC, a fine-grained and efficient capability-based access control mechanism for DON and DOC access queries. Specifically, FECAC builds a policy matching tree structure by translating the rule into matching properties in the tree node, which avoids authorizing queries by traversing the entire rule collection. We then introduce an authorization scheme to match the elements of access requests in a top-down manner, and check the rules with the internal properties of the data queries sub-linearly, which efficiently combines the requests of DOC and DON. Further, we give a concrete operation of FECAC from query authorization scheme to execute data querying based on capabilities. Finally, we demonstrate the improved and more stable evaluation efficiency of FECAC compared to existing schemes.
AB - In enterprise-scale Internet of Things, users need to query data by accessing the resource-constrained smart nodes. Such queries typically include Data from One Node (DON), and Data from One Catalog of multiple nodes (DOC). Traditional access control mechanisms often prove inadequate due to the lack of efficient policy management. Their authorization time for queries is linear with respect to the number of access control rules in the policy, which greatly impedes access granularity, efficiency, and scale. To address this issue, we propose FECAC, a fine-grained and efficient capability-based access control mechanism for DON and DOC access queries. Specifically, FECAC builds a policy matching tree structure by translating the rule into matching properties in the tree node, which avoids authorizing queries by traversing the entire rule collection. We then introduce an authorization scheme to match the elements of access requests in a top-down manner, and check the rules with the internal properties of the data queries sub-linearly, which efficiently combines the requests of DOC and DON. Further, we give a concrete operation of FECAC from query authorization scheme to execute data querying based on capabilities. Finally, we demonstrate the improved and more stable evaluation efficiency of FECAC compared to existing schemes.
KW - access control
KW - access granularity
KW - Internet of Things
KW - policy matching tree
KW - resource-constrained
UR - http://www.scopus.com/inward/record.url?scp=85210285839&partnerID=8YFLogxK
U2 - 10.1109/JIOT.2024.3504825
DO - 10.1109/JIOT.2024.3504825
M3 - Journal article
AN - SCOPUS:85210285839
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
SN - 2327-4662
ER -