Role-Based Administration of Role-Based Smart Home IoT

Abstract

Using role-based access control (RBAC) to manage RBAC is among RBAC's attractive benefits, contributing to its long-standing dominance in practice. Administrative models facilitate management of (mostly configuration) changes in the underlying operational models. Overall system security is crucially dependent on both the administrative and operational models. In this paper, we develop an RBAC administrative model to manage authorization assignments in the EGRBAC (enhanced generalized role-based access control) operational model for smart home IoT. We design the administrative model based on pairwise disjoint Administrative Units, each of which contains a uniquely assigned administrative role and a set of administrative tasks. Administrative tasks determine the administrative permissions available to manage the operational model assignments. We begin with a model containing a single administrative unit and then extend it to include additional units. Multiple administrative units enable decentralized administration which could be adapted to provide scalability in inherently distributed and large-scale environments beyond smart home, such as smart buildings or smart campuses. We provide formalism of our proposed model and illustrate it by specifying operational and administrative use cases. Although, the model is proposed based on a specific smart home operational model, our approach could be applied to environments with similar dynamics.