ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control Model

IF 3 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Safwa Ameer, Lopamudra Praharaj, Ravi Sandhu, Smriti Bhatt, Maanak Gupta
{"title":"ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control Model","authors":"Safwa Ameer, Lopamudra Praharaj, Ravi Sandhu, Smriti Bhatt, Maanak Gupta","doi":"10.1145/3671147","DOIUrl":null,"url":null,"abstract":"<p>Recently, several researchers motivated the need to integrate Zero Trust (ZT) principles when designing and implementing authentication and authorization systems for IoT. An integrated Zero Trust IoT system comprises the network infrastructure (physical and virtual) and operational policies in place for IoT as a product of a ZT architecture plan. This paper proposes a novel Zero Trust architecture for IoT systems called ZTA-IoT. Additionally, based on different types of interactions between various layers and components in this architecture, we present ZTA-IoT-ACF, an access control framework that recognizes different interactions that need to be controlled in IoT systems. Within this framework, the paper then refines its focus to object-level interactions, i.e., interactions where the target resource is a device (equivalently a thing) or an information file generated or stored by a device. Building on the recently proposed Zero Trust score-based authorization framework (ZT-SAF) we develop the object-level Zero Trust score-based authorization framework for IoT systems, denoted as ZTA-IoT-OL-SAF, to govern access requests in this context. With this machinery in place, we finally develop a novel usage control model for users-to-objects and devices-to-objects interactions, denoted as UCON<sub><i>IoT</i></sub>. We give formal definitions, illustrative use cases, and a proof-of-concept implementation of UCON<sub><i>IoT</i></sub>. This paper is a first step toward establishing a rigorous formally-defined score-based access control framework for Zero Trust IoT systems.</p>","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"17 1","pages":""},"PeriodicalIF":3.0000,"publicationDate":"2024-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Privacy and Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3671147","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Recently, several researchers motivated the need to integrate Zero Trust (ZT) principles when designing and implementing authentication and authorization systems for IoT. An integrated Zero Trust IoT system comprises the network infrastructure (physical and virtual) and operational policies in place for IoT as a product of a ZT architecture plan. This paper proposes a novel Zero Trust architecture for IoT systems called ZTA-IoT. Additionally, based on different types of interactions between various layers and components in this architecture, we present ZTA-IoT-ACF, an access control framework that recognizes different interactions that need to be controlled in IoT systems. Within this framework, the paper then refines its focus to object-level interactions, i.e., interactions where the target resource is a device (equivalently a thing) or an information file generated or stored by a device. Building on the recently proposed Zero Trust score-based authorization framework (ZT-SAF) we develop the object-level Zero Trust score-based authorization framework for IoT systems, denoted as ZTA-IoT-OL-SAF, to govern access requests in this context. With this machinery in place, we finally develop a novel usage control model for users-to-objects and devices-to-objects interactions, denoted as UCONIoT. We give formal definitions, illustrative use cases, and a proof-of-concept implementation of UCONIoT. This paper is a first step toward establishing a rigorous formally-defined score-based access control framework for Zero Trust IoT systems.

ZTA-IoT:物联网系统零信任的新型架构及随之而来的使用控制模型
最近,一些研究人员提出,在设计和实施物联网身份验证和授权系统时,需要整合零信任(ZT)原则。一个集成的零信任物联网系统包括网络基础设施(物理和虚拟)以及作为 ZT 架构计划产物的物联网操作策略。本文为物联网系统提出了一种名为 ZTA-IoT 的新型零信任架构。此外,基于该架构中各层和组件之间不同类型的交互,我们提出了 ZTA-IoT-ACF 这一访问控制框架,该框架可识别物联网系统中需要控制的不同交互。在此框架内,本文将重点细化为对象级交互,即目标资源是设备(等同于事物)或设备生成或存储的信息文件的交互。在最近提出的基于零信任分值的授权框架(ZT-SAF)基础上,我们为物联网系统开发了对象级基于零信任分值的授权框架,称为 ZTA-IoT-OL-SAF,用于管理这种情况下的访问请求。有了这个机制,我们最终为用户到对象和设备到对象的交互开发了一种新的使用控制模型,称为 UCONIoT。我们给出了 UCONIoT 的正式定义、说明性用例和概念验证实现。本文是为零信任物联网系统建立严格的正式定义的基于分数的访问控制框架迈出的第一步。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
ACM Transactions on Privacy and Security
ACM Transactions on Privacy and Security Computer Science-General Computer Science
CiteScore
5.20
自引率
0.00%
发文量
52
期刊介绍: ACM Transactions on Privacy and Security (TOPS) (formerly known as TISSEC) publishes high-quality research results in the fields of information and system security and privacy. Studies addressing all aspects of these fields are welcomed, ranging from technologies, to systems and applications, to the crafting of policies.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信