HCAP:基于历史的物联网设备能力系统

Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies Pub Date : 2018-03-30 DOI:10.1145/3205977.3205978

Lakshya Tandon, Philip W. L. Fong, R. Safavi-Naini

{"title":"HCAP:基于历史的物联网设备能力系统","authors":"Lakshya Tandon, Philip W. L. Fong, R. Safavi-Naini","doi":"10.1145/3205977.3205978","DOIUrl":null,"url":null,"abstract":"Permissions are highly sensitive in Internet-of-Things (IoT) applications, as IoT devices collect our personal data and control the safety of our environment. Rather than simply granting permissions, further constraints shall be imposed on permission usage so as to realize the Principle of Least Privilege. Since IoT devices are physically embedded, they are often accessed in a particular sequence based on their relative physical positions. Monitoring if such sequencing constraints are honoured when IoT devices are accessed provides a means to fence off malicious accesses. This paper proposes a history-based capability system, HCAP, for enforcing permission sequencing constraints in a distributed authorization environment. We formally establish the security guarantees of HCAP, and empirically evaluate its performance.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"HCAP: A History-Based Capability System for IoT Devices\",\"authors\":\"Lakshya Tandon, Philip W. L. Fong, R. Safavi-Naini\",\"doi\":\"10.1145/3205977.3205978\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Permissions are highly sensitive in Internet-of-Things (IoT) applications, as IoT devices collect our personal data and control the safety of our environment. Rather than simply granting permissions, further constraints shall be imposed on permission usage so as to realize the Principle of Least Privilege. Since IoT devices are physically embedded, they are often accessed in a particular sequence based on their relative physical positions. Monitoring if such sequencing constraints are honoured when IoT devices are accessed provides a means to fence off malicious accesses. This paper proposes a history-based capability system, HCAP, for enforcing permission sequencing constraints in a distributed authorization environment. We formally establish the security guarantees of HCAP, and empirically evaluate its performance.\",\"PeriodicalId\":423087,\"journal\":{\"name\":\"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-03-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3205977.3205978\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3205977.3205978","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

在物联网(IoT)应用程序中，权限是高度敏感的，因为物联网设备收集我们的个人数据并控制我们环境的安全。不是简单地授予权限，而是对权限的使用进行进一步的约束，从而实现最小权限原则。由于物联网设备是物理嵌入的，因此通常根据其相对物理位置以特定顺序访问它们。当物联网设备被访问时，监控这些排序约束是否得到遵守，提供了一种阻止恶意访问的手段。本文提出了一种基于历史的能力系统HCAP，用于在分布式授权环境中执行权限排序约束。我们正式建立了HCAP的安全保障，并对其性能进行了实证评价。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

HCAP: A History-Based Capability System for IoT Devices

Permissions are highly sensitive in Internet-of-Things (IoT) applications, as IoT devices collect our personal data and control the safety of our environment. Rather than simply granting permissions, further constraints shall be imposed on permission usage so as to realize the Principle of Least Privilege. Since IoT devices are physically embedded, they are often accessed in a particular sequence based on their relative physical positions. Monitoring if such sequencing constraints are honoured when IoT devices are accessed provides a means to fence off malicious accesses. This paper proposes a history-based capability system, HCAP, for enforcing permission sequencing constraints in a distributed authorization environment. We formally establish the security guarantees of HCAP, and empirically evaluate its performance.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies

自引率

0.00%

发文量