Biblio

Many real-world IoT solutions have to be implemented in a federated environment, which are environments where many different administrative organizations are involved in different parts of the solution. Smarter Cities, Federated Governance, International Trade and Military Coalition Operations are examples of federated environments. As end devices become more capable and intelligent, learning from their environment, and adapting on their own, they expose new types of security vulnerabilities and present an increased attack surface. A distributed AI approach can help mitigate many of the security problems that one may encounter in such federated environments. In this paper, we outline some of the scenarios in which we need to rethink security issues as devices become more intelligent, and discuss how distributed AI techniques can be used to reduce the security exposures in such environments.

Access control for information has primarily focused on access statically granted to subjects by administrators usually in the context of a specific system. Even if mechanisms are available for access revocation, revocations must still be executed manually by an administrator. However, as physical devices become increasingly embedded and interconnected, access control needs to become an integral part of the resource being protected and be generated dynamically by resources depending on the context in which the resource is being used. In this paper, we discuss a set of scenarios for access control needed in current and future systems and use that to argue that an approach for resources to generate and manage their access control policies dynamically on their own is needed. We discuss some approaches for generating such access control policies that may address the requirements of the scenarios.