Biblio

This work describes the architecture and prototype implementation of a novel trust-aware continuous authorization technology that targets consumer Internet of Things (IoT), e.g., Smart Home. Our approach extends previous authorization models in three complementary ways: (1) By incorporating trust-level evaluation formulae as conditions inside authorization rules and policies, while supporting the evaluation of such policies through the fusion of an Attribute-Based Access Control (ABAC) authorization policy engine with a Trust-Level-Evaluation-Engine (TLEE). (2) By introducing contextualized, continuous monitoring and re-evaluation of policies throughout the authorization life-cycle. That is, mutable attributes about subjects, resources and environment as well as trust levels that are continuously monitored while obtaining an authorization, throughout the duration of or after revoking an existing authorization. Whenever change is detected, the corresponding authorization rules, including both access control rules and trust level expressions, are re-evaluated.(3) By minimizing the computational and memory footprint and maximizing concurrency and modular evaluation to improve performance while preserving the continuity of monitoring. Finally we introduce an application of such model in Zero Trust Architecture (ZTA) for consumer IoT.

Collaborative smart services provide functionalities which exploit data collected from different sources to provide benefits to a community of users. Such data, however, might be privacy sensitive and their disclosure has to be avoided. In this paper, we present a distributed multi-tier framework intended for smart-environment management, based on usage control for policy evaluation and enforcement on devices belonging to different collaborating entities. The proposed framework exploits secure multi-party computation to evaluate policy conditions without disclosing actual value of evaluated attributes, to preserve privacy. As reference example, a smart-grid use case is presented.