research-article

Public Access

Dynamic Groups and Attribute-Based Access Control for Next-Generation Smart Cars

Authors:

Ravi SandhuAuthors Info & Claims

CODASPY '19: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

Pages 61 - 72

https://doi.org/10.1145/3292006.3300048

Published: 13 March 2019 Publication History

Abstract

Smart cars are among the essential components and major drivers of future cities and connected world. The interaction among connected entities in this vehicular internet of things (IoT) domain, which also involves smart traffic infrastructure, restaurant beacons, emergency vehicles, etc., offer several real-time applications and provide safer and pleasant driving experience to consumers. With more than 100 million lines of code and hundreds of sensors, these connected vehicles (CVs) expose a large attack surface, which can be remotely compromised and exploited by malicious attackers. Security and privacy are big concerns that deter the adoption of smart cars, which if not properly addressed will have grave implications with risk to human life and limb. In this paper, we present a formalized dynamic groups and attribute-based access control (ABAC) model (referred as CV-ABAC-G) for smart cars ecosystem, where the model not only considers system wide attributes-based security policies but also takes into account the individual user privacy preferences for allowing or denying service notifications, alerts and operations to on-board resources. Further, we introduce a novel notion of groups in vehicular IoT, which are dynamically assigned to moving entities like connected cars, based on their current GPS coordinates, speed or other attributes, to ensure relevance of location and time sensitive notification services, to provide administrative benefits to manage large numbers of entities, and to enable attributes inheritance for fine-grained authorization policies. We present proof of concept implementation of our model in AWS cloud platform demonstrating real-world uses cases along with performance metrics.

References

[1]

2014. Connected Vehicles and Your Privacy. https://www.its.dot.gov/factsheets/ pdf/Privacy_factsheet.pdf

[2]

2017. 2017 Roundup Of Internet Of Things Forecasts. https://www.forbes.com/ sites/louiscolumbus/2017/12/10/2017-roundup-of-internet-of-things-forecasts/ #67005b6a1480 {Online; Accessed: 2018-05-03}.

[3]

2018. AWS. https://aws.amazon.com/ {Online; Accessed: 2018-05-09}.

[4]

2018. AWS Greengrass. https://aws.amazon.com/greengrass/ {Online; Accessed: 2018-05--27}.

[5]

2018. AWS-IoT. https://aws.amazon.com/iot/ {Online; Accessed: 2018-05-09}.

[6]

2018. AWS Lambda. https://aws.amazon.com/lambda/ {Online; Accessed: 2018- 05--20}.

[7]

2018. AWS SDK for Python (Boto3). https://aws.amazon.com/sdk-for-python/ {Online; Accessed: 2018-05--23}.

[8]

2018. AWS Simple Notification Service. https://aws.amazon.com/sns/ {Online; Accessed: 2018-05--20}.

[9]

2018. DSRC. https://en.wikipedia.org/wiki/Dedicated_short-range_ communications {Online; Accessed: 2018-08-07}.

[10]

2018. Google Maps Platform. https://cloud.google.com/maps-platform/ {Online; Accessed: 2018-05-09}.

[11]

2018. Vehicular ad hoc networks. https://en.wikipedia.org/wiki/Vehicular_ad_ hoc_network {Online; Accessed: 2018-05--30}.

[12]

M. Aazam and et al. 2014. Cloud of Things: Integrating Internet of Things and cloud computing and the issues involved. In Proc. of IBCAST. 414--419.

[13]

A. Al-Fuqaha and et al. 2015. Internet of things:Asurvey on enabling technologies, protocols, and applications. IEEE Comm. Surveys & Tutorials (2015), 2347--2376.

[14]

Asma Alshehri and Ravi Sandhu. 2016. Access control models for cloud-enabled internet of things: A proposed architecture and research agenda. In Proc. of IEEE CIC. 530--538.

[15]

Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The internet of things: A survey. Computer networks 54, 15 (2010), 2787--2805.

Digital Library

[16]

Jim Barbaresso and et al. 2014. USDOT's Intelligent Transportation Systems ITS Strategic Plan 2015- 2019. (2014).

[17]

S. Bhatt, F. Patwa, and R. Sandhu. 2017. An Access Control Framework for Cloud-Enabled Wearable Internet of Things. In Proc. of IEEE CIC. 328--338.

[18]

Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2017. Access Control Model for AWS Internet of Things. In Proc. of NSS. Springer, 721--736.

[19]

A. Botta, W. de Donato, V. Persico, and A. PescapÃ. 2014. On the Integration of Cloud Computing and Internet of Things. In Proc. of IEEE FiCLOUD. 23--30.

Digital Library

[20]

Mohamed Eltoweissy and et al. 2010. Towards Autonomous Vehicular Clouds. In Ad Hoc Networks. Springer, 1--16.

[21]

ENISA. 2017. Cyber Security and Resilience of smart cars: Good practices and recommendations. https://www.enisa.europa.eu/publications/ cyber-security-and-resilience-of-smart-cars {Online; Accessed: 2018-01--27}.

[22]

David F Ferraiolo, Ravi Sandhu, Serban Gavrila, D Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 3 (2001), 224--274.

Digital Library

[23]

US GAO. 2016, March. Vehicle Cybersecurity . GAO-16--350 (2016, March). https://www.gao.gov/assets/680/676064.pdf

[24]

M. Gerla, E. Lee, G. Pau, and U. Lee. 2014. Internet of vehicles: From intelligent grid to autonomous cars and vehicular clouds. In Proc. of IEEE WF-IoT. 241--246.

[25]

J. Gubbi and et al. 2013. Internet of Things (IoT): A vision, architectural elements, and future directions. Future generation computer systems 29, 7 (2013), 1645--1660.

Digital Library

[26]

M. Gupta and et al. 2017. Multi-Layer Authorization Framework for a Representative Hadoop Ecosystem Deployment. In Proc. of ACM SACMAT. 183--190.

Digital Library

[27]

Maanak Gupta, Farhan Patwa, and Ravi Sandhu. 2017. Object-Tagged RBAC Model for the Hadoop Ecosystem. In Proc. of DBSec. Springer, 63--81.

[28]

Maanak Gupta, Farhan Patwa, and Ravi Sandhu. 2017. POSTER: Access control model for the Hadoop Ecosystem. In Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies. ACM, 125--127.

Digital Library

[29]

Maanak Gupta, Farhan Patwa, and Ravi Sandhu. 2018. An Attribute-Based Access Control Model for Secure Big Data Processing in Hadoop Ecosystem. In Proc. of the Third ACM Workshop on Attribute-Based Access Control. 13--24.

Digital Library

[30]

Maanak Gupta and Ravi Sandhu. 2016. The GURAG Administrative Model for User and Group Attribute Assignment. In Proc. of NSS. Springer, 318--332.

[31]

Maanak Gupta and Ravi Sandhu. 2018. Authorization Framework for Secure Cloud Assisted Connected Cars and Vehicular Internet of Things. In Proc. of ACM SACMAT. 193--204.

Digital Library

[32]

Maanak Gupta and Ravi Sandhu. 2018. POSTER: Access Control Needs in Smart Cars. https://www.ieee-security.org/TC/SP2018/poster-abstracts/ oakland2018-paper26-poster-abstract.pdf. {Online; Accessed: 2018--10-04}.

[33]

Per Hallgren, Martin Ochoa, and Andrei Sabelfeld. 2015. Innercircle: A parallelizable decentralized privacy-preserving location proximity protocol. In Privacy, Security and Trust (PST), 2015 13th Annual Conference on. IEEE, 1--6.

[34]

Vincent C Hu, David Ferraiolo, Rick Kuhn, Arthur R Friedman, Alan J Lang, Margaret M Cogdell, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone. 2014. Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800--162 (2014).

[35]

Vincent C Hu, D Richard Kuhn, and David F Ferraiolo. 2015. Attribute-based access control. IEEE Computer 2 (2015), 85--88.

Digital Library

[36]

Rasheed Hussain and et al. 2012. Rethinking vehicular communications: Merging VANET with cloud computing. In Proc. of IEEE CloudCom. 606--609.

Digital Library

[37]

Xin Jin, Ram Krishnan, and Ravi Sandhu. 2012. A unified attribute-based access control model covering DAC, MAC and RBAC. In DBSec. Springer, 41--55.

Digital Library

[38]

R. Lea and M. Blackstock. 2014. City Hub: A Cloud-Based IoT Platform for Smart Cities. In Proc. of IEEE CloudCom. 799--804.

Digital Library

[39]

Arvind Narayanan, Narendran Thiagarajan, Mugdha Lakhani, Michael Hamburg, Dan Boneh, et al. 2011. Location Privacy via Private Proximity Testing. In NDSS, Vol. 11.

[40]

NHTSA. 2016. NHTSA and Vehicle CyberSecurity. NHTSA Report (2016).

[41]

NHTSA. 2016, October. Cybersecurity Best Practices for Modern Vehicles. NHTSA Report No. DOT HS 812 333 (2016, October).

[42]

M. Nitti and et al. 2016. The virtual object as a major element of the internet of things: a survey. IEEE Comm. Surveys & Tutorials (2016), 1228--1240.

[43]

Stephan Olariu and et al. 2011. Taking VANET to the clouds. International Journal of Pervasive Computing and Communications 7, 1 (2011), 7--21.

[44]

Jaehong Park, Ravi Sandhu, and Yuan Cheng. 2011. Acon: Activity-centric access control for social computing. In Proc. of IEEE ARES. 242--247.

Digital Library

[45]

Jaehong Park, Ravi Sandhu, and Yuan Cheng. 2011. A user-activity-centric framework for access control in online social networks. IEEE Internet Computing 15, 5 (2011), 62--65.

Digital Library

[46]

Ravi S Sandhu, Edward J Coyne, Hal L Feinstein, and Charles E Youman. 1996. Role-based access control models. Computer 29, 2 (1996), 38--47.

Digital Library

[47]

Ravi S Sandhu and Pierangela Samarati. 1994. Access control: principle and practice. IEEE communications magazine 32, 9 (1994), 40--48.

Digital Library

[48]

Daniel Servos and Sylvia L Osborn. 2014. HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control. In International Symposium on Foundations and Practice of Security. Springer, 187--204.

[49]

European Union. 2017. Certificate Policy for Deployment and Operation of European Cooperative Intelligent Transport Systems (C-ITS). https://ec.europa.eu/transport/ sites/transport/files/c-its_certificate_policy_release_1.pdf

[50]

European Union. 2017. Security Policy & Governance Framework for Deployment and Operation of European Cooperative Intelligent Transport Systems (CITS). https://ec.europa.eu/transport/sites/transport/files/c-its_security_policy_ release_1.pdf

[51]

USAToday. 2017. Chinese group hacks a Tesla for the second year in a row.

[52]

USDOT. 2016. Securty Credential Management System. https://www.its.dot.gov/ resources/scms.htm {Online; Accessed: 2018-01--13}.

[53]

Md Whaiduzzaman and et al. 2014. A survey on vehicular cloud computing. Journal of Network and Computer Applications 40 (2014), 325--344.

Digital Library

[54]

Wired. 2015. Hackers Remotely Kill a Jeep on the Highway-With Me in It.

[55]

Ge Zhong, Ian Goldberg, and Urs Hengartner. 2007. Louis, lester and pierre: Three protocols for location privacy. In International Workshop on Privacy Enhancing Technologies. Springer, 62--76.

Digital Library

Cited By

Takacs AHaidegger T(2024)A Method for Mapping V2X Communication Requirements to Highly Automated and Autonomous Vehicle FunctionsFuture Internet10.3390/fi1604010816:4(108)Online publication date: 25-Mar-2024
https://doi.org/10.3390/fi16040108
Shun GNorman MSettar N(2024)Fault Analysis and Debugging of Intelligent Connected Car Wire-Controlled Chassis System2024 5th International Conference on Mobile Computing and Sustainable Informatics (ICMCSI)10.1109/ICMCSI61536.2024.00135(858-863)Online publication date: 18-Jan-2024
https://doi.org/10.1109/ICMCSI61536.2024.00135
Mawla TGupta MAmeer SSandhu R(2024)The $$\mathrm {ACAC_{D}}$$ model for mutable activity control and chain of dependencies in smart and connected systemsInternational Journal of Information Security10.1007/s10207-024-00881-523:5(3283-3310)Online publication date: 20-Jul-2024
https://doi.org/10.1007/s10207-024-00881-5
Show More Cited By

Index Terms

Dynamic Groups and Attribute-Based Access Control for Next-Generation Smart Cars
1. Security and privacy

Recommendations

Authorization Framework for Secure Cloud Assisted Connected Cars and Vehicular Internet of Things
SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies

Internet of Things has become a predominant phenomenon in every sphere of smart life. Connected Cars and Vehicular Internet of Things, which involves communication and data exchange between vehicles, traffic infrastructure or other entities are pivotal ...
An authorization mechanism for a relational database system

A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized ...
Enhance OpenStack Access Control via Policy Enforcement Based on XACML
ICEIS 2014: Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2

The cloud computing is driving the future of internet computation, and evolutes the concepts from software to infrastructure. OpenStack is one of promising open-sourced cloud computing platforms. The active developer community and worldwide partners ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '19: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

March 2019

373 pages

ISBN:9781450360999

DOI:10.1145/3292006

General Chairs:
Gail-Joon Ahn
Arizona State University, USA
,
Bhavani Thuraisingham
University of Texas at Dallas, USA
,
Program Chairs:
Murat Kantarcioglu
University of Texas at Dallas, USA
,
Ram Krishnan
University of Texas at San Antonio, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 March 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

DoD ARL
NSF

Conference

CODASPY '19

Sponsor:

SIGSAC

CODASPY '19: Ninth ACM Conference on Data and Application Security and Privacy

March 25 - 27, 2019

Texas, Richardson, USA

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

50
Total Citations
View Citations
1,368
Total Downloads

Downloads (Last 12 months)216
Downloads (Last 6 weeks)26

Reflects downloads up to 22 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Takacs AHaidegger T(2024)A Method for Mapping V2X Communication Requirements to Highly Automated and Autonomous Vehicle FunctionsFuture Internet10.3390/fi1604010816:4(108)Online publication date: 25-Mar-2024
https://doi.org/10.3390/fi16040108
Shun GNorman MSettar N(2024)Fault Analysis and Debugging of Intelligent Connected Car Wire-Controlled Chassis System2024 5th International Conference on Mobile Computing and Sustainable Informatics (ICMCSI)10.1109/ICMCSI61536.2024.00135(858-863)Online publication date: 18-Jan-2024
https://doi.org/10.1109/ICMCSI61536.2024.00135
Mawla TGupta MAmeer SSandhu R(2024)The $$\mathrm {ACAC_{D}}$$ model for mutable activity control and chain of dependencies in smart and connected systemsInternational Journal of Information Security10.1007/s10207-024-00881-523:5(3283-3310)Online publication date: 20-Jul-2024
https://doi.org/10.1007/s10207-024-00881-5
Ranković TSimić MStojkov MSladić G(2024)Access Control in a Distributed Micro-cloud EnvironmentDisruptive Information Technologies for a Smart Society10.1007/978-3-031-50755-7_41(435-447)Online publication date: 1-Feb-2024
https://doi.org/10.1007/978-3-031-50755-7_41
Chui KUpadhyay UKumar ASharma GSaini AArya VGaurav A(2023)Mitigating Risks in the Cloud-Based Metaverse Access Control Strategies and TechniquesInternational Journal of Cloud Applications and Computing10.4018/IJCAC.33436414:1(1-30)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.4018/IJCAC.334364
Deebak BHwang S(2023)Federated Learning-Based Lightweight Two-Factor Authentication Framework with Privacy Preservation for Mobile Sink in the Social IoMTElectronics10.3390/electronics1205125012:5(1250)Online publication date: 5-Mar-2023
https://doi.org/10.3390/electronics12051250
An YHelil N(2023)Authorization Recycling in Attribute-Based Access ControlWireless Communications & Mobile Computing10.1155/2023/46447782023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/4644778
Ameer SBenson JSandhu R(2023)Hybrid Approaches (ABAC and RBAC) Toward Secure Access Control in Smart Home IoTIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321629720:5(4032-4051)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3216297
Gupta MSandhu RMawla TBenson J(2023)Reachability Analysis for Attributes in ABAC With Group HierarchyIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.314535820:1(841-858)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TDSC.2022.3145358
Zielonka ASikora AWoźniak M(2023)Trust Mechanism Fuzzy Rules Intelligent Car Real-Time Diagnostic System2023 IEEE International Conference on Fuzzy Systems (FUZZ)10.1109/FUZZ52849.2023.10309745(1-8)Online publication date: 13-Aug-2023
https://doi.org/10.1109/FUZZ52849.2023.10309745
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents