Research on Zero-Trust Dynamic Access Control Model Based on User Behavior in Internet of Things Environment
Pages 402 - 407
Abstract
In the IoT environment, traditional access control mechanisms suffer from overuse of user privileges and coarse access granularity, while failing to verify user requests in real time. To address these challenges, this paper introduces the User Behavior-Based Zero Trust Dynamic Access Control Model (UB-ZTDAC). The model combines the concept of zero trust by not presetting trust for each user but verifying each request. The model combines user behavioral trust values with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to achieve dynamic and fine-grained access control based on zero trust. The model dynamically calculates the user's trust value by monitoring and evaluating the user's behavior in real time using Fuzzy Analytic Hierarchy Process (FAHP), and applies CP-ABE encryption policy based on the trust value to ensure that only users who meet the attribute requirements are allowed to access the data or resources. To cope with the fluctuation of user trust values, the model designs an attribute revocation mechanism to ensure the security and flexibility of the system. The experimental findings indicate that the model proposed in this paper surpasses conventional access control schemes regarding security, flexibility, and performance. It effectively tackles the various security challenges present in the Internet of Things (IoT) ecosystem.
References
[1]
Yang W, Wang S, Sahri N M, et al. Biometrics for internet-of-things security: A review[J]. Sensors, 2021, 21 (18): 6163.
[2]
Ferraiolo D F, Sandhu R, Gavrila S, et al. Proposed NISTstandard for role-based access control[J]. ACM Transac-tions on Information and System Security, 2001, 4 (3): 224-274.
[3]
Sandhu R S, Coyne E J, Feinstein H L, et al. Role-basedaccess control models[J]. Computer, 1996, 29 (2): 38-47.
[4]
Hu, V. C., Ferraiolo, D. F., Kuhn, D. R., & Schnitzer, A. 2013. Guide to Attribute Based Access Control (ABAC) Definition and Considerations (Draft). NIST Special Publication, 800-162.
[5]
Gusmeroli, S., Piccione, S., & Rotondi, D. 2013. A capability-based security approach to manage access control in the Internet of Things. Mathematical and Computer Modelling, 58 (5-6), 1189-1205.
[6]
Bouij-Pasquier, I., Ouahman, A. A., El Kalam, A. A., & de Montfort, M. O. 2015. SmartOrBAC security and privacy in the Internet of Things. In 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA) (pp. 1-8). IEEE.
[7]
Wang Yao. Discussion on Access Control Technology and Practical Application of Internet of Things [J]. Information Record Material, 2024, 25 (02): 133-135+138. cnki. cn13-1295/tq.2024.02.038.
[8]
Pan RJ, Wang Gao Cai, Huang HY. Attribute access control based on dynamic user trustworthiness under cloud computing[J]. Computer Science, 2021, 48 (5): 313G319.
[9]
Yu Bo, Tai Xianqing, Ma Zhijie. Research on attribute and trust based RBAC model in cloud computing environment[J]. Computer Engineering and Applications, 2020, 56 (9): 84-92.
[10]
Ma Jiale, Guo Yinzhang. Research on cloud computing user behavior trust assessment and access control policy[J]. Computer Application Research, 2020, 37 (S2): 260-262.
[11]
Wang HY, Pan QQ, Guo KX. Access control model based on blockchain and user creditworthiness[J]. Computer Applications, 2020, 40 (6): 6.
[12]
Sadique K M, Rahmani R, Johannesson P. Dynamic and Decentralized Trust Management for the Internet of Things (IoT) Paradigm[C]//International Conference on Soft Computing and Pattern Recognition. Cham: Springer International Publishing, 2020: 1017-1026.
[13]
Zhao Z, Sun L. Attribute-based access control with dynamic trust in a hybrid cloud computing environment[C]//Proceedings of the 2017 International Conference on Cryptography, Security and Privacy. 2017: 112-118.
[14]
Jingjing Huang, Qun Fang. Context- and role-based access control model for cloud computing[J]. Computer Applications, 2015, 35 (2): 393-396.
[15]
Yu Bo, Tai Xianqing, Ma Zhijie. Research on attribute and trust based RBAC model in cloud computing environment [J]. Computer Engineering and Applications, 2020, 56 (09): 84-92.
Index Terms
- Research on Zero-Trust Dynamic Access Control Model Based on User Behavior in Internet of Things Environment
Recommendations
Attribute-based fine-grained access control with efficient revocation in cloud storage systems
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications securityA cloud storage service allows data owner to outsource their data to the cloud and through which provide the data access to the users. Because the cloud server and the data owner are not in the same trust domain, the semi-trusted cloud server cannot be ...
Attribute-based solution with time restriction delegate for flexible and scalable access control in cloud storage
UCC '16: Proceedings of the 9th International Conference on Utility and Cloud ComputingThe development of cloud computing has brought a lot of advantages, such as reducing the hardware cost and a more convenient storage solution. Because of the convenient and cheap storage solution, a large number of users put their valuable data onto the ...
Dynamic Game Access Control Based on Trust
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01Access control refers to the whole suite of mechanisms that are used to govern user access to resources provided by computer systems over networks. Although many access control models have been proposed, such as DAC, MAC and RBAC, the functionality of ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
September 2024
764 pages
ISBN:9798400707254
DOI:10.1145/3703187
Copyright © 2024 Copyright held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 December 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CISAI 2024
CISAI 2024: 2024 7th International Conference on Computer Information Science and Artificial Intelligence
September 13 - 15, 2024
Shaoxing, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 21Total Downloads
- Downloads (Last 12 months)21
- Downloads (Last 6 weeks)13
Reflects downloads up to 18 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in