Automatic IoT permission assignment with transformer models under spatiotemporal constraints

• Published in: Journal of information security and applications Vol. 93; p. 104099
• Main Authors: Fu, Chao, Shen, Guohua, Huang, Zhiqiu, Xie, Jian, Fu, Jiazhou
• Format: Journal Article
• Language: English
• Published: Elsevier Ltd 01.09.2025
• Subjects: Access control; Automation; Deep learning; IoT; Permission assignment; Spatiotemporal constraints; Access control; Deep learning; Automation; Permission assignment; Spatiotemporal constraints; IoT
• ISSN: 2214-2126
• DOI: 10.1016/j.jisa.2025.104099

Permission assignment in IoT environments faces significant challenges due to dynamic spatiotemporal constraints and the limitations of traditional static access control models. This paper introduces a Transformer-Based Permission Assignment (TBPA), a novel framework integrating Long Short-Term Memory (LSTM) networks and Transformer architectures to automate permission assignment under spatiotemporal dynamics. TBPA uses LSTM to predict attribute trends, embeds attributes into the feature space through the Feature Tokenizer module, and Transformer’s multi-head attention mechanism to capture the complex relationships between attributes and permissions, enabling the dynamic assignment of permissions based on changing subject and environment attributes. To mitigate data imbalance, TBPA employs Synthetic Minority Over-sampling Technique and Tomek Links, enhancing prediction accuracy for critical “deny” decisions. Experiments on real-world and synthetic datasets demonstrate TBPA’s superiority, with a 1.5% improvement in F1 score over other methods. The robustness of the framework is validated across different IoT scenarios, including imbalanced datasets and dynamic spatiotemporal constraints. By automating permission assignment without manual intervention, TBPA bridges the gap between policy mining and real-time enforcement, offering a scalable solution for secure, context-aware IoT access control.