Information Flow Control Based on the CapBAC (Capability-Based Access Control) Model in the IoT

• Published in: International journal of mobile computing and multimedia communications Vol. 10; no. 4; pp. 13 - 25
• Main Authors: Nakamura, Shigenari, Enokido, Tomoya, Takizawa, Makoto
• Format: Journal Article
• Language: English
• Published: Hershey IGI Global 01.10.2019
• Subjects: Access control; Actuators; Devices; Flow control; Information flow; Internet of Things; Japan
• ISSN: 1937-9412; 1937-9404
• DOI: 10.4018/IJMCMC.2019100102

In the Internet of Things (IoT), not only computers like servers but also devices with sensor and actuator devices are interconnected. It is critical to make the IoT secure, especially devices. In the capability-based access control (CapBAC) model proposed to make IoT devices secure, an owner of each device issues a capability token, i.e. a set of access rights, to a subject. Only a subject holding the capability token is allowed to manipulate the device. However, a subject may get data in a device d1 via another device d2 although the subject holds no capability token to get data from the device d1. Here, the data in the device d1 illegally flow to the subject. In this article, the authors propose the operation interruption (OI) protocol where illegal get operations are interrupted. In the evaluation, the ratio of the number of get operations interrupted to the total number of get operations is kept constant even if the numbers of subjects and access rights granted to each subject increase in the OI protocol.