Abstract | ||
---|---|---|
Scalable, fine-grained access control for Internet-of-Things is needed in enterprise environments, where tens of thousands of users need to access smart objects which have a similar or larger order of magnitude. Existing solutions offer all-or-nothing access, or require all access to go through a cloud backend, greatly impeding access granularity, robustness and scale. In this paper, we propose Heracles, an IoT access control system which achieves robust, fine-grained access control and responsive execution at enterprise scale. Heracles adopts a capability-based approach using secure, unforgeable tokens that describe the authorizations of users, to either individuals or collections of objects in single or bulk operations. It has a 3-tier architecture to provide centralized policy and distributed execution desired in enterprise environments. Extensive analysis and performance evaluation on a testbed prove that Heracles achieves fine-grained access control and responsive execution at enterprise scale. Compared with systems using access control list, Heracles eliminates or reduces by 10x-100x the updating overhead under frequent changes of subject memberships and policies. Besides, Heracles achieves responsive execution: it takes 0.57 second to access 18 objects which are scattered 1-9 hops away, and execution on a 1-hop or 2-hop object needs only 0.07 or 0.13 second respectively. |
Year | DOI | Venue |
---|---|---|
2021 | 10.1109/TMC.2020.2984700 | IEEE Transactions on Mobile Computing |
Keywords | DocType | Volume |
Internet of Things,security,access control | Journal | 20 |
Issue | ISSN | Citations |
8 | 1536-1233 | 1 |
PageRank | References | Authors |
0.35 | 0 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Qian ZHOU | 1 | 36 | 13.44 |
Mohammed Elbadry | 2 | 23 | 3.91 |
Fan Ye | 3 | 2843 | 181.85 |
Yuanyuan Yang | 4 | 2782 | 226.78 |