This book presents cybersecurity aspects of ubiquitous and growing Io T and Cyber Physical Systems. It also introduces a range of conceptual, theoretical, and foundational access control solutions. This was developed by the authors to provide an overall broader perspective and grounded approach to solve access control problems in Io T and CPS.
The authors discuss different architectures, frameworks, access control models, implementation scenarios, and a broad set of use-cases in different Io T and CPS domains. This provides readers an intuitive and easy to read set of chapters. The authors also discuss Io T and CPS access control solutions provided by key industry players including Amazon Web Services (AWS) and Google Cloud Platform (GCP). It provides extensions of the authors proposed fine grained solutions with these widely used cloud and edge supported platforms.
This book is designed to serve the computer science and the cybersecurity community including researchers, academicians and students. Practitioners who have a wider interest in Io T, CPS, privacy and security aspects will also find this book useful. Thanks to the holistic planning and thoughtful organization of this book, the readers are expected to gain in-depth knowledge of the state-of-the-art access control architectures and security models for resilient Io T and CPS.
Зміст
1 Introduction: Requirements for Access Control in Io T and CPS.- 1.1 Introduction and Motivation.- 1.1.1 Io T Architectures.- 1.1.2 Io T and CPS Security Issues.- 1.2 Access Control Models.- 1.2.1 State of the Art.- 1.2.2 Access Control Models for Smart Connected Systems.- 1.3 Publish-Subscribe Paradigm.- 1.4 Io T and CPS Integration with Cloud and Edge Computing.- 1.5 Current Trends.- 1.6 Access Control Challenges and Research Needs.- 1.7 Summary.- References.- 2 Access Control Oriented Architectures Supporting Io T and CPS .- 2.1 Introduction.- 2.1.1 Chapter Organization.- 2.2 Primitives for Cloud and Edge Assisted Io.- 2.2.1 Taxonomy of Smart Devices.- 2.2.2 Cloud and Edge Hybrid Architectures.- 2.3 Access Control Oriented Architectures.- 2.3.1 Edge Gateway Supported ACO Architecture.- 2.3.2 Extended ACO Architecture with Clustered Objects.- 2.4 Illustrative Io T and CPS using Proposed Architectures.- 2.4.1 Remote Patient Monitoring (RPM).- 2.4.2 Intelligent Transportation System (ITS).- 2.5 Summary.- References.- 3 Authorization Frameworks for Smart and Connected Ecosystems 9.- 3.1 Introduction.- 3.1.1 Chapter Organization.- 3.2 Access Control Framework for Cloud Enabled Wearable Io T.- 3.2.1 Access Control Framework.- 3.2.2 RPM Wearable Io T Use Case.- 3.3 Framework for Smart Connected Cars Ecosystem.- 3.3.1 Access Control Framework.- 3.3.2 Identified Access Control Approaches.- 3.3.3 Single and Multi-Cloud Cyber Physical Systems.- 3.4 Objectives of Proposed Frameworks.- 3.5 Summary.- References.- 4 Access Control Models in Cloud Io T Services.- 4.1 Introduction.- 4.1.1 Chapter Organization 4.- 4.2 AWS Access Control Model5.- 4.3 Access Control in AWS Internet of Things: AWS-Io TAC.- 4.3.1 Motivation 8.- 4.3.2 Formal Model and Definitions.- 4.3.3 AWS-Io TAC and ACO Architecture.- 4.3.4 Use Case.- 4.4 Google Cloud Platform Access Control Model.- 4.4.1 GCP Access Control (GCPAC) Model.- 4.4.2 Access Control in GCP Internet of Things.-4.4.3 E-Health Use Case.- 4.5 Limitations and Fine Grained Enhancements.- 4.5.1 Proposed Enhancements in AWS Io TAC.- 4.5.2 Proposed Enhancements in GCP Io TAC.- 4.6 Summary.- References.- 5 Secure Virtual Objects Communication.- 5.1 Introduction.- 5.1.1 Chapter Organization.- 5.2 Operational Access Control for VO Communication.- 5.2.1 ACL and Capability Based (ACL-Cap) Operational Model.- 5.2.2 ABAC Operational Model.- 5.2.3 RBAC Limitations.- 5.3 Administrative Access Control for VO Communication.- 5.3.1 Administrative ACL Model.- 5.3.2 Administrative RBAC Model.- 5.3.3 Administrative ABAC Model.- 5.4 AWS-Io T-ACMVO Model for AWS Io T Shadows Communication.- 5.5 Issues in enforcing ACO-Io T-ACMs VO within AWS-Io T-ACMVO.- 5.6 A Use Case: Sensing Speeding Cars.- 5.6.1 Sensing the Speed of a Single Car.- 5.6.2 Sensing the Speed of Multiple Cars.- 5.6.3 Performance Evaluation and Discussion.- 5.7 Summary.- References.- 6 Attribute Based Access Control for Intelligent Transportation 5.- 6.1 Introduction.- 6.1.1 Chapter Organization.- 6.2 Authorization Requirements in ITS.- 6.2.1 Multi-Layer and User Privacy Preferences.- 6.2.2 Relevance of Groups.- 6.3 Dynamic Groups and ABAC Model.- 6.3.1 CV-ABACG Model Overview.- 6.3.2 Components Definitions.- 6.4 AWS Enforcement.- 6.4.1 Use Case Overview.- 6.4.2 Prototype Implementation.- 6.4.3 Performance Evaluation.- 6.5 Summary.- References.- 7 Fine Grained Communication Control for Io T and CPS .- 7.1 Introduction.- 7.1.1 Motivation.- 7.1.2 Chapter Organization.- 7.2 Background and Related Work.- 7.2.1 CE-Io T Architectures.- 7.2.2 Related Work.- 7.2.3 Scope and Assumptions.- 7.3 Access Control and Communication Control Requirements.- 7.3.1 Use Case Scenarios.- 7.4 Attribute-Based Communication Control.- 7.4.1 Attribute-Based Access Control Model.- 7.4.2 Attribute-Based Communication Control Model.- 7.5 Attribute-Based Access and Communication Control Framework.- 7.5.1 ABAC-CC Framework.- 7.6 Summary.- References.
Про автора
Maanak Gupta is an Assistant Professor in the Department of Computer Science at Tennessee Tech University, USA. He received his Ph.D. in Computer Science from the University of Texas at San Antonio and has worked as a Postdoctoral Research Fellow at the Institute for Cyber Security. He also holds an M.S. degree in Information Systems from Northeastern University, Boston. His primary area of research includes security and privacy in cyber space focused in studying foundational aspects of access control and their application in technologies including cyber physical systems, cloud computing, Io T and Big data. Dr Gupta has worked in developing novel security mechanisms, models and architectures for next generation smart cars, smart cities, intelligent transportation systems and smart farming. He is also interested in machine learning based malware analysis and AI assisted cyber security solutions. His scholarly work is regularly published at top peer-reviewed security venues including ACM SIGSAC conferences and refereed journals. He was awarded the 2019 computer science outstanding doctoral dissertation research award from UT San Antonio. His research has been funded by the US National Science Foundation (NSF), NASA, US Department of Defense (Do D) and private industry.
Smriti Bhatt is an Assistant Professor of Computer Science in the Department of Computing and Cyber Security at Texas A&M University-San Antonio. She has received her Ph.D. in Computer Science from the University of Texas at San Antonio and did her doctoral research at the Institute for Cyber Security (ICS) and Center for Security and Privacy Enhanced Cloud Computing (C-SPECC). Dr. Bhatt’s research expertise is in the field of Cyber Security, mainly focused on Access Control and Communication Control models, and Security and Privacy in Cloud Computing and the Internet of Things (Io T). Her current research projects focus on developing secure access control and communication control models for Cloud-Enabled Io T architecture applicable to various Io T domains, such as Smart Home, Smart Health, and Wearable Io T. Her research work also expands into deep learning for Io T security with applications in access control and anomaly detection. She has been actively publishing her work on well-regarded conferences and journals in the field, and also continually serves as an expert reviewer for journals (e.g., IEEE Transactions on Cloud, IEEE Access, and Transactions on Dependable and Secure Computing). She have also served as technical program committee member and co-chair for several conferences and workshops. Furthermore, Dr. Bhatt is enthusiastically involved with various national and local organizations including Anita B.org, Women in Cyber Security (Wi Cy S), and San Antonio Women in IT (SAWIT) for enhancing diversity and inclusion in STEM.
Asma Alshehri is an Assistant Professor in Computer Science at Shaqra University, Shaqra, Saudi Arabia. She received M.S. and Ph.D. in Computer Science from the University of Texas at San Antonio (UTSA). It was her honor to be the first Arabian women to work and graduate from the Institute for Cyber Security (ICS), UTSA. Her primary area of research includes security and privacy in cyber space focused in studying foundational aspects of access control and their application in technologies including cloud computing, Io T and Big Data. She has worked in developing novel security mechanisms, models, and architectures for Io T smart cities, cars, and homes. She is also interested in malware analysis and AI assisted cyber security solutions. She is currently the Vice Dean of IT and E-learning Deanship at Shaqra University, Head of E-learning Unit at University Agency for Educational Affair, and Chair of Computer Science Department at Collage of Science and Humanities at Dhurma. She holds a B.S. degree in Computer Science from Princess Nourah Bint Abdulrahman University, Riyadh, Saudi Arabia
Ravi Sandhu is Professor of Computer Science, Executive Director of the Institute for Cyber Security and Lead PI of the NSF Center for Security and Privacy Enhanced Cloud Computing at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security. Previously he served on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi, and MS and Ph D degrees from Rutgers University. He is a Fellow of IEEE, ACM and AAAS, and has received numerous awards from IEEE, ACM, NSA, NIST and IFIP, including the 2018 IEEE Innovation in Societal Infrastructure award for seminal work on role-based access control (RBAC). A prolific and highly cited author, his research has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL, ARO and private industry. His seminal papers on role-based accesscontrol established it as the dominant form of access control in practical systems. His numerous other models and mechanisms have also had considerable real-world impact. He served as Editor-in-Chief of the IEEE Transactions on Dependable and Secure Computing, and previously as founding Editor-in-Chief of ACM Transactions on Information and System Security. He was Chairman of ACM SIGSAC, and founded the ACM Conference on Computer and Communications Security, the ACM Symposium on Access Control Models and Technologies and the ACM Conference on Data and Application Security and Privacy. He has served as General Chair, Steering Committee Chair, Program Chair and Committee Member for numerous security conferences. He has consulted for leading industry and government organizations, and has lectured all over the world. He is an inventor on 31 security technology patents and has accumulated over 45, 000 Google Scholar citations for his papers. At UTSAhis team seeks to pursue world-leading research in both the scientific foundations of cyber security and their applications in diverse 21st century cyber technology domains, including cloud computing, internet of things, autonomous vehicles, big data and blockchain. Particular focus is on foundations and technology of attribute-based access control (ABAC) as a successor to RBAC in these contexts