Developing an Access Control solution for IoT Gateways applied to Smart Home Care
Semantic Attribute Based Access Control (SABAC) – Developing an Access Control solution for IoT Gateways applied to Smart Home Care
Access control is a security measure for restricting access to computer resources, especially in multi-user and data sharing settings. Attribute-based access control is a successor of the role-based access control that has a different approach for providing access control and provides dynamic and context-aware access control. Attribute Based Access Control (ABAC) has reached the maturity of OASIS standards with XACML 3.0 and SAML 2.0 (including profiles specific for healthcare) with existing tools like open-source Balana or PicketBox from RedHat JBoss or proprietary engines like from Axiomatics. Nevertheless, little adoption can be seen in the Health & Home care IT solutions in Europe. If in other industries the role-based access control approach can be enough, for medical data and processes the ABAC, and more granular extensions of it, are desired due to the highly sensitive and private nature of the information being accessed and the collaborative nature of the work. ABAC can handle non-trivial access policies like for collaborative access control, needed in e-Hospitals, where multiple subjects should be involved, with varying attributes and roles.
The aim of this thesis is to analyse, identify, and develop the best approach on running ABAC on a residential gateway in a smart home used by elderly people to strengthen the security of the home care.
First, we examine the ideal hardware that fulfils the basic needs such as installing a custom software as a firmware, updating/upgrading the firmware and interoperating with other wireless devices in the smart home. We examine in detail the widely-used hardware such as Raspberry PI, Residential Gateways in the market. Then, we try to implement an ABAC mechanism on a gateway device. ABAC has a distributed architecture and is usually implemented on a cloud platform. However, in this thesis we are going to implement it on a fog-node where is located inside the elderly people home (i.e., the smart home) and can be managed and maintained much easier.
Finally, we try to enrich the developed framework by adding the semantic technologies. In other words, we try to develop a Semantic Attribute Based Access Control (S-ABAC) mechanism, which makes a decision semantically and considers the semantic relationships for inferring new policies (i.e., implicit policies), for IoT environments.