Evaluation of an OI (Operation Interruption) Protocol to Prevent Illegal Information Flow in the IoT
Various types and millions of nodes including not only computers like servers but also devices like sensors and actuators are interconnected in the IoT (Internet of Things). Here, devices have to be prevented from maliciously accessed. The CapBAC (Capability-Based Access Control) model is proposed to make IoT devices secure. In the CapBAC model, an owner of a device issues a capability token, i.e. a set of access rights to a subject. Here, the subject is allowed to manipulate the device according to the access rights authorized in the capability token. Suppose a subject \(sb_i\) is allowed to get data from a device \(d_2\) but not allowed to get data from a device \(d_1\). If another subject can get data from the device \(d_1\) and sends the data to the device \(d_2\), the subject \(sb_i\) can get the data of the device \(d_1\) from the device \(d_2\). Here, the data in the device \(d_1\) illegally flows to the subject \(sb_i\). In order to prevent illegal information flow, an OI (Operation Interruption) protocol is proposed in our previous studies. Here, illegal get operations are interrupted. In this paper, we evaluate the OI protocol in terms of the number of illegal get operations. In the evaluation, we show the ratio of the number of illegal get operations to the total number of get operations is kept constant even if the number of subjects increases in the OI protocol.
KeywordsIoT (Internet of Things) Device security CapBAC (Capability-Based Access Control) model Illegal information flow Information flow control OI (Operation Interruption) protocol
This work was supported by Japan Society for the Promotion of Science (JSPS) KAKENHI Grant Number JP17J00106.
- 2.Fernandez, E.B., Summers, R.C., Wood, C.: Database Security and Integrity. Adison Wesley, Boston (1980)Google Scholar
- 4.Hernández-Ramos, J.L., Jara, A.J., Marín, L., Skarmeta, A.F.: Distributed capability-based access control for the internet of things. J. Internet Serv. Inf. Secur. 3(3/4), 1–16 (2013)Google Scholar
- 5.Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A flexible read-write abortion protocol to prevent illegal information flow among objects. J. Mob. Multimed. 11(3&4), 263–280 (2015)Google Scholar
- 8.Nakamura, S., Enokido, T., Barolli, L., Takizawa, M.: Capability-based information flow control model in the IoT. In: Proceedings of the 13th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 63–71 (2019)Google Scholar
- 9.Nakamura, S., Enokido, T., Takizawa, M.: Information flow control in object-based peer-to-peer publish/subscribe systems. Concurrency and Computation: Practice and Experience (accepted)Google Scholar
- 13.Ogiela, M.R., Ogiela, L.: On using cognitive models in cryptography. In: Proceedings of IEEE the 30th International Conference on Advanced Information Networking and Applications (AINA 2016), pp. 1055–1058 (2016)Google Scholar
- 16.Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the IEEE International Conference on Web Services (ICWS 2005) (2005)Google Scholar