Configuring Data Flows in the Internet of Things for Security and Privacy Requirements

  • Luigi LogrippoEmail author
  • Abdelouadoud Stambouli
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11358)


The Internet of Things is a highly distributed, highly dynamic environment where data can flow among entities (the ‘things’) in complex data flow configurations. For data secrecy, it is important that only certain data flows be allowed. Research in this area is often based on the use of the well-known lattice model. However, as shown in previous papers, by using a basic result of directed graph theory (or of order theory) it is possible to use a less constrained model based on partial orders, for which a formal notion of secrecy can be defined. We define a notion of ‘allowed contents’ for each ‘thing’ and then the data flows follow by inclusion relationships. By taking advantage of transitivity of data flows and of strongly connected component algorithms, these data flow relationships can then be simplified. It is shown that several data flow relationships can coexist in a network. Two small examples are presented, one on hospital applications and another on e-commerce. Implementation issues are discussed.


Internet of Things Data secrecy Data confidentiality Privacy Data flow control Partial orders 



This research was funded in part by the Natural Sciences and Engineering Research Council of Canada. We are grateful to N.V. Narendra Kumar for having carefully reviewed the paper.


  1. 1.
    Bacon, J., et al.: Enforcing end-to-end application security in the cloud. In: Gupta, I., Mascolo, C. (eds.) Middleware 2010. LNCS, vol. 6452, pp. 293–312. Springer, Heidelberg (2010). Scholar
  2. 2.
    Botta, A., de Donato, W., Persico, V., Pescapé, A.: Integration of cloud computing and internet of things: a survey. Future Gener. Comput. Syst. 56, 684–700 (2016)CrossRefGoogle Scholar
  3. 3.
    Blackstock, M., Lea, R.: Towards a distributed data flow paradigm for the Web of Things. In: Proceedings 5th ACM International Workshop on the Web of Things (WoT 2014), pp. 34–39 (2014)Google Scholar
  4. 4.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Etalle, S., Hinrichs, T.L., Lee, A.J., Trivellato, D., Zannone, N.: Policy administration in tag-based authorization. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 162–179. Springer, Heidelberg (2013). Scholar
  6. 6.
    Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House, Boston (2007)zbMATHGoogle Scholar
  7. 7.
    Fraïssé, R.: Theory of Relations. North-Holland, Amsterdam (1986)zbMATHGoogle Scholar
  8. 8.
    Gilat, A.: MATLAB: An Introduction with Applications, 2nd edn. Wiley, Hoboken (2004)zbMATHGoogle Scholar
  9. 9.
    Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of Things (IoT): a vision, architectural elements, and future directions. Future Gener. Comput. Syst. 29(7), 1645–1660 (2013)CrossRefGoogle Scholar
  10. 10.
    Harary, F., Norman, R.Z., Cartwright, D.: Structural MODELs: An Introduction to the Theory of Directed Graphs. Wiley, New York (1965)zbMATHGoogle Scholar
  11. 11.
    Jiang, L., Xu, L.D., Cai, H., Jiang, Z., Bu, F., Xu, B.: An IoT-oriented data storage framework in cloud computing platform. IEEE Trans. Ind. Inf. 10(2), 1443–1451 (2014)CrossRefGoogle Scholar
  12. 12.
    Khobragade, S., Narendra Kumar, N.V., Shyamasundar, R.K.: Secure synthesis of IoT via readers-writers flow model. In: Negi, A., Bhatnagar, R., Parida, L. (eds.) ICDCIT 2018. LNCS, vol. 10722, pp. 86–104. Springer, Cham (2018). Scholar
  13. 13.
    Landwehr, C.E.: Privacy research directions. Commun. ACM 59(2), 29–31 (2016)CrossRefGoogle Scholar
  14. 14.
    Logrippo, L.: Multi-level access control, directed graphs and partial orders in flow control for data secrecy and privacy. In: Imine, A., Fernandez, José M., Marion, J.-Y., Logrippo, L., Garcia-Alfaro, J. (eds.) FPS 2017. LNCS, vol. 10723, pp. 111–123. Springer, Cham (2018). Scholar
  15. 15.
    Narendra Kumar, N.V., Shyamasundar, R.: Realizing purpose-based privacy policies succinctly via information-flow labels. In: Big Data and Cloud Computing (BDCloud 2014), pp. 753–760 (2014)Google Scholar
  16. 16.
    Ouaddah, A., Mousannif, H., Abou Elkalam, A., Ait Ouahman, A.: Access control in the internet of things: big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017)CrossRefGoogle Scholar
  17. 17.
    Park, J., Nguyen, D., Sandhu, R.: A provenance-based access control model. In: 2012 10th Annual International Conference on Privacy, Security and Trust, pp. 137–144 (2012)Google Scholar
  18. 18.
    Pasquier, T., Bacon, J., Singh, J., Eyers, D.: 2016. Data-centric access control for cloud computing. In: Proceedings of 21st ACM Symposium on Access Control Models and Technologies (SACMAT 2016), pp. 81–88 (2016)Google Scholar
  19. 19.
    Samarati, P., Bertino, E., Ciampichetti, A., Jajodia, S.: Information flow control in object-oriented systems. IEEE Trans. Knowl. Data Eng. 9(14), 524–538 (1997)CrossRefGoogle Scholar
  20. 20.
    Sandhu, R.S.: Lattice-based enforcement of Chinese Walls. Comput. Secur. 11(8), 753–763 (1992)CrossRefGoogle Scholar
  21. 21.
    Schütte, J., Brost, G.S.: LUCON: data flow control for message-based IoT systems. arXiv preprint arXiv:1805.05887, 2018 -
  22. 22.
    Singh, J., Pasquier, T., Bacon, J., Ko, H., Eyers, D.: Twenty security considerations for cloud-supported Internet of Things. IEEE Internet Things J. 3(3), 269–284 (2016)CrossRefGoogle Scholar
  23. 23.
    Singh, J., Pasquier, T., Bacon, J., Powles, J., Diaconu, R., Eyres, D.: Big ideas paper: policy-driven middleware for a legally-compliant Internet of Things. In: Proceeding Middleware 2016 Proceedings of the 17th International Middleware Conference, Art. No. 13 (2016)Google Scholar
  24. 24.
    Stambouli, A., Logrippo, L.: Data flow analysis from capability lists, with application to RBAC. Inf. Process. Lett. 141, 30–40 (2019)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Tarjan, R.E.: Depth-first search and linear graph algorithms. SIAM J. Comput. 1(2), 146–160 (1972)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Winter, T., Thubert, P. (eds.): RPL: IPv6 routing protocol for low-power and lossy networks. Internet Engineering Task Force IETF RFC 6550, March 2012Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer Science and Engineering GatineauUniversité du Québec en OutaouaisGatineauCanada

Personalised recommendations