Abstract
There are several security problems arising from the characteristics of IoT, and one of them is weak access control. Traditional access control models require one centralized authority that stores all the information for access control and validates access rights. This single point of failure in IoT access control could lead to situations where a single breach can cause sensitive information leakage across the entire system. Various studies have been conducted to mitigate this security risk by introducing a decentralized architecture based on blockchain technology called BBAC. However, most BBAC models consider only a simple access control situation, which can lead to a 'the Greatest privilege problem'. This study proposes a novel access control model that enforces minimum privilege to an access token by the division and modification of access rights. As a result, we contributed to enhancing the practicality of the BBAC and mitigating risks that may arise in the delegation process.
Original language | English |
---|---|
Title of host publication | SysCon 2022 - 16th Annual IEEE International Systems Conference, Proceedings |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
ISBN (Electronic) | 9781665439923 |
DOIs | |
Publication status | Published - 2022 |
Event | 16th Annual IEEE International Systems Conference, SysCon 2022 - Virtual, Online, Canada Duration: 2022 Apr 25 → 2022 May 23 |
Publication series
Name | SysCon 2022 - 16th Annual IEEE International Systems Conference, Proceedings |
---|
Conference
Conference | 16th Annual IEEE International Systems Conference, SysCon 2022 |
---|---|
Country/Territory | Canada |
City | Virtual, Online |
Period | 22/4/25 → 22/5/23 |
Bibliographical note
Funding Information:This work was supported by the Institute of Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2019-0-01697 Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security, No. 2019-0-01343 Regional Strategic Industry Convergence Security Core Talent Training Business, and No. IITP-2021-2020-0-01819 ICT Creative Consilience program).
Funding Information:
This work was supported by the Institute of Information and Communications Technology Planning and Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2019-0-01697 Development of Automated Vulnerability Discovery Technologies for Blockchain Platform Security, No. 2019-0-01343 Regional Strategic Industry Convergence Security Core Talent Training Business, and No. IITP-2021-2020-0-01819 ICT Creative Consilience program)
Publisher Copyright:
© 2022 IEEE.
Keywords
- Access control model
- BBAC
- Blockchain
- IoT
ASJC Scopus subject areas
- Information Systems
- Information Systems and Management
- Artificial Intelligence
- Computer Networks and Communications
- Computer Science Applications