Adaptive Access Control Policies for IoT Deployments

“…Typically, the policies are stored in a specific format, for example, Extensible Access Control Markup Language (XACML). In addition, the PAP makes the complete access control policies available for the policy decision point to grant or deny permissions [ 32 , 33 ]. In an IoT environment, PAP should be designed so that policies can be added, removed or modified at runtime.…”

“…Once the evaluation is performed at the PDP, the PEP retrieves the decision and forwards it to the subject that made the request. Moreover, based on the decision, the PEP is responsible for enforcing the actions that the subject can perform on a resource (e.g., read, write or both) [ 32 , 34 , 35 ].…”

“…The PDP triggers the PIP to provide all the required contextual information, such as attribute values of the requester, the resources, the action that is being requested, and the environmental variables. Based on the information that is received, the PDP evaluates the decision by verifying them against the policies [ 32 , 34 , 35 ].…”

“…In an IoT network, granting or denying permissions based on context is one of the important requirements of access control. Hence, whenever the PDP requires the contextual information and the attribute information, the PIP sends them through the PEP to make an access decision [ 32 , 34 , 35 ].…”

“…The refining process can be triggered for several reasons such as any change in the context of the environment or detection of an abnormal or unauthorized access behavior [ 33 , 36 ]. Various techniques have been adopted in the literature for the policy refinement process [ 32 , 33 , 34 , 37 ]. Most of these techniques are based on artificial intelligence.…”

Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future Directions

“…Typically, the policies are stored in a specific format, for example, Extensible Access Control Markup Language (XACML). In addition, the PAP makes the complete access control policies available for the policy decision point to grant or deny permissions [ 32 , 33 ]. In an IoT environment, PAP should be designed so that policies can be added, removed or modified at runtime.…”

“…Once the evaluation is performed at the PDP, the PEP retrieves the decision and forwards it to the subject that made the request. Moreover, based on the decision, the PEP is responsible for enforcing the actions that the subject can perform on a resource (e.g., read, write or both) [ 32 , 34 , 35 ].…”

“…The PDP triggers the PIP to provide all the required contextual information, such as attribute values of the requester, the resources, the action that is being requested, and the environmental variables. Based on the information that is received, the PDP evaluates the decision by verifying them against the policies [ 32 , 34 , 35 ].…”

“…In an IoT network, granting or denying permissions based on context is one of the important requirements of access control. Hence, whenever the PDP requires the contextual information and the attribute information, the PIP sends them through the PEP to make an access decision [ 32 , 34 , 35 ].…”

“…The refining process can be triggered for several reasons such as any change in the context of the environment or detection of an abnormal or unauthorized access behavior [ 33 , 36 ]. Various techniques have been adopted in the literature for the policy refinement process [ 32 , 33 , 34 , 37 ]. Most of these techniques are based on artificial intelligence.…”

Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future Directions

Administration of Machine Learning Based Access Control

Behavior-Dependent Access Control Policies