Expressive Policy-Based Access Control for Resource-Constrained Devices

“…In this section, the expressive policy language detailed in [5] is summarised. The goal of this policy language is to enable the enforcement of tighter access control policies in CDSs, overcoming the resource constraints.…”

“…It enables to deal optimally with the elasticity defined in the policy language, avoiding unused but expected fields of expressive policies, greatly reducing the length. In the CDS side, the de-codification and enforcement are based on the same principle of beforehand construct sequence knowledge as well as the shared semantics for the injected bit masks and array lengths as detailed in [5]. With respect to covered policy formats, this authorisation policy binary representation (APBR) can easily be applied to any original policy instance format (XACML, JSON etc.…”

“…To efficiently convey the aforementioned access control policies to the CDSs, Hidra messaging protocol is defined in [5], and briefly described hereinafter. Hidra, depicted in Fig.…”

“…Additionally, Table 5 shows the message lengths of the Hidra protocol computed with the four policy instances enclosed in the HID_CM_IND message, as well as the lengths of the fields that are subject to cryptographic operations, encryption as well as MAC computation in the CDS. Message composition and lengths per field are detailed in [5].…”

“…Such parameters have been considered to compute both the average delay and the energy consumption conveyed in Fig. 5 in the establishment of a security association, according to (4) and (9) computed on messages [1][2][3][4][5][6][7][8][9] detailed in Table 5.…”

Impact assessment of policy expressiveness of an optimised access control model for smart sensors

“…In this section, the expressive policy language detailed in [5] is summarised. The goal of this policy language is to enable the enforcement of tighter access control policies in CDSs, overcoming the resource constraints.…”

“…It enables to deal optimally with the elasticity defined in the policy language, avoiding unused but expected fields of expressive policies, greatly reducing the length. In the CDS side, the de-codification and enforcement are based on the same principle of beforehand construct sequence knowledge as well as the shared semantics for the injected bit masks and array lengths as detailed in [5]. With respect to covered policy formats, this authorisation policy binary representation (APBR) can easily be applied to any original policy instance format (XACML, JSON etc.…”

“…To efficiently convey the aforementioned access control policies to the CDSs, Hidra messaging protocol is defined in [5], and briefly described hereinafter. Hidra, depicted in Fig.…”

“…Additionally, Table 5 shows the message lengths of the Hidra protocol computed with the four policy instances enclosed in the HID_CM_IND message, as well as the lengths of the fields that are subject to cryptographic operations, encryption as well as MAC computation in the CDS. Message composition and lengths per field are detailed in [5].…”

“…Such parameters have been considered to compute both the average delay and the energy consumption conveyed in Fig. 5 in the establishment of a security association, according to (4) and (9) computed on messages [1][2][3][4][5][6][7][8][9] detailed in Table 5.…”

Impact assessment of policy expressiveness of an optimised access control model for smart sensors

Survey on Access Control Models Feasible in Cyber-Physical Systems

Towards Multi-party Policy-based Access Control in Federations of Cloud and Edge Microservices