Towards Activity-Centric Access Control for Smart Collaborative Ecosystems

Abstract: The ubiquitous presence of smart devices along with advancements in connectivity coupled with the elastic capabilities of cloud and edge systems have nurtured and revolutionized smart ecosystems. Intelligent, integrated cyber-physical systems offer increased productivity, safety, efficiency, speed and support for data driven applications beyond imagination just a decade ago. Since several connected devices work together as a coordinated unit to ensure efficiency and automation, the individual operations they p… Show more

“…• We discuss convergence of ACAC and Zero Trust tenets. This research builds upon previous work by Gupta and Sandhu [17], which focused on the activity control framework by identifying different activities and their relationships. This work is fundamentally different where we make explicit distinctions from previous models which is critical to motivating this work, as well as discuss model components and an eventual family of ACAC models.…”

“…In these examples for smart IoT-based systems, the initiation or denial of activities is dependent on other activities and conditions. The recently proposed activity-centric approach for smart ecosystem by Gupta and Sandhu [17] motivated the idea of developing ACAC, discussed activity primitives, characterized activity relations, and defined a preliminary activity control expression notation. In this paper, we extend this proposed approach by elaborating the distinction of ACAC from other related models such as TBAC [36], UCON [31], ACON [27] and ABAC [22] that gives the readers a clear justification for why we need ACAC active security model for collaborative systems.…”

“…Classical Access Control Models and Beyond. Several research works [1,10,11,14,17,22,30,32] focused on decision requirements, access control modeling, and policy language generation for enterprise or distributed systems including cloud, IoT and CPS. Traditional access control models, such as Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Rolebased Access Control (RBAC) [10,11,30,32] are primarily designed and widely used in enterprise applications with a defined set of resources and are difficult to adapt (and scale) for dynamic IoT-based distributed and multi-domain administered environments.…”

“…As suggested, a device cannot perform any control activity as it does not have a systemindependent mind and just provides services. The ACAC [17] first addresses the need for activity control for smart and collaborative systems where activities on single and multiple devices may restrict the initiation of a new activity or may work as triggering events for the continuity or revocation of permissions for other activities. Activities may run on same or different devices.…”

“…Due to multiple running activities on different objects, it is critical to secure collaborative systems considering run-time decisions impacted due to related activities (and other parameters) supporting active enforcement of access control decision. Recently, Gupta and Sandhu [17] proposed Activity-Centric Access Control (ACAC) and discussed the notion of activity as a prime abstraction for access control in collaborative systems. The model provides an active security approach that considers activity decision factors such as authorizations, obligations, conditions, and dependencies among related device activities.…”

BlueSky: Activity Control: A Vision for "Active" Security Models for Smart Collaborative Systems

“…• We discuss convergence of ACAC and Zero Trust tenets. This research builds upon previous work by Gupta and Sandhu [17], which focused on the activity control framework by identifying different activities and their relationships. This work is fundamentally different where we make explicit distinctions from previous models which is critical to motivating this work, as well as discuss model components and an eventual family of ACAC models.…”

“…In these examples for smart IoT-based systems, the initiation or denial of activities is dependent on other activities and conditions. The recently proposed activity-centric approach for smart ecosystem by Gupta and Sandhu [17] motivated the idea of developing ACAC, discussed activity primitives, characterized activity relations, and defined a preliminary activity control expression notation. In this paper, we extend this proposed approach by elaborating the distinction of ACAC from other related models such as TBAC [36], UCON [31], ACON [27] and ABAC [22] that gives the readers a clear justification for why we need ACAC active security model for collaborative systems.…”

“…Classical Access Control Models and Beyond. Several research works [1,10,11,14,17,22,30,32] focused on decision requirements, access control modeling, and policy language generation for enterprise or distributed systems including cloud, IoT and CPS. Traditional access control models, such as Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Rolebased Access Control (RBAC) [10,11,30,32] are primarily designed and widely used in enterprise applications with a defined set of resources and are difficult to adapt (and scale) for dynamic IoT-based distributed and multi-domain administered environments.…”

“…As suggested, a device cannot perform any control activity as it does not have a systemindependent mind and just provides services. The ACAC [17] first addresses the need for activity control for smart and collaborative systems where activities on single and multiple devices may restrict the initiation of a new activity or may work as triggering events for the continuity or revocation of permissions for other activities. Activities may run on same or different devices.…”

“…Due to multiple running activities on different objects, it is critical to secure collaborative systems considering run-time decisions impacted due to related activities (and other parameters) supporting active enforcement of access control decision. Recently, Gupta and Sandhu [17] proposed Activity-Centric Access Control (ACAC) and discussed the notion of activity as a prime abstraction for access control in collaborative systems. The model provides an active security approach that considers activity decision factors such as authorizations, obligations, conditions, and dependencies among related device activities.…”

BlueSky: Activity Control: A Vision for "Active" Security Models for Smart Collaborative Systems

Introduction: Requirements for Access Control in IoT and CPS

Access Control Oriented Architectures Supporting IoT and CPS