Cache de Atributos Oportunista: Melhorando a eficiência do ABAC com o uso de uma política de distribuição de identidades em redes multinível para névoas computacionais

Airton Ribeiro de Moura Gomes Filho; Edelberto Franco Silva; Alex Borges Vieira

doi:10.5753/sbrc_estendido.2022.222328

Airton Ribeiro de Moura Gomes Filho UFJF
Edelberto Franco Silva UFJF
Alex Borges Vieira UFJF

DOI: https://doi.org/10.5753/sbrc_estendido.2022.222328

Abstract

Attribute-based Access Control (ABAC) is one of the most popular access control methods. Despite its popularity, a few works address attribute management in the Internet of Things (IoT). Most of the attributes needed for an IoT policy evaluation come from an external source. Therefore, managing attributes across the network requires communication between the policy decision point and the policy information point for each attribute, impacting ABAC performance. Attribute caches can mitigate this problem. This work presents a method that predicts attribute requests and anticipates the attribute placement closer to the requester. Based on simulations with a real dataset, the proposed method reduces above 80% the number of requests in the cloud using attributes’ caches and delivers up to 55% of the attributes in the first hop.

References

Castro, T. O., Caitité, V. G., Macedo, D. F., and dos Santos, A. L. (2019). Casa-iot: Scalable and context-aware iot access control supporting multiple users. International Journal of Network Management, 29(5):e2084.

Cremonezi, B., Nogueira, M., dos Santos, A. L., Vieira, A. B., and Nacif, J. A. M. (2019). Um sistema multinível de distribuição de identidades em névoas computacionais. In Anais do XXXVII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 543–555. SBC.

Gómez-Cárdenas, A., Masip-Bruin, X., Marin-Tordera, E., Kahvazadeh, S., and Garcia, J. (2018). A resource identity management strategy for combined fog-to-cloud systems. In 2018 IEEE 19th International Symposium on”A World of Wireless, Mobile and Multimedia Networks”(WoWMoM), pages 01–06. IEEE.

Hu, V., Ferraiolo, D. F., Kuhn, D. R., Kacker, R. N., and Lei, Y. (2015). Implementing and managing policy rules in attribute based access control. In 2015 IEEE International Conference on Information Reuse and Integration, pages 518–525. IEEE.

Hu, V. C., Ferraiolo, D., Kuhn, R., Friedman, A. R., Lang, A. J., Cogdell, M. M., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K., et al. (2013). Guide to attribute based access control (abac) definition and considerations (draft). Special Publication.

Liu, B., Yang, Y., and Zhou, Z. (2018). Research on hybrid access control strategy for smart campus platform. In 2018 IEEE 3rd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC), pages 342–346. IEEE.

Ranjith, D. and Srinivasan, J. (2013). Identity security using authentication and authorization in cloud computing. International Journal of Computer & Organization Trends, 3(4):122–129.

Siebach, J. and Giboney, J. (2021). The abacus: A new architecture for policy-based authorization. In Proceedings of the 54th Hawaii International Conference on System Sciences, page 7055.

Silva, E. F., Muchaluat-Saade, D. C., and Fernandes, N. C. (2018). Across: A generic framework for attribute-based access control with distributed policies for virtual organizations. Future Generation Computer Systems, 78:1–17.

Trnka, M., Cerny, T., and Stickney, N. (2018). Survey of authentication and authorization for the internet of things. Security and Communication Networks, 2018.