Article Preview
TopIntroduction
In order to make information systems secure in presence of malicious accesses, various types of access control models (Denning, 1982) and cryptography (Ogiela, 2015; Ogiela & Ogiela, 2016) are proposed. Cryptography is used to prevent every information, i.e. objects, from being forged, stolen, or disclosed by a subject like user and application which are granted no permission, i.e. no access right. In the access control models, only an authorized subject is allowed to manipulate an object in an authorized operation. However, even if a subject is not allowed to get data in an object oi, the subject can get the data by accessing another object oj (Denning, 1982). Here, illegal information flow occurs from the object oi via the object oj to the subject. Illegal information flow among subjects and objects has to be prevented in the access control models. The LBAC (Lattice-Based Access Control) model (Sandhu, 1993) is proposed to prevent illegal information flow among subjects and objects. Here, each entity is assigned a security class. Illegal information flow is defined based on the relations among classes and every operation implying the illegal information flow is prohibited. In our previous studies, various types of protocols to prevent illegal information flow are proposed. In papers (Nakamura et al., 2015a; Nakamura et al., 2015b, Nakamura et al., 2016), types of protocols to prevent illegal information flow occurring in distributed database systems are proposed based on the RBAC (Role-Based Access Control) model (Sandhu et al., 1996). In papers (Nakamura et al., 2019a; Nakamura et al., 2019c), protocols to prevent illegal information flow occurring in P2PPSO (Peer-to-Peer Publish/Subscribe with Object concept) systems (Nakamura et al., 2019c) are proposed based on the TBAC (Topic-Based Access Control) model (Nakamura et al., 2018).
The IoT (Internet of Things) (Hanes et al., 2018; Oma et al., 2018; Soo et al., 2017) is composed of various types and millions of nodes including not only computers but also devices like sensors and actuators. Here, it is difficult to adopt traditional access control models such as the RBAC (Sandhu et al., 1996) and ABAC (Attribute-Based Access Control) (Yuan & Tong, 2005) models for the IoT due to the scalability of the IoT. Since the access list is also scalable, it is difficult to access and manipulate the access lists. Hence, the CapBAC (Capability-Based Access Control) model is proposed (Gusmeroli et al., 2013). Here, an owner of each device issues a capability token to a subject sb like user and application. The capability token is defined to be a set of access rights. An access right is a pair ⟨d, op⟩ of a device d and an operation op on the device d. The subject sb is allowed to manipulate the device d in an operation op only if the capability token including an access right ⟨d, op⟩ is issued to the subject sb.