Enhancing Iot Security Through Attribute-Based Access Control: A Review And Future Directions
Keywords:
Attribute-Based Access Control (ABAC), Internet of Things (IoT), Fine-grained access control, Data security, Policy-driven access, Context-aware authorization, Blockchain, Privacy-preserving mechanisms, IoT security challengesAbstract
The Internet of Things (IoT) has significantly transformed how devices and systems interact, enabling data-driven insights and smarter services across industries. However, this connectivity introduces complex security challenges, particularly in managing dynamic and fine-grained access to sensitive data. Attribute-Based Access Control (ABAC) emerges as a flexible and scalable solution to these challenges, offering policy-driven access control based on diverse attributes rather than rigid identities or roles. This paper provides a comprehensive review of ABAC in the context of IoT ecosystems, discussing its core principles, advantages, and limitations. We examine recent research efforts aimed at lightweight ABAC schemes, blockchain integration, context-aware access decisions, and privacy-preserving mechanisms. Furthermore, the paper outlines future directions to address policy complexity, resource constraints, and cross-domain interoperability. By addressing these issues, ABAC can play a pivotal role in securing IoT data sharing while ensuring scalability, privacy, and trustworthiness.
Downloads
References
V. C. Hu, D. F. Ferraiolo, and D. R. Kuhn, "Assessment of Access Control Systems," NIST Interagency Report 7316, National Institute of Standards and Technology, 2013.
M. N. Ibrahim, M. H. Al-Khouri, and H. S. Hassanein, "Attribute-based access control in the internet of things: A survey," IEEE Internet of Things Journal, vol. 7, no. 10, pp. 10104–10121, Oct. 2020.
P. R. J. L. Ferreira, A. E. C. da Rocha, and R. de L. Barbosa, "A Lightweight Attribute-Based Access Control Model for IoT Devices," Sensors, vol. 19, no. 22, pp. 4895, Nov. 2019.
Y. Wang, K. Liang, J. Wu, and R. H. Deng, "Privacy-Preserving Attribute-Based Access Control for IoT Applications," IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 2, pp. 733–746, Mar.–Apr. 2021.
M. Z. A. Bhuiyan, S. H. Ahmed, and M. F. Zolkipli, "Blockchain-Based Access Control for Secure IoT Ecosystems," IEEE Access, vol. 8, pp. 137055–137069, 2020.
OASIS, "eXtensible Access Control Markup Language (XACML) Version 3.0," OASIS Standard, Jan. 2013. [Online]. Available: https://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
R. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, "Role-Based Access Control Models," IEEE Computer, vol. 29, no. 2, pp. 38–47, Feb. 1996.
Abomhara and G. M. Køien, "Security and Privacy in the Internet of Things: Current Status and Open Issues," International Journal of Information Security, vol. 14, no. 5, pp. 283–294, Oct. 2015.
K. R. Jackson, P. S. Saini, and A. Y. Zomaya, "Context-Aware Attribute-Based Access Control for Internet of Things," ACM Computing Surveys, vol. 52, no. 3, pp. 1–37, June 2019.
S. J. R. Al-Muhtadi, S. Raza, and M. F. Zolkipli, "Policy Management for IoT Security: A Survey," Journal of Network and Computer Applications, vol. 128, pp. 19–39, Nov. 2019.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
Terms:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
