Attribute-Role-Based Hybrid Access Conrrol In The Intrtnet Of Things

As an advanced information technology, the Internet of things (IOT) has become an indispensable part of human lives. Therefore, the development of IOT has great significance on promoting the de velopment of economics and technology in the contemporary societ y.IOT has been widely applied in many fields, such as transport ation, public services, health care, social activities and so on. Howe ver, with the rapid development of IOT, more and more security iss ues appears, such as the disclosure of taxis’information in taxi syst ems and the disclosure of location privacy in Wechat. The access c ontrol models which are widely used in the Internet cannot be used in IOT due to the characteristics of the real time and dynamic. T herefore a fine-grained access control model needs to be researched to assign permissions automatically.Therefore, a new access control model--attribute-based and ro le-based hybrid access control (ARBHAC) is proposed in this paper. Adding the property of attribute on the basis of RBAC can get th e features of role-based access control (RBAC) and the function to automatically assign permissions of attribute-based access control (A BAC). the model successfully synthesize the advantages of both AB AC and RBAC, which solves the problem that RBAC cannot satisf y large-scale dynamic users, and simplifies the complexity of permi ssion allocation and policy management in traditional ABAC. This access control model is not just for IOT, but also applies for all ne tworks if there is such problem.This paper sets that attribute expressions and roles are one-to-o ne or many-to-one relationships in this model. So even if multiple properties of the user in line with a number of strategies, he can o nly get a role in the final. Now a dynamic role conflict detection becomes static testing. It can greatly reduce the complexity of strat egies, enhance the readability of the strategy, as well as facilitate f uture modifications to the roles and permissions and optimize our model.In addition, we also define the possibility of four kinds of the p olicy optimization and conflict problems:exception conflict, policy r edundancy, policy hidden and association conflict, and use the math ematical method to prove any optimization (only for redundancy) and conflict of policy must conform to one of these four categories abo ve. Then we give the corresponding solutions. In order to illustrat e more clearly and comprehensively, the fourth chapter gives a detaile d example to illustrate the causes and results of conflict, and how to use the method proposed in the paper to solve the problems.The paper also analyze the performance of this model from m odifying permissions, adding permissions, and deleting permissions. We conclude that it is more flexible and convenient in managing p ermissions and faster in executing permissions of modifying, adding and deleting permission. In the worst case, the performance of this model is the same as ABAC.In summary, the attribute-role-based hybrid access control (ARB HAC) mode proposed in this paper not only solves the problem of1arge-scale dynamic users in the Internet of things, but also has a go od performance.