Research On Attribute-based Delegation Access Control Model And Its Application In Smart Home

The rapid development of the Internet and its integration with the home network have driven the development of smart home,making it a hot topic of current research.Smart home allows people to not only monitor security devices in real time,but also manipulate them through mobile terminals.In addition,as more and more devices access the smart home system,they will generate a large amout of data which can be shared and mined for better service.At the same time,in the smart home system,users can delegate some of their own permissions autonomously to others to supervise security,to work together,or to share information.However,while people enjoy the above conveniences,they also face many security issues: the intruder may manipulate devices to operate abnormally;a large amout of device information may be illegally accessed to cause leakage of user privacy;users may also collude with each other to obtain permissions.Therefore,there is an urgent need for a security mechanism to enable smart home to solve the security problems while providing the above services.Access control technology as a common means of solving network security problems can meet the above requirement.By studying the existing access control models and their applications in smart home,this thesis finds that ABAC is most suitable for use in smart home system,not only because the authorization of ABAC is based on attribute so it can support anonymous access,but also because of its flexibility.Therefore,this thesis studies the policy of delegation authorization based on the ABAC model,and then proposes an attribute based delegation access control model named ABDAC.This thesis has achieved certain research results through continuous research,including the following points: Firstly,the ABDAC model is proposed for the ABAC model that does not support delegation authorization.This thesis focuses on the delegation authorization and the revocation of the delegation,the formal definition of delegation expressions and the policy rules are defined in detail.Besides,the automatic revocation by system with unsatisfied time limit constraints can be applied to the policy of ABAC which can improve its execution efficiency.In addition,the access control policy about the whole model is analyzed and determined,and this thesis specifies that the priority of users’ delegation permission is greater than the priority of users’ own authority.This thesis definites each module of the proposed model in detail and analyzes the overall framework and workflow of the model.Secondly,this thesis analyzes the application of ABDAC model in smart home,and the attribute analysis is carried out for each entity in the system.After the research of relevant literature and investigation,the resources in the system are divided into device and device information,furthermore the device information is divided into four levels for fine-grained authorization.In addition,this thesis introduces a credibility dynamic adjustment mechanism,which can calculate the credibility of user in real time and feed back to the ABDAC model in order to let it make access control decision better to secure system security further.Thirdly,this thesis constructs a simple smart home access control system,and designs three experiments to simulate the three modules in ABDAC model.And then shows the consistency of the results in two ways,including theoretical analysis and system testing,which can prove the feasibillity and flexibility of the proposed model.By analyzing the need for access control in smart home,this thesis studies the attribute based delegation policy based on ABAC model,and then propsoes the ABDAC model.The model not only meets the requirements of access control in smart home,but also enables users to delegate permissions to others autonomously under the permise of system security monitoring,while the whole process has simple operability.In addition,the ABDAC model is an effective complement to the reserch of the delegation on ABAC.This thesis definites each module of the proposed model in detail and proves the advantages of this model by using engineering experiment,which has a certain inspiration for the future research.