Confidentiality and privacy of data managed by IoT ecosystems is becoming a primary concern. This paper targets the design of a general access control enforcement mechanism for MQTT-based IoT ecosystems. The proposed approach is presented with ABAC, but other access control models can be similarly supported. The solution is based on an enforcement monitor that has been designed to operate as a proxy between MQTT clients and an MQTT server. The monitor enforces access control constraints by intercepting and possibly manipulating the flow of exchanged MQTT control packets. Early experimental evaluations have overall shown low enforcement overhead.
Access Control Enforcement within MQTT-based Internet of Things Ecosystems
Colombo, Pietro
;Ferrari, Elena
2018-01-01
Abstract
Confidentiality and privacy of data managed by IoT ecosystems is becoming a primary concern. This paper targets the design of a general access control enforcement mechanism for MQTT-based IoT ecosystems. The proposed approach is presented with ABAC, but other access control models can be similarly supported. The solution is based on an enforcement monitor that has been designed to operate as a proxy between MQTT clients and an MQTT server. The monitor enforces access control constraints by intercepting and possibly manipulating the flow of exchanged MQTT control packets. Early experimental evaluations have overall shown low enforcement overhead.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.