Cape: Continuous Access Policy Enforcement For Iot Deployments

Advancements and convergence in IoT enabling technologies along with ubiquitous connectivity have led to the generation of new wave of smart services and applications based on real-time data access. The popularity of ubiquitous data access and accelerated adoption of these services pose significant challenges on user and data privacy. Thus, controlling access to such services in highly dynamic environments with continuously changing context becomes even more challenging. The wide adoption of IoT in our everyday life in many vital domains such as healthcare and military operations requires continuous and tight access control to prevent unauthorized and unintended access. A delay in making access decisions when context changes may result in consequences that cause harm and property damage. Therefore, continuity in access policy enforcement becomes a necessity in highly dynamic IoT environments for the entire access session not only at the time of request. This paper presents CAPE, a continuous access policy enforcement framework for IoT deployments. CAPE describes access control elements using predicates, and stores them as primitive facts in a K Dimensional tree data structure. Our algorithms automatically match access requests with primitive facts, generate access policies, make context-aware access decisions at run time and continuously monitor access control parameters based on which access decisions were made. Performance evaluation of CAPE demonstrates that this framework efficiently controls access in highly dynamic IoT environments.