Implementation of a partial order data security model for the Internet of things (IoT) using Software defined networking (SDN)

In previous work, the authors have shown that a generally applicable method for data secrecy (or confidentiality), integrity and conflicts can be built by generalizing to partial orders the well-known lattice security model and by associating simple set labels to network entities. They have have also shown how, in principle, this method can be used for data security in the Internet of things (IoT) context. We show in this paper how our method can be implemented by using the architecture of Software defined networking (SDN). Essentially, the labels of the entities can be used to compose SDN forwarding tables, thus ensuring that each entity can receive only data that is authorized to receive according to security constraints. We use a centralized IoT architecture with a cloud structure using SDN as networking infrastructure, where storage entities (i.e. cloud servers) are associated with application entities. We introduce also methods for network transformations, to allow for adding or removing entities, or for changing their levels of secrecy and integrity. Finally, we show how our architecture can be used in the normal case where several data flows must be allowed in a network. A small ‘hospital’ example is developed. Considerations of scalability and access control (with ABAC, Attribute-based access control) complete the paper.