Abstract
The modern security paradigms emphasizing dynamic trust assessment and resilient access controls form the fundamental principles of Zero Trust Architecture. Within this architecture, the relationship between stakeholders is always untrusted and requires continuous assessment. This principle gains special attention in contemporary systems and applications, like Internet of Things (IoT) or cyber-physical systems, that are omnipresent and embedded in every aspect of our lives, which also, at the same time, are highly dynamic and uncertain. In response, users’ trust in the embedded devices fluctuates over time, necessitating dynamic adaptive mechanisms. Traditional access control models lack continuous monitoring, increasing interest in usage access control models that evaluate access in response to evolving attributes. This paper presents an innovative integration of a lifecycle-oriented Usage Control with a Trust Level Evaluation Engine (TLEE) within a Zero-Trust application. Continuously monitoring trust levels as a dynamic attribute is at the core of our strategy. Relying solely on this monitoring process, we facilitate a transition that enables access management, encompassing the possibilities of granting, withholding, or revoking access based on real-time trust evaluations. The proposed architecture implements a distinct separation between TLEE and the authorization engine, resulting in an adaptable and policy-independent framework. Through this integration, we aim to enhance the effectiveness of authorization mechanisms in evolving IoT landscapes like Smart Homes. Lastly, our approach presents a workflow featuring an example of a subjective logic-based TLEE.
This work was originally accepted for publication at IFIPTM 2020, which did not take place. Adaptations and novel additions have been made to the original contents based on later insights gained in 2020-2023. Some parts of the original contents were subsequently published at TrustCom 2020 [3].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Almutairi, A., Siewe, F.: Ca-ucon: a context-aware usage control model. In: Proceedings of the 5th ACM International Workshop on Context-Awareness for Self-Managing Systems, pp. 38–43 (2011)
Chung, Ferraiolo, D., Kuhn, D., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations (2019-02-25 2019). https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927500
Dimitrakos, T., et al.: Trust aware continuous authorization for zero trust in consumer internet of things. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1801–1812 (2020). https://doi.org/10.1109/TrustCom50675.2020.00247
Dimitrakos, T.: System models, e-risks and e-trust - towards bridging the gap? In: (I3E 2001), Zürich, Switzerland. vol. 202, pp. 45–58. Kluwer (2001)
Hariri, A., Bandopadhyay, S., Rizos, A., Dimitrakos, T., Crispo, B., Rajarajan, M.: SIUV: a smart car identity management and usage control system based on verifiable credentials. In: Jøsang, A., Futcher, L., Hagen, J. (eds.) ICT Systems Security and Privacy Protection: 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021, Proceedings, pp. 36–50. Springer International Publishing, Cham (2021). https://doi.org/10.1007/978-3-030-78120-0_3
Hariri, A., et al.: UCON+: comprehensive model, architecture and implementation for usage control and continuous authorization. In: Dimitrakos, T., Lopez, J., Martinelli, F. (eds.) Collaborative Approaches for Cyber Security in Cyber-Physical Systems, pp. 209–226. Springer International Publishing, Cham (2023). https://doi.org/10.1007/978-3-031-16088-2_10
Hariri, A., Ibrahim, A., Dimitrakos, T., Crispo, B.: Wip: Metamodel for continuous authorisation and usage control. In: Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies, pp. 43–48 (2022)
He, Y., Huang, D., Chen, L., Ni, Y., Ma, X.: A survey on zero trust architecture: challenges and future trends. Wireless Commun. Mobile Comput. 2022 (2022)
Jøsang, A.: Subjective Logic. Springer International Publishing, Cham (2016)
Jøsang, A.: Subjective Logic. Springer International Publishing, Cham (2016)
Krautsevich, L., Lazouski, A., Martinelli, F., Mori, P., Yautsiukhin, A.: Usage control, risk and trust. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) Trust, Privacy and Security in Digital Business, pp. 1–12. Springer Berlin Heidelberg, Berlin, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15152-1_1
Lazouski, A., Martinelli, F., Mori, P.: A prototype for enforcing usage control policies based on XACML. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 79–92. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32287-7_7
Lund, M.S., Solhaug, B., Stølen, K.: Evolution in relation to risk and trust management. IEEE Comput. 43(5), 49–55 (2010)
Müller, J., Gabb, M., Buchholz, M.: A subjective-logic-based reliability estimation mechanism for cooperative information with application to iv’s safety. In: 2019 IEEE Intelligent Vehicles Symposium (IV), pp. 1940–1946. IEEE (2019)
OASIS: Abbreviated language for authorization Version 1.0 (2015). https://bit.ly/2UP6Jza
OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0 Plus Errata 01 (2017). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-en.html
Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inform. Syst. Secur. 7(1), 128–174 (2004)
Petrovska, A., Neuss, M., Gerostathopoulos, I., Pretschner, A.: Run-time reasoning from uncertain observations with subjective logic in multi-agent self-adaptive cyber-physical systems. In: 2021 International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), pp. 130–141. IEEE (2021)
Sandhu, R.S.: Lattice-based access control models. Computer 26(11), 9–19 (1993)
Sandhu, R.S., et al.: Role-based access control models. Computer 29(2) (1996)
Scott Rose, Oliver Borchert, S.M., Connelly, S.: Zero Trust Architecture (5 2020). https://csrc.nist.gov/publications/detail/sp/800-207/final
Vishi, K., Jøsang, A.: A new approach for multi-biometric fusion based on subjective logic. In: IML 2017, Liverpool, United Kingdom. ACM (2017)
Wasnik, P., Raghavendra, R., Raja, K., Busch, C.: Subjective logic based score level fusion: Combining faces and fingerprints. In: 2018 21st International Conference on Information Fusion (FUSION), pp. 515–520. IEEE (2018)
Xie, P., et al.: Adaptive access control model of vehicular network big data based on XACML and security risk. I. J. Netw. Secur. 22(2), 347–357 (2020)
Acknowledgements
This research is partially funded by the HORIZON CONNECT project under EU grant agreement no. 101069688. We also thank our colleagues Gabriele Gelardi and Ismael Ouattara, and Hüseyin Demirci, Emre Koçyiğit and Gabriele Lenzini from SnT/University of Luxembourg for their support in the TLEE development and experiments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Joumaa, H., Petrovska, A., Hariri, A., Dimitrakos, T., Crispo, B. (2024). Continuous Authorization Architecture for Dynamic Trust Evaluation. In: Muller, T., Fernandez-Gago, C., Ceolin, D., Gudes, E., Gal-Oz, N. (eds) Trust Management XIV. IFIPTM 2023. IFIP Advances in Information and Communication Technology, vol 694. Springer, Cham. https://doi.org/10.1007/978-3-031-76714-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-031-76714-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-76713-5
Online ISBN: 978-3-031-76714-2
eBook Packages: Computer ScienceComputer Science (R0)