Poster: IoT SENTINEL - An ABAC approach against cyber-warfare in organizations

Abstract

Recently, Internet of Things (IoT) devices and applications are becoming increasingly popular among users in various IoT domains, such as Wearable IoT, Smart Cities, Smart Home, and Smart Industry. With a range of IoT devices, cyber attack surface has hugely expanded from traditional user workstations to small autonomous devices connected to the Internet. In today's connected world, every user owns multiple connected smart devices which seamlessly connect to their organization's network. Therefore, secure and fine-grained access control policies need to be implemented at the organizational level to defend against such attacks. In this paper, we propose an Attribute-Based Access Control (ABAC) approach to defend against cyber attacks in the context of an organization environment which are launched through compromised IoT devices owned by various legitimate users. For example, a wearable IoT device of an employee of an organization which can connect to the organization's network and compromise the whole network and lack of secure access control mechanism will enable IoT Warfare in the future. Therefore, secure and fine-grained ABAC access control mechanisms and policies need to be employed for access control and authorization requirements of IoT devices.