An Overview of Risk Estimation Techniques in Risk-based Access Control for the Internet of Things
Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security
The Internet of Things (IoT) represents a modern approach where boundaries between real and digital domains are progressively eliminated by changing over consistently every physical device to smart object ready to provide valuable services. These services provide a vital role in different life domains but at the same time create new challenges particularly in security and privacy. Authentication and access control models are considered as the essential elements to address these security and
... acy challenges. Risk-based access control model is one of the dynamic access control models that provides more flexibility in accessing system resources. This model performs a risk analysis to estimate the security risk associated with each access request and uses the estimated risk to make the access decision. One of the essential elements in this model is the risk estimation process. Estimating risk is a complex operation that requires the consideration of a variety of factors in the access control environment. Moreover, the interpretation and estimation of the risk might vary depending on the working domain. This paper presents a review of different risk estimation techniques. Existing risk-based access control models are discussed and compared in terms of the risk estimation technique, risk factors, and the evaluation domain. Requirements for choosing the appropriate risk estimation technique for the IoT system are also demonstrated.