BlueSky: Activity Control: A Vision for "Active" Security Models for Smart Collaborative Systems

TL;DR

This paper advances activity-centric access control (ACAC) models for smart collaborative systems, emphasizing active, real-time security decisions that adapt to ongoing device activities within interconnected cyber-physical ecosystems.

Contribution

It introduces core components of ACAC, compares it with existing models, and proposes a hierarchical structure that incorporates activity notions and aligns with Zero Trust principles.

Findings

ACAC supports active, real-time access control decisions.

Hierarchical ACAC models incorporate activity states and properties.

ACAC aligns with Zero Trust for enhanced security in smart ecosystems.

Abstract

Cyber physical ecosystem connects different intelligent devices over heterogeneous networks. Various operations are performed on smart objects to ensure efficiency and to support automation in smart environments. An Activity (defined by Gupta and Sandhu) reflects the current state of an object, which changes in response to requested operations. Due to multiple running activities on different objects, it is critical to secure collaborative systems considering run-time decisions impacted due to related activities (and other parameters) supporting active enforcement of access control decision. Recently, Gupta and Sandhu proposed Activity-Centric Access Control (ACAC) and discussed the notion of activity as a prime abstraction for access control in collaborative systems. The model provides an active security approach that considers activity decision factors such as authorizations, obligations, conditions, and dependencies among related device activities. This paper takes a step forward and presents the core components of an ACAC model and compares with other security models differentiating novel properties of ACAC. We highlight how existing models do not (or in limited scope) support `active' decision and enforcement of authorization in collaborative systems. We propose a hierarchical structure for a family of ACAC models by gradually adding the properties related to notion of activity and discuss states of an activity. We highlight the convergence of ACAC with Zero Trust tenets to reflect how ACAC supports necessary security posture of distributed and connected smart ecosystems. This paper aims to gain a better understanding of ACAC in collaborative systems supporting novel abstractions, properties and requirements.