Security analysis and proposal of new access control model in the Internet of Thing

The Internet of Things (IoT) represents a concept where the barriers between the real world and the cyber-world are progressively annihilated through the inclusion of everyday physical objects combined with an ability to provide smart services. These services are creating more opportunities but at the same time bringing new challenges in particular security and privacy concerns. To address this issue, an access control management system must be implemented. This work introduces a new access control framework for IoT environment, precisely the Web of Things (WoT) approach, called “SmartOrBAC” Based on the OrBAC model. SmartOrBAC puts the context aware concern in a first position and deals with the constrained resources environment complexity. To achieve these goals, a list of detailed IoT security requirements and needs is drawn up in order to establish the guidelines of the “SmartOrBAC”. Then, The OrBAC model is analyzed and extended, regarding these requirements, to specify local as well as collaboration access control rules; on the other hand, these security policies are enforced by applying web services mechanisms mainly the RESTFUL approach. Finaly the most important works that emphasize access control in IoT environment are discussed.