Activity Control: A Vision for "Active" Security Models for Smart Collaborative Systems
Abstract
Cyber physical ecosystem connects different intelligent devices over heterogeneous networks. Various operations are performed to support automation in smart environments. An Activity reflects the current state of an object, which changes in response to requested operations. Due to multiple running activities on different objects, it is critical to secure collaborative systems considering run-time decisions impacted due to related activities (and other parameters) supporting active enforcement of access control decisions. The activity-centric access control (ACAC) model (recently proposed) provides an active security approach that considers activity decision factors such as authorizations, obligations, conditions, and dependencies among related device activities. This paper takes a step forward and presents the core components of an ACAC model and compares with other security models differentiating novel properties of ACAC. We highlight how existing models do not (or in limited scope) support ‘active' decision in collaborative systems. We propose a hierarchy of a family of ACAC models by gradually adding the properties related to activity and discuss states of an activity. We highlight the convergence of ACAC with Zero Trust tenets to reflect how ACAC supports the necessary security posture of distributed and connected smart ecosystems. This paper aims to gain a better understanding of ACAC in collaborative systems supporting novel abstractions, properties and requirements.