Date of Award

Spring 3-2021

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Operations (PhDCO)

Department

Computer Science

First Advisor

Yong Wang

Second Advisor

Shengjie Xu

Third Advisor

Cherie Noteboom

Abstract

Identity and Access Management (IAM) is in the core of any information systems. Traditional IAM systems manage users, applications, and devices within organizational boundaries, and utilize static intelligence for authentication and access control. Identity federation has helped a lot to deal with boundary limitation, but still limited to static intelligence – users, applications and devices must be under known boundaries. However, today’s IAM requirements are much more complex. Boundaries between enterprise and consumer space, on premises and cloud, personal devices and organization owned devices, and home, work and public places are fading away. These challenges get more complicated for Internet of Things (IoTs) due to their diverse use and portability nature. IoTs are being used in consumer space, healthcare, manufacturing, retails, entertainment, transportation, public sector, and many other places. Identity Relationship Management (IRM) can help in solving some of these challenges as it uses a more natural way of access management - a relationship-based access control methodology. IRM can perform identity and relationship management beyond home and organizational boundaries and can simplify authorization and authentication using dynamic intelligence based on relationship.

In this research, we studied the needs of IRM for the Internet of Things. We explored four fundamental questions in IRM: what relationships need to be supported in IRM, how relationships can be supported in IRM, how relationship can be used for access control, and finally what infrastructure is required to support IRM. Since relationship is globally spread out and perimeter-less in nature, we designed the IRM service with a global scalable, modular, and borderless architecture. Instead of building something from scratch, we slightly modified the UMA 2.0 protocol built on top of OAuth 2.0 to make the relationship-based access control feature easily pluggable with existing IAM frameworks. We implemented a proof-of-concept to demonstrate and analyze the results of this research. This dissertation serves as the foundation for future research and development in IRM domain.

Share

COinS