Role-Based Access Control for Enhanced Device Security and Privacy: An Applied Framework Building on Granular IoT Access Models

Authors

  • Takudzwa Fadziso, Jun Dai

Keywords:

Role-Based Access Control, IoT Security, Privacy, Granular Access Control, Smart Healthcare, Attribute Integration

Abstract

The proliferation of interconnected devices in the Internet of Things (IoT) ecosystem has heightened the urgency for robust, scalable, and context-aware access control mechanisms. Traditional Role-Based Access Control (RBAC) offers a structured method for privilege assignment; however, its direct application to resource-constrained and dynamic device environments is non-trivial. This study presents an applied framework for RBAC-driven enhanced device security and privacy, designed to address the constraints and heterogeneity of modern IoT deployments. Building on the seminal work of Shaik et al. (2018), which proposed granular role assignments for IoT nodes, we extend the concept with lightweight enforcement, attribute-driven adaptation, and privacy-preserving logging. The proposed model was implemented in a smart healthcare IoT testbed and evaluated on parameters including access decision latency, policy compliance accuracy, and privacy leakage resistance. Results indicate a 31% reduction in unauthorized access attempts and a 19% improvement in enforcement efficiency compared to baseline RBAC, without significant computational overhead. This research offers a deployable blueprint for practitioners seeking to implement RBAC in privacy-sensitive, multi-device environments.

Downloads

Download data is not yet available.

References

Alotaibi, R., & Alsubaei, F. (2020). Privacy-preserving role-based access control model for Internet of Things. Journal of Information Security and Applications, 54, 102569.

Ferraiolo, D., Kuhn, D. R., & Chandramouli, R. (2001). Role-Based Access Control. Artech House.

Huang, H., & Yang, Y. (2013). An attribute-based role-based access control model for dynamic and heterogeneous environments. Journal of Computer and System Sciences, 79(5), 630–643.

Hu, V. C., et al. (2015). Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST SP 800-162.

Kanth, A., Bhargava, B. K., & Singh, S. (2019). Context-aware role-based access control in IoT-enabled healthcare systems. IEEE Access, 7, 146648–146661.

Le, X. (2012). Integrating attribute-based access control into role-based access control. Proc. 7th Int. Conf. on Information Assurance and Security, 1–6.

Maesa, D. D. F., Mori, P., & Ricci, L. (2019). Blockchain based access control. Future Generation Computer Systems, 93, 454–465.

NIST. (2012). NIST Standard for Role-Based Access Control (RBAC). NIST 800-98.

Ri, S., Park, Y., & Kim, H. (2021). Blockchain-based role-based access control for secure data sharing in cloud environments. IEEE Access, 9, 125019–125029.

Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2), 38–47.

Shaik, M., Sadhu, A. K. R., Bojja, G. R., & Venkataramanan, S. (2018). Granular Access Control for the Perpetually Expanding Internet of Things: A Deep Dive into Implementing RBAC for Enhanced Device Security and Privacy. British Journal of Multidisciplinary and Advanced Studies, 2(2), 136–160.

Singh, P., Tripathi, S., & Agrawal, R. (2019). Enhancing IoT security through role-based access control and fog computing. Procedia Computer Science, 152, 83–90.

Xu, R., Chen, Y., Blasch, E., & Chen, G. (2018). A federated capability-based access control mechanism for Internet of Things (IoT). IEEE Sensors Journal, 18(13), 5345–5353.

Zhang, L., & Tian, Y. (2020). Enhancing IoT security with fine-grained role-based access control. IEEE IoT Journal, 7(5), 4440–4450.

Downloads

Published

30.04.2022

How to Cite

Takudzwa Fadziso. (2022). Role-Based Access Control for Enhanced Device Security and Privacy: An Applied Framework Building on Granular IoT Access Models. International Journal of Intelligent Systems and Applications in Engineering, 10(3), 534 –. Retrieved from https://www.ijisae.org/index.php/IJISAE/article/view/7811

Issue

Vol. 10 No. 3 (2022)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.