Time-based legality of information flow in the capability-based access control model for the Internet of Things

The Internet of Things is composed of sensor and actuator devices. Devices have to be securely accessed by subjects. In this article, we take the capability-based access control (CBAC) model where a subject is issued a capability token to manipulate a device by a device owner. In the CBAC model, information which a subject is not allowed to get may illegally flow to the subject. Hence, the operation interruption (OI) protocol to prevent illegal information flow is proposed in our previous studies. However, although a subject is not allowed to get data at time tau, the subject can get the data later than the time tau. Here, the data come to the subject later than expected by the subject to get the data, that is, the information flows late to the subject. In this article, we newly propose a time-based OI (TBOI) protocol to prevent not only illegal information flow but also late information flow. Here, operations implying illegal or late information flow are interrupted, that is, not performed at devices. In the evaluation, we show not only illegal information flow but also late information flow are prevented in the TBOI protocol differently from the OI protocol.