Design Flaws and Deployment Chaos in Cloud-based IoT Access Control Policies

Modern internet-of-things device manufacturers are taking advantage of the managed Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) IoT clouds (e.g., AWS IoT, Azure IoT) for secure and convenient IoT development/deployment. The IoT access control is achieved by manufacturer-specified, cloud-enforced IoT access policies (e.g., cloud-standard JSON documents, called IoT Policies on AWS IoT) stating which users can access what IoT devices/resources under what constraints. However, IoT access control policy is often complicated to develop or deploy securely, with tremendous space for device manufacturers …

access access control as-a-service aws azure called chaos cloud cloud-based clouds constraints control deployment design development device devices documents flaws iaas infrastructure internet iot iot devices json managed manufacturer paas platform platform-as-a-service policies policy program resources service space standard things under