Profile Based Access Control Model Using JSON Web Tokens

Albayati, Mustafa; Murjan, Aslan

Profile Based Access Control Model Using JSON Web Tokens

Mark

Albayati, Mustafa ^LU and Murjan, Aslan (2023) EITM01 20231
Department of Electrical and Information Technology

Abstract: Currently at Axis, a local role-based access control system is used in devices,
which forces the user credentials to be directly installed on the individual devices
and the limited selection of roles does not allow for fine-grained access rights.
This creates an administrative nightmare in a large scale network and leads to
elevated privileges. Instead of this approach a profile based access control can be
used.
The goal of this thesis work was to design an access control system for profile
based access control, utilizing JSON Web Tokens (JWT) for distribution. How pro-
file based access control works was investigated and the possibilities of enforcing
dynamic, user defined and distributed profiles were explored in contrast to... (More); Currently at Axis, a local role-based access control system is used in devices,
which forces the user credentials to be directly installed on the individual devices
and the limited selection of roles does not allow for fine-grained access rights.
This creates an administrative nightmare in a large scale network and leads to
elevated privileges. Instead of this approach a profile based access control can be
used.
The goal of this thesis work was to design an access control system for profile
based access control, utilizing JSON Web Tokens (JWT) for distribution. How pro-
file based access control works was investigated and the possibilities of enforcing
dynamic, user defined and distributed profiles were explored in contrast to static
access tables. This system allows an admin to create custom access control pro-
files depending on the use case, instead of being limited by the roles or profiles
preinstalled on the device. Open ID Connect was used for user authentication
and authorization of profiles.
The system’s design was implemented through an ambitious Proof-of-Concept
(PoC) that encompassed numerous components with the primary objective of
evaluating the feasibility of incorporating the proposed idea into an actual pro-
duction system. The innovative features of the resulting system design have been
condensed and included in a patent application, which was subsequently filed by
Axis. (Less)
Popular Abstract: With advances in computing technologies, IoT devices can be more capable than
ever. Some of these devices offer advanced functionalities and run complete operating
systems, not very different from the one you are using right now. This thesis work
addresses the access control challenges surrounding a large network of such devices.

Please use this url to cite or link to this publication: http://lup.lub.lu.se/student-papers/record/9129494

author

Albayati, Mustafa ^LU and Murjan, Aslan

supervisor

Ben Smeets

organization

Department of Electrical and Information Technology

alternative title

Profil Baserat Accesskontroll Via JSON Web Tokens

course

EITM01 20231

year

2023

type

H2 - Master's Degree (Two Years)

subject

Technology and Engineering

keywords

access control, profiles, IoT, device, OpenIDC

report number

LU/LTH-EIT 2023-936

language

English

additional info

European patent application number 22214794.4.

id

9129494

date added to LUP

2023-08-29 11:17:19

date last changed

2023-08-29 11:17:19

@misc{9129494,
  abstract     = {{Currently at Axis, a local role-based access control system is used in devices,
which forces the user credentials to be directly installed on the individual devices
and the limited selection of roles does not allow for fine-grained access rights.
This creates an administrative nightmare in a large scale network and leads to
elevated privileges. Instead of this approach a profile based access control can be
used.
The goal of this thesis work was to design an access control system for profile
based access control, utilizing JSON Web Tokens (JWT) for distribution. How pro-
file based access control works was investigated and the possibilities of enforcing
dynamic, user defined and distributed profiles were explored in contrast to static
access tables. This system allows an admin to create custom access control pro-
files depending on the use case, instead of being limited by the roles or profiles
preinstalled on the device. Open ID Connect was used for user authentication
and authorization of profiles.
The system’s design was implemented through an ambitious Proof-of-Concept
(PoC) that encompassed numerous components with the primary objective of
evaluating the feasibility of incorporating the proposed idea into an actual pro-
duction system. The innovative features of the resulting system design have been
condensed and included in a patent application, which was subsequently filed by
Axis.}},
  author       = {{Albayati, Mustafa and Murjan, Aslan}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Profile Based Access Control Model Using JSON Web Tokens}},
  year         = {{2023}},
}

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Profile Based Access Control Model Using JSON Web Tokens