Profile Based Access Control Model Using JSON Web Tokens
(2023) EITM01 20231Department of Electrical and Information Technology
- Abstract
- Currently at Axis, a local role-based access control system is used in devices,
which forces the user credentials to be directly installed on the individual devices
and the limited selection of roles does not allow for fine-grained access rights.
This creates an administrative nightmare in a large scale network and leads to
elevated privileges. Instead of this approach a profile based access control can be
used.
The goal of this thesis work was to design an access control system for profile
based access control, utilizing JSON Web Tokens (JWT) for distribution. How pro-
file based access control works was investigated and the possibilities of enforcing
dynamic, user defined and distributed profiles were explored in contrast to... (More) - Currently at Axis, a local role-based access control system is used in devices,
which forces the user credentials to be directly installed on the individual devices
and the limited selection of roles does not allow for fine-grained access rights.
This creates an administrative nightmare in a large scale network and leads to
elevated privileges. Instead of this approach a profile based access control can be
used.
The goal of this thesis work was to design an access control system for profile
based access control, utilizing JSON Web Tokens (JWT) for distribution. How pro-
file based access control works was investigated and the possibilities of enforcing
dynamic, user defined and distributed profiles were explored in contrast to static
access tables. This system allows an admin to create custom access control pro-
files depending on the use case, instead of being limited by the roles or profiles
preinstalled on the device. Open ID Connect was used for user authentication
and authorization of profiles.
The system’s design was implemented through an ambitious Proof-of-Concept
(PoC) that encompassed numerous components with the primary objective of
evaluating the feasibility of incorporating the proposed idea into an actual pro-
duction system. The innovative features of the resulting system design have been
condensed and included in a patent application, which was subsequently filed by
Axis. (Less) - Popular Abstract
- With advances in computing technologies, IoT devices can be more capable than
ever. Some of these devices offer advanced functionalities and run complete operating
systems, not very different from the one you are using right now. This thesis work
addresses the access control challenges surrounding a large network of such devices.
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9129494
- author
- Albayati, Mustafa LU and Murjan, Aslan
- supervisor
- organization
- alternative title
- Profil Baserat Accesskontroll Via JSON Web Tokens
- course
- EITM01 20231
- year
- 2023
- type
- H2 - Master's Degree (Two Years)
- subject
- keywords
- access control, profiles, IoT, device, OpenIDC
- report number
- LU/LTH-EIT 2023-936
- language
- English
- additional info
- European patent application number 22214794.4.
- id
- 9129494
- date added to LUP
- 2023-08-29 11:17:19
- date last changed
- 2023-08-29 11:17:19
@misc{9129494, abstract = {{Currently at Axis, a local role-based access control system is used in devices, which forces the user credentials to be directly installed on the individual devices and the limited selection of roles does not allow for fine-grained access rights. This creates an administrative nightmare in a large scale network and leads to elevated privileges. Instead of this approach a profile based access control can be used. The goal of this thesis work was to design an access control system for profile based access control, utilizing JSON Web Tokens (JWT) for distribution. How pro- file based access control works was investigated and the possibilities of enforcing dynamic, user defined and distributed profiles were explored in contrast to static access tables. This system allows an admin to create custom access control pro- files depending on the use case, instead of being limited by the roles or profiles preinstalled on the device. Open ID Connect was used for user authentication and authorization of profiles. The system’s design was implemented through an ambitious Proof-of-Concept (PoC) that encompassed numerous components with the primary objective of evaluating the feasibility of incorporating the proposed idea into an actual pro- duction system. The innovative features of the resulting system design have been condensed and included in a patent application, which was subsequently filed by Axis.}}, author = {{Albayati, Mustafa and Murjan, Aslan}}, language = {{eng}}, note = {{Student Paper}}, title = {{Profile Based Access Control Model Using JSON Web Tokens}}, year = {{2023}}, }