Review Article

Searchable Encryption with Access Control in Industrial Internet of Things (IIoT)

Table 2

Comparing role and attribute-based access control.

Access control mechanism
FeatureRole-based access control (RBAC)Attribute-based access control (ABAC)

Access control granularityCoarse-grain access controlFine-grain access controls

User addition mechanismCreating access control groups defined as roles with presetup privileges. Users can be added into the group for their desired access privileges.Users are assigned attributes to describe their properties. The access control system needs to focus on the required access control policies that are described by a set of attributes to check the user’s privileges to decide if the access should be granted or not.

Structure of access policyPolicies are assigned (operation/object pairs) to groups before the access request is made.Using Boolean rule structure to express the policies.

The input of authorisation decisionsUsers are assigned to roles and inherit the permissions assigned to the roles they have. Roles are often organised in a role hierarchy, which defines the inheritance of permissions between roles.They are used as input for authorisation decisions with many criteria, such as department, job code, time of day, IP address, and user location.

Decision levelOnly related to functionalityRelate to access in both the data level and the field level, but also to functionality.

Access levelDo not allow access for nonemployees to organisation assets.Allow limited access for third parties to organisational assets.

Model statusOne of the main problems is that it is not an automatic model, needs to be painstakingly managed, and often involves significant manual intervention. The role-based mechanism, by itself, is inadequate to address the dynamic requirements of cloud-based IoT.The ABAC model is a dynamic model. The system dynamically deploys access control by using attributes, i.e., a flexible access control approach.