Activity Control Design Principles: Next Generation Access Control for Smart and Collaborative Systems

Traditionally, access control solutions have focused on how to utilize a specific type of decision parameter for access control decisions. While these "decision parameter"-focused approaches have been well accepted, they typically consider access control with centralized administration. Smart and collaborative computing systems (SCSs) such as online social networks, the Internet of Things (IoT) and connected cyber-physical systems (CPSs) require a disparate approach to meet their unique and complex access control requirements primarily because there are multiple participants who create, share, manage and protect resources (e.g., files, smart devices) individually, collaboratively or even competitively. A distinct feature of SCSs is the diffuse nature of control activities and their complex influence on other activities. Activity control (ACON) extends the scope of traditional access control models and considers how multiple administrative authorities (including users) can manage complex and interacting usage, service and control activities. In this paper, we articulate key characteristics and limitations of various existing access control models and highlight the significance and necessity of activity control in smart collaborative ecosystems. We then propose an extended ACON framework for catering to the needs of dynamic SCSs. Furthermore, we compare existing access control design principles and propose a set of activity control design principles for smart and collaborative computing systems. The proposed ACON framework and design principles will provide a solid foundation for secure SCS design and development.