Access Control Model for Google Cloud IoT

The prevalence of Internet of Things (IoT) is growing rapidly with increasing influence on our daily life. IoT has received considerable attention in both academia and industry recently and there has been significant studies on security and privacy aspects of IoT and cyber-physical systems. Researchers in academia have developed novel access control models and mechanisms for IoT. On the industry side, companies including cloud services providers like Microsoft, Amazon and Google have deployed Cloud-Enabled IoT Platforms to ensure wide scale adoption. However, there is a lack of consensus between formal IoT access control models proposed in the literature and real-world Cloud-Enabled IoT deployments. To bridge this gap, in this paper, we first study and develop a formal access control model of Google Cloud Platform, referred to as GCPAC model. We then extend the GCPAC model into a formal Google Cloud Platform IoT Access Control (GCP-IoTAC) model with IoT specific components. We demonstrate two dominant IoT scenarios - E-health use case, and smart home use case, using the GCP-IoT. We also highlight some of the limitations of the current access control capabilities of GCP-IoT and propose attribute-based extensions for fine-grained access control in GCP and its IoT platform. We envision that this contribution will help achieving consensus among formal IoT access control models and real-world Cloud-Enabled IoT Platforms.