| Abstract [eng] |
Controller management platforms – a part of a fast-growing infrastructure of the IoT (Internet of Things). The management of physical devices as well as data collection, processing and integration is carried out in these platforms, that is why they are becoming an attractive target for cybercriminals. Weak access control is one of the fundamental cybersecurity threats in the field. Thus, the aim of the master’s thesis is to create a secure controller remote management platform using an access control method adapted for this purpose. The analysis part discusses the ecosystem of the IoT and the operating principles of the platforms. Cyber security threats specific to these platforms, technologies and methods used for access control are examined. It is noticed that IoT solutions are distinguished by their dynamics, limited resources, massiveness, and connectivity, so the traditional static access control methods used are not suitable. It is claimed that to ensure the principle of least privilege, the policy decision point of an access control method should be characterized as granular, flexible, and simple. In a project part, the method is formed, whose decision-making process employs subject roles and risk-based access control policies. To determine the criticality of the infrastructure situation and calculate the risk score, the sensitivity of the object, the effect of the action and the altering environmental context are assessed. The realization part describes the software and hardware selected for the implementation of the method, typical of the IoT infrastructure. The implementation of a standard controller management platform with a controller and its input and output devices is presented. The research aims to evaluate the effectiveness of the proposed access control method. Thus, configuration of the implemented platform is carried out by adapting it to smart home applications. Experiments on administrative costs, speed and security are carried out in accordance with prepared scenarios. Finally, the thesis discusses the obtained results and presents the conclusions. |
