Security Analysis of Access Control Policies for Smart Homes

Ensuring security is crucial in smart home settings, where only authorized users should have access to home devices. Over the past decade, researchers have focused on developing access control policies and evaluating their efficacy in preventing unauthorized access. A new variant of Role-Based Access Control (RBAC), called Extended Generalized Role-Based Access Control (EGRBAC), has recently been introduced to capture the intricate user-device-context interactions that are prevalent in smart home environments. In this paper, we demonstrate that the task of analyzing administrative EGRBAC policies for security can be performed by reducing it to the security analysis of administrative RBAC policies. We also conducted a case study on a realistic smart home to prove the viability of our approach with respect to security requirements such as availability and privilege escalation.