SCPAC: An Access Control Framework for Diverse IoT Platforms Based on OAuth2.0

With the emergency of the Internet of Things in all walks of life, its security problems are getting more attention. Different devices need to access users’ data from different platforms. However, as different platforms are developed based on different security architectures, when the security policies of different platforms are supposed to be composed, it will result in new vulnerabilities and bring security risks. To address this problem, a new cross-domain access control framework based on OAuth 2.0 is proposed in this paper. The framework realizes secure and flexible management of authentication and authorization of cross-platform access control. The security domain token is used for entities to access and share the resources of each security domain, which solves the cross-domain security problem. The proposed approach is formally modeled in Coq theorem prover, and the results show that the proposed access control mechanism satisfies the security properties.