Regulating data sharing across MQTT environments

Nowadays, due to the personal nature of the managed data, numerous Internet of Things (IoT) applications represent a potential threat to user privacy. In order to address this issue, several access control models have been specifically designed for IoT. The great majority of these proposals adopt centralized enforcement mechanisms designed to control the communication of IoT devices operating in the same environment. However, these approaches cannot regulate data exchange operated by devices connected to different environments. To the best of our knowledge, effective approaches capable of controlling these forms of communications are still missing. Therefore, in this paper, we do a step to fill this void, by focusing on applications built on top of MQTT, a widely used protocol for IoT. We propose an access control framework to regulate data sharing across bridged MQTT environments, on the basis of both access control policies and user preferences. The proposed approach regulates data exchange among IoT devices belonging to interconnected environments by means of a decentralized enforcement mechanism. Experimental analyses show the efficiency of the proposed approach.