Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin

Sammanfattning: The evolution into a networked society, where a wide variety of devices are connected to the Internet, opens up many new opportunities for creating smart products and applications that dynamically adapt to the current environment. A common scenario will be that applications require or benefit from using several devices at the same time for the execution. Such distributed applications may be complex to write for an application developer. The goal of the open-source framework Calvin, developed by Ericsson Research, is to make it possible for developers of distributed applications to focus on their ideas instead of the complex implementation details. A user may specify some details about where the application is allowed to execute. Based on this information and other parameters, Calvin will automatically decide where it is most beneficial for different parts of the application to execute. Calvin can also handle migration to other devices without interrupting the execution of the application. This dynamic distributed execution model results in challenges when it comes to deciding what resources specific applications, running on behalf of different users, should be allowed to access on a specific device. In this thesis, an authorization framework, based on fine-grained attribute-based access control, is proposed as a solution for the access control in Calvin. Flexibility and compact message formats are some of the most important aspects of the design in order to support different devices with different constraints. The proposed authorization solution has been implemented and is now available as a part of the Calvin framework.