{"id":"https://openalex.org/W4400266726","doi":"https://doi.org/10.1109/tdsc.2024.3421969","title":"Sharing Can be Threatening: Uncovering Security Flaws of RBAC Model on Smart Home Platforms","display_name":"Sharing Can be Threatening: Uncovering Security Flaws of RBAC Model on Smart Home Platforms","publication_year":2024,"publication_date":"2024-07-02","ids":{"openalex":"https://openalex.org/W4400266726","doi":"https://doi.org/10.1109/tdsc.2024.3421969"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2024.3421969","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3421969","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048531636","display_name":"Yiyu Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yiyu Yang","raw_affiliation_strings":["National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jiayu Zhao","orcid":"https://orcid.org/0009-0004-3968-9906"},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiayu Zhao","raw_affiliation_strings":["National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005620042","display_name":"Yilian Li","orcid":"https://orcid.org/0000-0002-4192-5371"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yilian Li","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi&#x2019;an, China","School of Cyber Engineering, Xidian University, Xi&#x0027;an, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]},{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi&#x0027;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103260122","display_name":"Xiaowei Li","orcid":"https://orcid.org/0000-0003-1216-1330"},"institutions":[{"id":"https://openalex.org/I6593398","display_name":"Dali University","ror":"https://ror.org/02y7rck89","country_code":"CN","type":"education","lineage":["https://openalex.org/I6593398"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaowei Li","raw_affiliation_strings":["School of Mathematics and Computer Science, Dali University, Yunnan, China"],"affiliations":[{"raw_affiliation_string":"School of Mathematics and Computer Science, Dali University, Yunnan, China","institution_ids":["https://openalex.org/I6593398"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100346828","display_name":"Peng Liu","orcid":"https://orcid.org/0000-0002-5091-8464"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Peng Liu","raw_affiliation_strings":["College of Information Sciences and Technology, Pennsylvania State University, University Park, PA, USA","College of Information Sciences and Technology, Pennsylvania State University, University Park, USA"],"affiliations":[{"raw_affiliation_string":"College of Information Sciences and Technology, Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]},{"raw_affiliation_string":"College of Information Sciences and Technology, Pennsylvania State University, University Park, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100401884","display_name":"Yuqing Zhang","orcid":"https://orcid.org/0000-0001-8306-7195"},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuqing Zhang","raw_affiliation_strings":["National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5048531636"],"corresponding_institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":0.5184,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.71007418,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":"22","issue":"2","first_page":"950","last_page":"966"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11995","display_name":"FinTech, Crowdfunding, Digital Finance","score":0.6086000204086304,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11995","display_name":"FinTech, Crowdfunding, Digital Finance","score":0.6086000204086304,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7066987156867981},{"id":"https://openalex.org/keywords/role-based-access-control","display_name":"Role-based access control","score":0.7064017057418823},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5830171704292297},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.42822569608688354},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.33121606707572937}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7066987156867981},{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.7064017057418823},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5830171704292297},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.42822569608688354},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.33121606707572937}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2024.3421969","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3421969","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2011081604","display_name":null,"funder_award_id":"U1836210","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3247790336","display_name":null,"funder_award_id":"62262001","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3625357762","display_name":null,"funder_award_id":"U2336203","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4042888346","display_name":null,"funder_award_id":"4242031","funder_id":"https://openalex.org/F4320322919","funder_display_name":"Natural Science Foundation of Beijing Municipality"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322919","display_name":"Natural Science Foundation of Beijing Municipality","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":37,"referenced_works":["https://openalex.org/W1980694458","https://openalex.org/W2162720432","https://openalex.org/W2166602595","https://openalex.org/W2508433864","https://openalex.org/W2575029217","https://openalex.org/W2593989684","https://openalex.org/W2605367183","https://openalex.org/W2613352518","https://openalex.org/W2791018263","https://openalex.org/W2791710451","https://openalex.org/W2794648377","https://openalex.org/W2889851986","https://openalex.org/W2890188242","https://openalex.org/W2947175569","https://openalex.org/W2969759835","https://openalex.org/W2983277367","https://openalex.org/W3003250548","https://openalex.org/W3014583938","https://openalex.org/W3015797940","https://openalex.org/W3136780060","https://openalex.org/W3155102819","https://openalex.org/W3213973488","https://openalex.org/W4221001515","https://openalex.org/W4244726870","https://openalex.org/W4282966860","https://openalex.org/W4287848621","https://openalex.org/W4308410011","https://openalex.org/W4385080361","https://openalex.org/W4387609078","https://openalex.org/W6721194330","https://openalex.org/W6741546758","https://openalex.org/W6744196339","https://openalex.org/W6748246993","https://openalex.org/W6751184934","https://openalex.org/W6764964240","https://openalex.org/W6766492497","https://openalex.org/W6782007757"],"related_works":["https://openalex.org/W2372156812","https://openalex.org/W2374393728","https://openalex.org/W2386545329","https://openalex.org/W2382286253","https://openalex.org/W2356011375","https://openalex.org/W1795360416","https://openalex.org/W2392979115","https://openalex.org/W1969771171","https://openalex.org/W819284483","https://openalex.org/W2370002471"],"abstract_inverted_index":{"The":[0,37,85],"\u201csharing\u201d":[1],"feature":[2,123],"provided":[3],"by":[4,100,160],"smart":[5,68,112,152,174],"home":[6,69,113,153,175],"platforms":[7,70,176],"enables":[8],"multiple":[9],"users":[10,213],"to":[11,75,92,120,180,209,218,236],"access":[12],"the":[13,29,34,42,50,54,121,145,161,181],"device":[14,223],"simultaneously":[15],"with":[16,111],"different":[17,46],"roles":[18],"and":[19,31,53,57,124,148,184,195,229,238,240],"permissions,":[20],"but":[21],"it":[22],"also":[23,165],"presents":[24],"new":[25],"security":[26,93,109,130,210],"challenges":[27,158],"for":[28],"design":[30],"implementation":[32],"of":[33,151],"permission":[35,47,125,149,193,198],"management.":[36],"key":[38],"issue":[39],"is":[40],"that":[41,132,177,206],"platform":[43],"adopts":[44],"two":[45,59],"assignments":[48,60,89],"on":[49,144],"app":[51],"side":[52],"cloud":[55],"side,":[56],"these":[58,88,216,234],"must":[61],"maintain":[62],"consistency":[63],"in":[64],"authorizing.":[65],"Unfortunately,":[66],"real-world":[67],"may":[71,90],"not":[72],"be":[73,97],"able":[74],"ensure":[76],"this":[77,137],"when":[78],"implementing":[79],"RBAC":[80,146],"(Role-Based":[81],"Access":[82],"Control)":[83],"model.":[84],"inconsistency":[86],"between":[87],"lead":[91,208],"vulnerabilities,":[94],"which":[95],"can":[96],"easily":[98],"exploited":[99],"malicious":[101],"users.":[102],"Although":[103],"many":[104],"existing":[105],"studies":[106],"have":[107],"revealed":[108],"issues":[110,131],"platforms,":[114],"less":[115],"attention":[116],"has":[117],"been":[118],"paid":[119],"sharing":[122],"assignments,":[126],"as":[127,129,222],"well":[128],"arise":[133],"from":[134],"this.":[135],"In":[136],"work,":[138],"we":[139,164,188,202],"conducted":[140],"a":[141,167],"systematic":[142],"study":[143],"model":[147],"management":[150],"platforms.":[154],"To":[155],"overcome":[156],"technical":[157],"imposed":[159],"\u201cblack-box\u201d":[162],"platform,":[163],"proposed":[166,241],"novel":[168],"testing":[169,172],"framework.":[170],"By":[171],"10":[173],"all":[178],"belong":[179],"\u201cdevice-connected,":[182],"black-box,":[183],"multi-user":[185],"supported\u201d":[186],"category,":[187],"collected":[189],"each":[190],"platform's":[191],"\u201cconfigurable":[192],"assignment\u201d":[194],"inferred":[196],"\u201cenforced":[197],"assignment\u201d.":[199],"At":[200],"last,":[201],"identified":[203],"44":[204],"inconsistencies":[205],"could":[207,214],"vulnerabilities.":[211],"Malicious":[212],"exploit":[215],"vulnerabilities":[217,235],"initiate":[219],"attacks":[220],"such":[221],"hijacking,":[224],"unauthorized":[225],"access,":[226],"illegal":[227],"control,":[228],"eavesdropping.":[230],"We":[231],"promptly":[232],"reported":[233],"vendors":[237],"CNVD,":[239],"mitigation":[242],"measures.":[243]},"counts_by_year":[{"year":2024,"cited_by_count":1}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}