Abstract
Internet of Things (IoT) is commonly utilized in domestic, industrial, and public environments to automate various tasks. Due to this, an enormous amount of data is being generated and transmitted through IoT networks. These data may contain sensitive information depending on the context. Access control is one of the frontline security measures that any information system should adopt. The dynamic nature of the IoT requires access control policies to be able to adapt to their environments. However, it is very challenging for a human administrator to specify access control policies for all scenarios manually because of their dynamic nature. Current literature suggests the need for automating the process of policy generation. Machine Learning and Deep Learning techniques can enable the required automation. We conducted a case study using two baseline Tabular Generative Adversarial Network (GAN) models, namely CTGAN and CopulaGAN, to generate access control policy data. We utilized the CAV policies dataset published by Cunnington et al. We evaluated our results using both quantitative and manual evaluation. Our initial results identified a significant number of policy violations to underlying environmental constraints. We later trained the models by applying constraints. Our final results demonstrate that the models were able to generate policies without violating the specified environmental constraints.