The Internet of Things is composed of sensor and actuator devices. Devices have to be securely accessed by subjects. In this article, we take the capability-based access control (CBAC) model where a subject is issued a capability token to manipulate a device by a device owner. In the CBAC model, information which a subject is not allowed to get may illegally flow to the subject. Hence, the operation interruption (OI) protocol to prevent illegal information flow is proposed in our previous studies. However, although a subject is not allowed to get data at time , the subject can get the data later than the time . Here, the data come to the subject later than expected by the subject to get the data, that is, the information flows late to the subject. In this article, we newly propose a time-based OI (TBOI) protocol to prevent not only illegal information flow but also late information flow. Here, operations implying illegal or late information flow are interrupted, that is, not performed at devices. In the evaluation, we show not only illegal information flow but also late information flow are prevented in the TBOI protocol differently from the OI protocol.

中文翻译：

---

基于能力的物联网访问控制模型中基于时间的信息流合法性

物联网由传感器和执行器设备组成。主体必须安全地访问设备。在本文中，我们采用基于能力的访问控制 (CBAC) 模型，在该模型中，设备所有者向主体颁发能力令牌以操纵设备。在CBAC模型中，不允许主体获取的信息可能会非法流向主体。因此，我们之前的研究提出了防止非法信息流的操作中断（OI）协议。但是，虽然不允许主体在 time 获取数据，但主体可以晚于 time 获取数据. 这里，数据比主体预期的要晚到达主体获取数据，即信息流向主体晚。在本文中，我们新提出了一种基于时间的 OI (TBOI) 协议，不仅可以防止非法信息流，还可以防止延迟信息流。这里，暗示非法或延迟信息流的操作被中断，即不在设备处执行。在评估中，我们展示了与 OI 协议不同的是，TBOI 协议不仅防止了非法信息流，而且还防止了延迟信息流。