The advent in Online Social Networks (OSN) and Internet of Things (IoT) has created a new world of collaboration and communication between people and devices. The domain of internet of things uses billions of devices (ranging from tiny sensors to macro scale devices) that continuously produce and exchange huge amounts of data with people and applications. Similarly, more than a billion people are connected through social networking sites to collaborate and share their knowledge. The applications of IoT such as smart health, smart city, social networking, video surveillance and vehicular communication are quickly evolving people’s daily lives. These applications provide accurate, information-rich and personalized services to the users. However, providing personalized information comes at the cost of accessing private information of users such as their location, social relationship details, health information and daily activities. When the information is accessible online, there is always a chance that it can be used maliciously by unauthorized entities. Therefore, an effective access control mechanism must be employed to ensure the security and privacy of entities using OSN and IoT services. Access control refers to a process which can restrict user’s access to data and resources. It enforces access rules to grant authorized users an access to resources and prevent others. This survey examines the increasing literature on access control for traditional models in general, and for OSN and IoT in specific. Challenges and problems related to access control mechanisms are explored to facilitate the adoption of access control solutions in OSN and IoT scenarios. The survey provides a review of the requirements for access control enforcement, discusses several security issues in access control, and elaborates underlying principles and limitations of famous access control models. We evaluate the feasibility of current access control models for OSN and IoT and provide the future development direction of access control for the same.

中文翻译：

---

从传统到最先进的物联网访问控制模型

在线社交网络（OSN）和物联网（IoT）的出现创造了人与设备之间协作与通信的新世界。物联网领域使用数十亿个设备（从微型传感器到宏观设备），这些设备不断产生并与人和应用程序交换大量数据。同样，超过十亿人通过社交网站连接在一起，以协作和共享他们的知识。物联网的应用，例如智能健康，智能城市，社交网络，视频监控和车辆通信，正在迅速发展着人们的日常生活。这些应用程序为用户提供准确，信息丰富且个性化的服务。然而，提供个性化信息的代价是访问用户的私人信息，例如他们的位置，社交关系详细信息，健康信息和日常活动。当可以在线访问该信息时，总是有机会被未经授权的实体恶意使用。因此，必须采用有效的访问控制机制来确保使用OSN和IoT服务的实体的安全性和隐私性。访问控制是指可以限制用户对数据和资源的访问的过程。它强制执行访问规则，以向授权用户授予对资源的访问权限，并阻止其他用户访问。这项调查研究了有关传统模型，特别是OSN和IoT的访问控制方面越来越多的文献。研究与访问控制机制相关的挑战和问题，以促进在OSN和IoT场景中采用访问控制解决方案。该调查回顾了访问控制实施的要求，讨论了访问控制中的几个安全问题，并阐述了著名访问控制模型的基本原理和局限性。我们评估了OSN和IoT当前访问控制模型的可行性，并为它们提供了访问控制的未来发展方向。