Regulating the access to the Internet of Things (IoT) network’s resources is a complex-prone task, which requires to pay a great attention on how policies are defined, shared, and enforced. The present paper considers the specific context of a smart home, which represents one of the main IoT application domains, and it focuses on two solutions proposed in the literature to cope with the aforementioned issues. On the one side, approaches based on attribute-based encryption (ABE) allow one to encrypt data for multiple recipients, in such a way that only those recipients whose attributes satisfy a given access policy can decrypt afterward. ABE guarantees a high level of customization due to the variety of attributes which can be defined, and it is also flexible enough to be adapted to different kinds of scenarios. On the other side, approaches based on sticky policies allow to attach an access policy directly to the data itself, and to employ a trusted authority to evaluate and enforce the policy itself. Sticky policies also guarantee a highly distributed and customizable enforcement of access control rules. In this paper, we compare the advantages and the drawbacks in terms of performance and robustness of such two techniques by means of their integration within the prototype of an IoT middleware, named networked smart object. Hence, the effectiveness of the presented solutions is validated by means of a real test-bed in the smart home scenario, in terms of storage occupancy, CPU load, and data retrieval delay. The final goal is to reveal the best approach to be used depending on the application’s requirements.

调节对物联网（IoT）网络资源的访问是一项容易发生的任务，它需要特别注意如何定义，共享和实施策略。本文考虑了智能家居的特定环境，它代表了主要的物联网应用领域之一，并且着重于文献中为解决上述问题而提出的两种解决方案。一方面，基于属性的加密（ABE）的方法允许人们为多个收件人加密数据，这样，只有那些属性满足给定访问策略的收件人才能随后解密。由于可以定义的属性多种多样，ABE保证了高度的自定义，并且它还足够灵活以适应不同的场景。另一方面，基于粘性策略的方法允许将访问策略直接附加到数据本身，并使用受信任的权限来评估和实施策略本身。粘性策略还可以确保高度分散且可自定义的访问控制规则实施。在本文中，我们通过将这两种技术集成到名为“网络智能对象”的IoT中间件的原型中，比较了这两种技术在性能和鲁棒性方面的优缺点。因此，在存储占用率，CPU负载和数据检索延迟方面，通过智能家居场景中的真实测试台可以验证所提出解决方案的有效性。最终目标是根据应用程序要求揭示最佳方法。