Abstract
Smart home user usually controls smart devices through smart application, which is managed by user's account. Thus, compromised account is possible and countermeasure to such attack can help protect both devices and data pertaining to them. In this paper, we propose a security countermeasure in case of compromised account in smart home system by introducing another layer of access control beyond the traditional authentication method (e.g. username and password). In our proposed approach, although user is successfully authenticated, he subjects to another control at devices or data permission level for every access attempt to them. This control takes into account the profile and behaviour of user requesting access to the system to determine whether user is legitimate or malicious and access control permission and type of access control enforcement are decided based on that factor.