Recently, interest of both the academic and industrial world in Internet of Things (IoT) has been increasing and this trend requires development of new security approaches addressing potential weaknesses in this domain. Despite the presence of many studies directed towards security of IoT applications, they are mostly adoption of current methods to IoT scenarios. Yet, IoT applications are comprised of various kinds of different entities including computers, processes, people and services. Therefore, it is inadequate to detect malicious attempts by using conventional security methods, which apply fixed security policies and do not take interaction of things, that is context information, into account. In this study, by considering new security requirements of next generation IoT applications, we propose a fine-grained, dynamic and easily manageable access control model, which is called context-aware operation-based access control.