Overprivilege　Attack,　a　widely　reported　phenomenon　in　IoT　that　accesses　unauthorized　or　excessive　resources,　is　notoriously　hard　to　prevent,　trace　and　mitigate.　In　this　paper,　we　propose　TBAC,　a　Tokoin-Based　Access　Control　model　enabled　by　blockchain　and　Trusted　Execution　Environment　(TEE)　technologies,　to　offer　fine-grained　access　control　and　strong　auditability　for　IoT.　TBAC　materializes　the　virtual　access　power　into　a　definite-amount,　secure　and　accountable　cryptographic　coin,　termed　＂tokoin＂　(token+coin),　and　manages　it　using　atomic　and　accountable　state-transition　functions　in　a　blockchain.　A　tokoin　carries　a　fine-grained　policy　defined　by　the　resource　owner　to　specify　the　requirements　to　be　satisfied　before　an　access　is　granted,　and　the　behavioral　constraints　that　describe　the　correct　procedure　to　follow　during　access.　The　strong-auditability　is　achieved　with　blockchain　and　a　TEE-enabled　trusted　access　control　object　(TACO)　to　ensure　that　all　access　activities　are　securely　monitored　and　auditable.　We　prototype　TBAC　by　implementing　all　its　functions　with　well-studied　cryptographic　primitives　over　different　blockchain　platforms,　building　a　TACO　on　top　of　the　ARM　Cortex-M33　TEE　microcontroller,　and　constructing　a　user-friendly　APP　for　regular　users.　A　case　study　is　finally　presented　to　demonstrate　how　TBAC　is　employed　to　enable　autonomous　and　secure　in-home　cargo　delivery.