A customizable conflict resolution and attribute-based access control framework for multi-robot systems

Nowadays, access control is an indispensable part of the Personal Health Record and supplies for its confidentiality by enforcing policies and rules to ensure that only authorized users gain access to requested resources in the system. In other words, the access control means protecting patient privacy in healthcare systems. Attribute-Based Access Control (ABAC) is a new access control model that can be used instead of other traditional types of access control such as Discretionary Access Control, Mandatory Access Control, and Role-Based Access Control. During last five years ABAC has shown some applications in both recent academic fields and industry purposes. ABAC by using user’s attributes and resources, makes a decision according to an access request. In this paper, we propose an ABAC framework for healthcare system. We use the engine of ABAC for rendering and enforcing healthcare policies. Moreover, we handle emergency situations in this framework.

Web services over the Internet are widely used nowadays. Controlling access in Web services environment is crucial and a significant challenge because this environment is more dynamic and heterogeneous. Compared with the existing models, attribute-based access control is more appropriate for Web services, but it do not fully exploit the semantic power and reasoning capabilities of emerging web applications. To address these issues, a semantic and attribute-based access control framework (S_ABAC) is presented by combining the attribute-based access control with semantic-based access control in this paper. By extending the eXtensible Access Control Markup Language architecture and representing semantically the resources and users attributes with ontology, S_ABAC can realize semantic and attribute-based access control, and can also provide administratively scalable alternative and semantic interoperability. In the prototype implementation, S_ABAC uses Shibboleth service to address the disclosure issue of the sensitive attributes and also separates ontology management from access management.

To enhance access control mechanisms, organizations need to monitor access requests issued from devices. There-fore, organizations can evaluate the trustworthiness or risks of the devices based on collected requests to adapt the access privileges. However, existing schemes usually do not address organizational authorization processes and may not be suitable for enterprise file systems. In light of this, this study proposes an Evolutionary Risk Adaptive Access Control (ERAAC) Framework for enterprise file systems. The proposed framework provides an extensible architecture for an organization to deploy different access control filters for different perspectives. An access control filter can filter out access requests based on access control policies. An organization can add a new access control filter without replacing its existing access control mechanism. In addition, the proposed framework enables organizations to define new risk labels for data entities, such as subjects and objects to be accessed, used in access control policies. The access control mechanism can adapt user privileges based on the risk labels. Even if organizations do not have enough data to generate risk labels, the organizations can set access control policies without risk labels. Therefore, the proposed framework enables organizations to progressively improve their access control mechanisms. To the best of our knowledge, the proposed framework is the first access control framework that can evolve with organizational maturity in risk management. This study also illustrates how the proposed framework satisfied the related tenets mentioned in NIST SP 800–207. Consequently, this study can hopefully contribute to helping an organization to implement zero trust architecture.

Access control has been recognized as a critical issue for preventing unauthorized access to the resources in Internet of Things (IoT) systems. This paper proposes an Attribute-Based Access Control (ABAC) framework for IoT systems by using the emerging Ethereum smart contract technology. The framework consists of one Policy Management Contract (PMC), one Subject Attribute Management Contract (SAMC), one Object Attribute Management Contract (OAMC) and one Access Control Contract (ACC). The PMC, SAMC and OAMC are responsible for storing and managing the ABAC policies, the attributes of subjects (i.e., entities accessing resources) and the attributes of objects (i.e., resources being accessed), respectively. When receiving access requests, the ACC retrieves the subject attributes and object attributes as well as the corresponding policy from the SAMC, OAMC and PMC to perform the access control. Combining the ABAC model and the blockchain technology, this framework is expected to achieve distributed, trustworthy and fine-grained access control for IoT systems. To show the feasibility of the proposed framework, we construct a local private Ethereum blockchain system to implement the four smart contracts and also conduct experiments to test the monetary and time cost.

Concerning the limitations of the application of traditional access control model in new generation credible Internet environment,such as the inefficiency in user-role assignment and the difficulty in cross-domain access control,a universal attribute-based access control framework was proposed.It took a unified method to dispose the attributes of users,resources,operations and running context,simplified the complex way of permissions determination in traditional RBAC and other access control modes,thus enhancing the versatility and flexibility of access control system.At the same time,authentication based on attribute certificates was applied in cross-domain access,policy evaluation and evaluation algorithm were also discussed,which could dynamically realize resource management and access control for users from different domains.In addition,the mechanism of the running context makes the framework more suitable to be applied in complex and dynamic Internet environment.

We study attribute-based access control for resource sharing in collaborative work environments. The goal of our work is to encourage sharing within an organization by striking a balance between usability and security. Inspired by the great success of a number of collaboration-based Web 2.0 systems, such as Wikipedia and Del.icio.us, we propose a novel attribute-based access control framework that acquires information on users’ attributes from the collaborative efforts of all users in a system, instead of from a small number of trusted agents. Intuitively, if several users say that someone has a certain attribute, our system believes that the latter indeed has the attribute. In order to allow users to specify and maintain the attributes of each other, we employ the mechanism of people-tagging, where users can tag each other with the terms they want, and tags from different users are combined and viewable by all users in the system. In this article, we describe the system framework of our solution, propose a language to specify access control policies, and design an example-based policy specification method that is friendly to ordinary users. We have implemented a prototype of our solution based on a real-world and large-scale people-tagging system in IBM. Experiments have been performed on the data collected by the system.KeywordsAccess ControlTrust ManagementRelevant ScoreAccess Control PolicyImportance ScoreThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

The COVID-19 pandemic further outlined the importance of global healthcare services provisioning for diagnosing and treating patients who tend to travel and live for large periods away from home and can be anywhere at any given time. Advances in technology enable healthcare practitioners to access critical data regarding a person’s health status to provide better services. Medical data are sensitive in nature, and therefore, a reliable mechanism should ensure that only authorized entities can access data when needed. This paper, through a layered consideration of a Globalized Healthcare Provisioning Ecosystem (GHPE), reveals the interdependencies among its major components and suggests a necessary abstraction to identify requirements for the design of an access control suitable for the ecosystem. These requirements are imposed by the nature of the medical data as well as by the newly introduced potentials of Internet of Medical Things (IoMT) devices. As a result, an attribute-based access control framework is proposed aiming to provide prompt and secure access to medical data globally by utilizing state-of-the-art technologies and standards, including Next-Generation Access Control (NGAC), blockchain and smart contracts. Three types of smart contracts are proposed that enable access control to implement attribute and policy stores where policy classes and attributes are decentralized and immutable. In addition, the usage of blockchain-based distributed identities allows patients to be in control of access to their medical data and also enables healthcare service providers to access medical data promptly and reliably through the proposed access control framework. The qualitative characteristics of the proposed approach toward a decentralized and patient-centric access control in GHPE are demonstrated and discussed based on an application paradigm.

Recent advances in information technologies have facilitated applications to generate, collect or process large amounts of sensitive personal data. Emerging cloud storage services provide a better paradigm to support the needs of such applications. Such cloud based solutions introduce additional security and privacy challenges when dealing with outsourced data including that of supporting fine-grained access control over such data stored in the cloud. In this paper, we propose an integrated, privacy-preserving user-centric attribute based access control framework to ensure the security and privacy of users' data outsourced and stored by a cloud service provider (CSP). The core component of the proposed framework is a novel privacy-preserving, revocable ciphertext policy attribute-based encryption (PR-CP-ABE) scheme. To support advanced access control features like write access on encrypted data and privacy-preserving access policy updates, we propose extended Path-ORAM access protocol that can also prevent privacy disclosure of access patterns. We also propose an integrated secure deduplication approach to improve the storage efficiency of CSPs while protecting data privacy. Finally, we evaluate the proposed framework and compare it with other existing solutions with regards to the security and performance issues.

Access control mechanism in IoT is a challenge in itself owing to the massive scale and heterogeneity of IoT devices that are connected. The task becomes more difficult when there are resource-constrained devices in the network. Employing a resourceful trusted third party as a centralized authority for access control and storage of data is no more an ideal solution due to possible breach of privacy and single point of failure. It also hampers the scalability of the IoT system. The On-demand Trust-based Access Control(OTAC) framework proposes a distributed trust-based blockchain model optimized for access control in resource-constrained environments. OTAC offers a differential level of security and privacy on a demand basis. The hierarchical structure of OTAC framework gives it a decentralized architecture. OTAC uses a customized trust-based consensus, immune to Byzantine attack and hence gives it an edge over other blockchain-based access control schemes.

A blockchain-based access control and intrusion detection framework for satellite communication systems

In today’s highly regulated digital ecosystems, compliance-critical environments—such as healthcare, finance, and government sectors—face increasing pressure to protect sensitive data while adhering to strict regulatory frameworks. Traditional access control mechanisms, often rigid and static, are inadequate for dynamically changing risk landscapes and evolving threat vectors. This paper proposes a unified framework for Risk-Based Access Control (RBAC) and Identity Management (IDM) that integrates context-aware decision-making, real-time risk assessment, and adaptive policy enforcement to enhance security and compliance. The proposed framework leverages machine learning models and rule-based engines to continuously evaluate risk based on user behavior, environmental factors, and system context. By integrating identity federation, multifactor authentication, and behavioral analytics, the system ensures that access decisions are dynamically tailored to the assessed risk level, significantly reducing unauthorized access incidents and data breaches. A modular architecture is employed, enabling seamless integration with existing identity management infrastructures and regulatory compliance engines, such as GDPR, HIPAA, and SOX. Furthermore, the framework supports granular policy definition and auditing capabilities to meet auditing requirements and ensure transparency in access decisions. To validate the framework, we conducted simulations in a compliance-critical financial environment using synthetic datasets mimicking real-world scenarios. Results demonstrate the framework’s effectiveness in reducing access latency, improving decision accuracy, and enhancing regulatory compliance adherence. Comparative analysis with conventional Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models highlights the advantages of a risk-aware approach in dynamic environments. The research underscores the importance of aligning identity management with adaptive risk assessment mechanisms, particularly in high-stakes domains where data confidentiality, integrity, and availability are paramount. The proposed unified framework offers a scalable, intelligent, and compliance-ready solution to modern identity and access management challenges, paving the way for more resilient and responsive security architectures in critical sectors.

This paper studies the access control problem of long-term throughput maximization in wireless communication systems with Energy Harvesting (EH). In the existing research, many access schemes based on accurate environmental information have been proposed, such as channel information and the EH process. However, access to environmental information is costly, and traditional access control frameworks are expensive to explore in high-dimensional spaces. Thus, an access control framework based on hierarchical reinforcement learning (HRL) is proposed in this paper. In HRL, the control problem in the Markov decision process (MDP) form is decomposed into a multilevel sequential control problem. It includes high-level channel number selection, mid-level channel selection, and low-level channel matching subproblems. The scheme is obtained by combining the solutions of subproblems at different level which are solved in sequence. In addition, to improve learning efficiency, the deterministic action (DA) module and the prior knowledge (PK) module are put forward. The DA module solves the channel matching problem under the additional guidance given by the previous subproblem, which selects definite good low-level actions. The PK module provides the framework with the common knowledge of the system structure learned from the hypothetical environment, so as to obtain better initial performance. Experimental results show that our framework achieves better performance and better learning efficiency compared with several recent transmission schemes. <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Note to Practitioners</i> —Access control is an important issue in wireless communication systems, and users need to be scheduled to solve the constraint of limited resources, such as energy usually provided by batteries. In recent years, in order to overcome the energy limitation, energy harvesting devices have been developed and applied to wireless communication systems. However, the energy collection ability of the system is greatly influenced by the environment, which leads to the poor performance of most traditional control schemes that rely on the prior knowledge of the environment. Therefore, this paper proposes a novel hierarchical reinforcement learning (HRL)-based model-free access control framework for wireless communication system to maximize the system throughput without any prior environmental knowledge. The scheme abstracts the original control problem into three sub-control sub control problems according to tasks and solves them sequentially, thus simplifying the original control problem. This scheme can not only learn independently, but also does not depend on the prior knowledge of the environment. Moreover, this method is also suitable for the large-scale environment while the conventional end-to-end reinforcement learning is not suitable for. Compared with traditional algorithms, our method has better performance and higher learning efficiency.

Medical data involves a large amount of personal information and is highly privacy sensitive. In the age of big data, the increasing informatization of healthcare makes it vital that medical information is stored securely and accurately. However, current medical information is subject to the risk of privacy leakage and difficult to share. To address these issues, this paper proposes a healthcare information security storage solution based on hyperledger fabric and the attribute-based access control framework. The scheme first utilizes attribute-based access control, which allows dynamic and fine-grained access to medical information, and then stores the medical information in the blockchain, which can be secured and tamper-proof by formulating corresponding smart contracts. In addition, this solution also incorporates IPFS technology to relieve the storage pressure of the blockchain. Experiments show that the proposed scheme combining access control of attributes and blockchain technology in this paper can not only ensure the secure storage and integrity of medical information but also has a high throughput when accessing medical information

Access control is easy to implement in a static system with resource-role mapping and known policies. It becomes challenging if the system is dynamic and volatile, which means there are unpredictability in the workflow. Existing role based and attribute- based access control systems are very efficient in static and predictable situations. But they are not effective in a dynamic situation. Researchers over the last two decades have tried to propose various probabilistic based, machine learning based and decision theory-based access control to prove adaptability in their access control methods. But there are existing gaps in operational needs and proposed adaptability methods. Under regular scenario access control system may work based on the policies or decided roles. Only if there is a genuine need, then access control should switch to adaptable solutions. Also, a true adaptable system should not allow human intervention, the system should be able to understand the genuineness of the requester and take decisions whether access should be granted or not. In this paper with the help of a disaster management case study, a need-based access control framework – NdRAdAC is proposed. It evaluates the genuineness of the requester and acts appropriately. An ontology-based access control for an emergency response system is developed, which can help the disaster management system to coordinate with different hospitals and help in transferring patient data from one hospital to another if needed. It ensures that data requester is authenticated with the help of access control module. The framework is tested for three main parameters: Adaptability, Consistency and Computational Efficiency. It was found that framework was accurately adaptable, consistent with all the different types of cases and computationally efficient.

Nowadays the cloud is very useful for providing many IT services. These services are delivered over the internet and accessed globally with the help of internet. The cloud service provider ensures flexibility in provisioning and scaling of resources. The cloud services are completely managed by cloud service provider (CSP), which ensures the end to end availability, reliability and security of the cloud resources. The exponential growth of cloud services has provided many opportunities but has also perplexed severe security concerns. The popularity of cloud service-based applications is rapidly increasing due to which many security and legal issues are arising. In this paper, we reviewed the existing access control method and framework for cloud data centres. The different concept of reputation and attribute-based access control system has been analyzed. This review of access control approach is helpful in designing of new access control framework and to mitigate the challenges in security concerns.