Attribute-based Access Control Model Research Articles

Secure EHR access in the cloud: an alloy-based formalization of ABAC in ‎‎collaborative and non-collaborative models‎

The approach proposed in this article integrates the Attribute-Based Access Control (ABAC) ‎model and the Alloy modeling tool to enhance security in cloud environments, whet alher ‎collaborative or non-collaborative. Cloud computing facilitates data management, particularly ‎in collaborative environments that promote teamwork, but this increased flexibility introduces ‎more complex security challenges. In contrast, non-collaborative environments offer stricter ‎access control, thereby improving security while limiting the flexibility of interactions. The ‎ABAC model allows for the definition of fine-grained access policies based on user roles, ‎context, and data sensitivity, making it an ideal solution for protecting Electronic Health ‎Records (EHR). With dynamic access management, only authorized individuals can view or ‎manipulate sensitive data. The use of Alloy enables the formalization and testing of these ‎security policies by simulating different access scenarios to verify the consistency of the rules ‎and understand the trade-offs bet alween security and flexibility. Thus, the combination of ‎ABAC and Alloy provides a robust solution for managing access in complex cloud ‎environments while ensuring optimal protection of sensitive data.‎

ABAC-PA2: Attribute-Based Access Control Model with Privacy aware Anonymous Access

Cloud computing offers an excellent platform for sharing information and services among departments, partners, customers, and other parties. To ensure the effectiveness of a cloud deployment, it is imperative that resources and data are available in a secure and efficient manner. The protection of personally identifiable information (PII) is a critical requirement for many organizations in order to prevent unauthorized disclosure of that information. In spite of the fact that private information may not be stored within an authorized organization, it can still be protected. It has been shown in recent literature that anonymity can be used to preserve PII privacy. The current methodology for anonymous access is based on certificates rather than subject identity or attribute-based encryption. Identity-based access control is inflexible and violates privacy laws. Access to a certificate can be linked using a certificate that poses a risk of re-identification. The types of objects that can be encrypted by attributes are limited.To preserve the privacy of attributes set of subject and object, we extend the attribute-based access control (ABAC) model by expressing privacy requirements with anonymous access. It inherits several characteristics from ABAC, including fine-grained authorizations, unlimited object types, policy flexibility, and object privacy. ABAC-PA2 uses homomorphic attribute-based signature (HABS), a secure anonymous access framework that enhances ABAC's identity-less and incorporates privacy-preserving principles by assigning privacy levels to resources.

A Trusted Authentication Scheme Using Semantic LSTM and Blockchain in IoT Access Control System

In edge computing scenarios, due to the wide distribution of devices, complex application environments, and limited computing and storage capabilities, their authentication and access control efficiency is low. To address the above issues, a secure trusted authentication scheme based on semantic Long Short-Term Memory (LSTM) and blockchain is proposed for IoT applications. The attribute-based access control model is optimized, combining blockchain technology with access control models, effectively improving the robustness and credibility of access control systems. Semantic LSTM is used to predict environmental attributes that can further restrict user access and dynamically meet the minimum permission granting requirements. Experiments show that when the number of certificates is 60, the computational overhead of the proposed method is only 203s, which is lower than other state-of-the-art methods. Therefore, the performance of the proposed schema in information security protection in IoT environments shows promise as a scalable authentication solution for IoT applications.

Combo-Chain: Towards a hierarchical attribute-based access control system for IoT with smart contract and sharding technique

The Internet of Things (IoT) provides a collaborative environment among different entities (i.e., users, IoT devices, sensors, applications, etc.) to access resources. Despite the benefits that IoT technology brings to individuals, society, and industry, this technology faces a critical challenge in controlling access to various resources in IoT environments. To address this challenge, we propose Combo-Chain, an blockchain-based access control system deeply rooted in the concepts of the attribute-based access control (ABAC) model, smart contracts, and sharding. Combo-Chain introduces the concept of hierarchy for both subject attributes and object attributes to enhance flexibility and dynamicity when specifying ABAC policies, simplifying policy and attribute management. It not only manages access policies but also attributes by deploying a set of smart contracts. Furthermore, Combo-Chain utilizes sharding technique to distribute the overhead associated with storing and managing both access policies and attributes. Sharding also helps Combo-Chain to distribute the computational overhead when evaluating access requests among two groups of nodes, addressing the issues of low scalability and poor performance often associated with blockchain technology. Combo-Chain is implemented on a private Ethereum platform, and the experimental results demonstrate the superiority of Combo-Chain compared to existing blockchain-based access control systems.

Data Security Encryption Analysis Based on Blockchain Trusted Big Data Artificial Intelligence

Abstract The rapid development of Internet of Things (IoT) technology brings convenience to people but also brings data security problems. The data security problem can be solved effectively by blockchain due to its non-tampering and decentralization features. The purpose of traceability and auditable verification is achieved by adding user identity information and access policy to the blockchain in this paper. A blockchain-based data security access mechanism for cross-organizations is proposed and an attribute-based access control model is constructed. The feasibility and efficiency of this data protection scheme are evaluated by deploying an experimental environment and comparing it to reference schemes. The scheme proposed in this paper consumes less Gas for contract deployment than in other studies, and the Gas consumption grows slowly with more nodes, i.e., the cost grows slowly. The scheme in this paper consumes 7.00 seconds and 3.05 seconds less time than the reference network approach as well as the BAC approach in executing 300 transactions, respectively. The proposed scheme in this paper has shorter attribute secret key generation time and encryption/decryption time than the reference scheme. For example, when the number of attributes is 50, the scheme in this paper reduces the time of secret key generation by 144ms, 64ms, and 348ms compared to the scheme 1, 2, and 3. This paper breaks the performance bottleneck of blockchain and provides a new scheme for the security of user’s data and encryption.

An image partition security-sharing mechanism based on blockchain and chaotic encryption.

To ensure optimal use of images while preserving privacy, it is necessary to partition the shared image into public and private areas, with public areas being openly accessible and private areas being shared in a controlled and privacy-preserving manner. Current works only facilitate image-level sharing and use common cryptographic algorithms. To ensure efficient, controlled, and privacy-preserving image sharing at the area level, this paper proposes an image partition security-sharing mechanism based on blockchain and chaotic encryption, which mainly includes a fine-grained access control method based on Attribute-Based Access Control (ABAC) and an image-specific chaotic encryption scheme. The proposed fine-grained access control method employs smart contracts based on the ABAC model to achieve automatic access control for private areas. It employs a Cuckoo filter-based transaction retrieval technique to enhance the efficiency of smart contracts in retrieving security attributes and policies on the blockchain. The proposed chaotic encryption scheme generates keys based on the private areas' security attributes, largely reducing the number of keys required. It also provides efficient encryption with vector operation acceleration. The security analysis and performance evaluation were conducted comprehensively. The results show that the proposed mechanism has lower time overhead than current works as the number of images increases.

An Access Control Framework for Multilayer Rail Transit Systems Based on Trust and Sensitivity Attributes

The construction of multilayer rail transit systems is a necessary way to realize “modern metropolitan areas on rail”, improve resource sharing, and increase travel services, where data integration is of utmost importance. To break data silos and realize data flow between different rail systems, a fine-grained access control framework is proposed in this paper. Through categorical and hierarchical schemes, a universal security scale is established for cross-domain data resources. Based on this, a trust and sensitivity attribute-based access control (TSABAC) model is put forward to describe the characteristics of the access control process. Furthermore, the method of policy integration is discussed, as well as the solution to the policy incompatibility problem, due to cross-domain interaction. As shown in practical application and simulation analysis, this framework can meet the requirements of security and granularity. This research is of great significance for promoting the high-quality development of urban agglomerations and metropolitan areas, and improving the quality and efficiency of rail transit.

Attribute and User Trust Score-Based Zero Trust Access Control Model in IoV

The Internet of Vehicles (IoV) is an innovative area of interest in modern mobility that is rapidly evolving while facing complex challenges. Traditional IoV networks are susceptible to intrusion threats, which can lead to data leakage and seizure of vehicle control by attackers, thereby endangering vehicle users’ privacy and personal safety. An Attribute and User Trust Score-based Zero Trust Access Control Model (AU-ZTAC) is proposed, combining the zero-trust and attribute-based access control models to meet network protection requirements while achieving fine-grained dynamic access control and incorporating trust evaluation in the access control process to better reflect users’ intent. Experimental results demonstrate the effectiveness and feasibility of trust assessment through the proposed model. A comparison with the classical schemes illustrates that AU-ZTAC allows for more flexible and fine-grained access control in complex access control environments while improving IoV security.

DACP: Enforcing a dynamic access control policy in cross-domain environments

Enabling hybrid authorisations to enforce dynamic access control policy from single-domain to cross-domain environments (CDEs) is important for distributed services. However, traditional Attribute-Based Access Control (ABAC) models are incompatible with CDEs. To fill this gap, approaches that apply cryptographic primitives, e.g., attribute-based encryption (ABE), have been proposed. The computation and storage overhead in most ABE constructions is non-negligible and increases with the complexity of the associated policies. In addition, most access control policy systems enforce authorisation policies in a centralised way, raising serious security and privacy issues. In this paper, we introduce DACP – a practical Dynamic Access Control Policy system supporting dynamic cross-domain authorisation. DACP combines traditional ABAC approach and a novel cryptographic primitive Attribute-based group signature (ABGS). ABAC is used for the access control decision and policy enforcement according to the user’s attributes whereas ABGS is used for managing the user’s attributes between users and authorities. Thus, the user’s attributes are securely distributed along with the access structure in CDEs while preserving the user’s privacy. We present the concrete design and implementation of DACP, and evaluate it in real-world settings. The evaluation shows that DACP is practical and efficient in CDEs.

Hybrid Approaches (ABAC and RBAC) Toward Secure Access Control in Smart Home IoT

Smart homes are interconnected homes in which a wide variety of digital devices with limited resources communicate with multiple users and among themselves using multiple protocols. The deployment of resource-limited devices and the use of a wide range of technologies expand the attack surface and position the smart home as a target for many potential security threats. Access control is among the top security challenges in smart home IoT. Several access control models have been developed or adapted for IoT in general, with a few specifically designed for the smart home IoT domain. Most of these models are built on the role-based access control (RBAC) model or the attribute-based access control (ABAC) model. However, recently some researchers demonstrated that the need arises for a hybrid model combining ABAC and RBAC, thereby incorporating the benefits of both models to better meet IoT access control challenges in general and smart homes requirements in particular. In this paper, we used two approaches to develop two different hybrid models for smart home IoT. We followed a role-centric approach and an attribute-centric approach to develop HyBAC <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$_{RC}$</tex-math></inline-formula> and HyBAC <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$_{AC}$</tex-math></inline-formula> , respectively. We formally define these models and illustrate their features through a use case scenario demonstration. We further provide a proof-of-concept implementation for each model in Amazon Web Services (AWS) IoT platform. Finally, we conduct a theoretical comparison between the two models proposed in this paper in addition to the EGRBAC model (RBAC model for smart home IoT) and HABAC model (ABAC model for smart home IoT), which were previously developed to meet smart homes' challenges.

CRABAC: Combined Role-Attribute Based Access Control Model

Access control is one of the techniques to provide accessibility, flexibility and control over the cloud resources. The traditional access control model is no longer sufficient to provide protection of data. Due to the rising data breaches, it is important to evolve our data security mechanisms. Therefore, it is better to combine several techniques to bring out the most efficient technique. Thus, this paper introduces custom access control model where Role- Based Access Control (RBAC) model and Attribute-Based Access Control (ABAC) model is combined to give a single hybrid model. This technique brings out the best qualities of both models. It provides both flexibility and dynamicity. The assignment of attributes provides better security. Key Words: Access Control, Role-Based Access Control, Attribute-Based Access Control, Cloud Computing

Fine-grained access control policy in blockchain-enabled edge computing

In the process of data sharing and interaction between untrusted intelligence edge devices, there are risks of misuse and tampering with the data. Hence, how to ensure data security and prevent unauthorized data access is the key problem to be solved in the cloud edge collaborative architecture. However, due to the heterogeneity of edge devices and the diversity of data sources, traditional access control methods cannot meet the requirements of the large-scale, distributed, dynamic and flexible expansion of edge intelligence applications. Therefore, this paper studies the fine-grained data access control method on the basis of smart contracts, and implements the attribute-based access control (ABAC) model through smart contracts. To improve the query efficiency of attributes and policies in the process of access request decision, an attribute management scheme is designed on the basis of the Bloom filter to achieve fast retrieval of attributes and policies. The decentralized fine-grained access control method is tested under the performance indicators such as retrieval delay, deployment delay, rule reduction rate and decision response time.

Smart contracts attribute-based access control model for security &amp; privacy of IoT system using blockchain and edge computing

Smart contracts attribute-based access control model for security &amp; privacy of IoT system using blockchain and edge computing

A Blockchain-Based Trustworthy Model Evaluation Framework for Deep Learning and Its Application in Moving Object Segmentation.

Model evaluation is critical in deep learning. However, the traditional model evaluation approach is susceptible to issues of untrustworthiness, including insecure data and model sharing, insecure model training, incorrect model evaluation, centralized model evaluation, and evaluation results that can be tampered easily. To minimize these untrustworthiness issues, this paper proposes a blockchain-based model evaluation framework. The framework consists of an access control layer, a storage layer, a model training layer, and a model evaluation layer. The access control layer facilitates secure resource sharing. To achieve fine-grained and flexible access control, an attribute-based access control model combining the idea of a role-based access control model is adopted. A smart contract is designed to manage the access control policies stored in the blockchain ledger. The storage layer ensures efficient and secure storage of resources. Resource files are stored in the IPFS, with the encrypted results of their index addresses recorded in the blockchain ledger. Another smart contract is designed to achieve decentralized and efficient management of resource records. The model training layer performs training on users' servers, and, to ensure security, the training data must have records in the blockchain. The model evaluation layer utilizes the recorded data to evaluate the recorded models. A method in the smart contract of the storage layer is designed to enable evaluation, with scores automatically uploaded as a resource attribute. The proposed framework is applied to deep learning-based motion object segmentation, demonstrating its key functionalities. Furthermore, we validated the storage strategy adopted by the framework, and the trustworthiness of the framework is also analyzed.

AccessChain: An access control framework to protect data access in blockchain enabled supply chain

In recent years, supply chains have evolved into huge ecosystems, demanding trust, provenance, and data privacy. Since blockchain technology (BCT) allows for the development of a distributed environment, it is ideal for supply chain management (SCM) applications. However, concerns regarding data privacy have impeded the development of blockchains. Despite the fact that some blockchains can restrict participants from reading and/or writing data, blockchain’s transparency makes protecting sensitive data challenging. To solve the data privacy challenge, this paper proposes a framework, AccessChain, that is an SCM access control framework that is based on an attribute-based access control (ABAC) model that restricts access to competing parties while allowing for network scalability. This proposed AccessChain model has two types of ledgers in its system: local and global. Local ledgers are used to store business contracts between stakeholders and the attribute-based access control model management, whereas the global ledger is used to record transaction data. AccessChain can enable decentralized, fine-grained and dynamic access control management in SCM when combined with the ABAC model and BCT. This paper’s experimental results illustrate that high throughput can be achieved in a large-scale request environment while maintaining data privacy and sustaining a scalable network.

Authorization Recycling in Attribute-Based Access Control

In most access control scenarios, the communication between the PDP (policy decision point) and the PEP (policy enforcement point) can cause high authorization overhead. Authorization recycling enables PEP to use the previous access control decisions fetched from the PDP to handle some upcoming access control requests, reduce authorization costs, and increase the efficiency of access control decision-making. Inspired by the RBAC (role-based access control) authorization recycling mechanism, this article first presents an ABAC (attribute-based access control) model based on Boolean expressions of subject and object attributes. It then proposes an authorization recycling approach for this model. In this approach, we provide construction and update methods for authorization data caches and access control decision-making rules for SDP (secondary decision point) by using the caches. The proposed approach can deduce precise and approximate access control decisions from the cache of authorization data, reducing communication between the PEP and the PDP. Finally, the feasibility of the proposed method is verified by conducting a small-scale test. ABAC, SDP, authorization recycling, and authorization caching.

End-to-End Database Software Security

End-to-end security is essential for relational database software. Most database management software provide data protection at the server side and in transit, but data are no longer protected once they arrive at the client software. In this paper, we present a methodology that, in addition to server-side security, protects data in transit and at rest on the application client side. Our solution enables flexible attribute-based and role-based access control, such that, for a given role or user with a given set of attributes, access can be granted to a relation, a column, or even to a particular data cell of the relation, depending on the data content. Our attribute-based access control model considers the client’s attributes, such as versions of the operating system and the web browser, as well as type of the client’s device. The solution supports decentralized data access and peer-to-peer data sharing in the form of an encrypted and digitally signed spreadsheet container that stores data retrieved by SQL queries from a database, along with data privileges. For extra security, keys for data encryption and decryption are generated on the fly. We show that our solution is successfully integrated with the PostgreSQL® database management system and enables more flexible access control for added security.

An Internet of Things Access Control Scheme Based on Permissioned Blockchain and Edge Computing

In the IoT (Internet of Things) environment, the existing access control schemes for device resources have some problems, such as poor scalability, high latency, security, and dynamics. Combining the advantages of the permissioned blockchain and edge computing, an access control scheme for the Internet of Things based on the permissioned blockchain and edge computing is proposed. By authenticating the user’s identity at the edge, the user’s identity is reliable and the response time is improved. In the ABAC (Attribute Based Access Control) model, the blockchain is regarded as a trusted entity, and the access control policy is written into a smart contract and deployed on the blockchain for calling. Most of the existing consensus algorithms have the problems of low throughput and scalability. A Kraft (Kademlia–Raft) consensus algorithm is introduced to solve the above issues. Security analysis and experimental results show that the scheme can achieve fine-grained, dynamic access control, has high throughput and low latency, and ensures security and reliability.

Blockchain-based dynamic trust access control game mechanism

The blockchain-based access control mechanism (BACM) is gradually becoming an essential paradigm for solving dynamic and trusted access control problems in the open network environment. However, since the current open network environment has such features as dynamic variability and the uncertainty of user identity, most of the existing BACM cannot solve the access control problems in the current open network environment in a dynamic, flexible, proactive, efficient, and fine-grained approach. In this paper, we propose a novel BACM scheme to address such problems. Specifically, we first design a new, proactive, and fine-grained access control model, by utilizing the dynamicity and fine-grain of the attribute-based access control model, flexibility shown by the trust evaluation mechanism in evaluating the trust level of users, and proactivity shown by the game evaluation mechanism in curbing malicious users who suddenly launch malicious access requests. Second, based on the above access control model, we propose a dynamic, flexible, and proactive BACM for the current open network environment, exploiting the trustworthiness and transparency that the smart contract and the transaction mechanism in blockchain technology show during program execution. Further, a double sliding storage window is built, guaranteeing accurate data acquisition by BACM while efficiently allowing it to acquire time-sensitive data during the permission management process. Meanwhile, a pre-authorization concept is introduced to improve the efficiency and flexibility of BACM in processing access control problems. Security analysis demonstrates that our proposed BACM scheme satisfies the simple security issue and the simple availability issue. Experiments on a real user trust record dataset demonstrate the high effectiveness of the proposed BACM scheme in evaluating and deciding on access requests and the superiorities over most existing schemes in dynamicity, fine granularity, flexibility, and proactivity.

Attribute-based Access Control Model in Healthcare Systems with Blockchain Technology

Attribute-based Access Control Model in Healthcare Systems with Blockchain Technology