Dynamic Access Control Research Articles

A Proposed Model for Trust Management: Insights from a Simulation Study in the Context of Cloud Computing

In computing systems, one of the centric topics entails cloud computing. This dominance is attributed to the crucial role that the concept plays in the daily lives of individuals, especially in the wake of the increasing adoption of technology by individuals and organizations. Indeed, the motivation behind the establishment, adoption, and implementation of cloud computing has been attributed to the need to offer low-cost and quick consumer service provision, as well as data manipulation and storage. However, the cloud environment continues to face security threats, a trend that informs the need for further investigations and analyses that could provide room for new system improvements. The current simulation study presents a dynamic model for security management in a cloud computing environment, with the central parameter involving electronic trust. Imperatively the proposed study examines interactions between the data provider and the data owner, as well as the end user. Specifically, the proposed model is that which ensures that for authentication purposes and access permissions, there is a continuous update of trust values. From the results, the model is flexible relative to the provision of dynamic access control, a positive trend that points to its promising level of efficiency.

RCBAC: A risk-aware content-based access control model for large-scale text data

Unstructured data (mostly text data) have become a vital part in the era of big data. Hence, it has become increasingly difficult to identify the internal relations among data and describing the access control object during the design of access control (especially fine-grained access control) policies. Furthermore, in recent years, security incidents have frequently occurred due to the leakage of secrets by insiders, in both enterprises and government agencies around the world. Due to dynamic user behavior, it is difficult to determine “curious accesses” and grant authority based on traditional static access control models. Therefore, we need a dynamic access control model that is content-driven and can be used to find curious users in daily practice. This paper proposes a risk-aware content-based access control model (RCBAC) which can be used to solve over-authorization problems and can grant file-level authority to users. Based on the relevance of the data content and the duties of each user, RCBAC can quantify the risk of both the access behavior and the access history; accordingly, each user's access ability can be adjusted dynamically. The experimental results show that the RCBAC model can separate curious users from normal users and limit the access ability of curious users.

DACIoT: Dynamic Access Control Framework for IoT Deployments

This article presents a dynamic access control framework for the Internet of Things (DACIoT). The main objective of DACIoT is to prevent unauthorized access to IoT devices and tightens the authorized access while an IoT device is in use. The rigidness of existing access control (AC) techniques in terms of manual policy specification, discontinuity of access decision making, and immutability to changing access behaviors makes these solutions fall short in highly dynamic IoT environments. DACIoT supports three functionalities that are lacking in existing AC solutions: 1) automatic policy generation; 2) continuous policy enforcement; and 3) adaptive policy adjustment. The DACIoT extends the standard reference model of the extensible AC markup language (XACML) with the added three functionalities to improve the adaptability of attribute-based AC policies to highly dynamic IoT environments. Results show that DACIoT provides improved security, dynamic adaptability, and can scale efficiently to IoT environments.

Blockchain-empowered decentralised trust management for the Internet of Vehicles security

Internet of Vehicles (IoV) requires trust management to implement effective authentication and authorization of nodes, as it is not possible to establish trusted connections to the roadside components that eventually a vehicle will meet during its journey, ahead of time. To cope with this issue, dynamic access control is required, where authorizations are granted considering security policies and the node trustworthiness. However, decentralized trust management is a preferable solution, but it implies a considerable consumption of energy. Consumption is further exacerbated by the means needed to protect from attacks the trust management entities themselves.This work proposes suitable trust management for the IoT and IoV by exploiting the eventual consistency and security guarantees of blockchain. The design of a solution based on such technology is described, and an empirical assessment of its protection degree is provided.

Risk-Based Access Control Model: A Systematic Literature Review

Most current access control models are rigid, as they are designed using static policies that always give the same outcome in different circumstances. In addition, they cannot adapt to environmental changes and unpredicted situations. With dynamic systems such as the Internet of Things (IoT) with billions of things that are distributed everywhere, these access control models are obsolete. Hence, dynamic access control models are required. These models utilize not only access policies but also contextual and real-time information to determine the access decision. One of these dynamic models is the risk-based access control model. This model estimates the security risk value related to the access request dynamically to determine the access decision. Recently, the risk-based access control model has attracted the attention of several organizations and researchers to provide more flexibility in accessing system resources. Therefore, this paper provides a systematic review and examination of the state-of-the-art of the risk-based access control model to provide a detailed understanding of the topic. Based on the selected search strategy, 44 articles (of 1044 articles) were chosen for a closer examination. Out of these articles, the contributions of the selected articles were summarized. In addition, the risk factors used to build the risk-based access control model were extracted and analyzed. Besides, the risk estimation techniques used to evaluate the risks of access control operations were identified.

A dynamic and hierarchical access control for IoT in multi-authority cloud storage

Internet-of-Things (IoT) is massively growing and introducing several benefits that are able to transform the world. Also, cloud computing has become significantly important due to its ability to handle large sets of data. IoT and cloud computing present a stalwart combination that can enrich several analytics and applications. Nevertheless, cloud data security and users privacy can have gaps. Especially when the IoT and cloud systems deal with a dynamically behaving users within a centralized and costly environment. Therefore, there is an urgent need for a dynamic access control scheme that considers the users’ behavior while making the access control decisions within a reasonable time. In this paper, we introduce a Multi-Dimensional Access Control (MD-AC) scheme for dynamically authorizing and revoking users in the cloud with multiple authorities. The experimental results indicate that MD-AC can evaluate access requests within reasonable and acceptable processing times. By considering very hard experimental conditions and numerous transactions, the average encryption and decryption times are 18 and 10 ms respectively. Furthermore, the proposed scheme is validated and compared with recent state-of-art schemes. The results demonstrate that the proposed scheme is fast and robust against different well-known attacks. Moreover, MD-AC can be used for keeping the privacy of IoT services over the cloud environment.

Modelling and Verifying Dynamic Access Control Policies in Workflow-Based Healthcare Systems

Access control system is an important component to protect patients’ information from abuse in a health care system. It is a major concern in the management, design, and development of healthcare systems. Designing access control policies for healthcare systems is complicated due to the dynamic and inherent complexity of the tasks performed by the healthcare personnel. Permissions in access control systems are usually granted on the basis of static policies. However, static policies are not enough to cope with various situations such as emergencies. Most often, the Break-the-glass mechanism is used to bypass static policies to handle emergency situations. Since healthcare systems are critical systems, where errors can be very costly in terms of lives, quality of life, and/or dollars, it is crucial to identify discrepancies between policy specifications and their intended function to implement correctly a flexible access control system. Formal verifications are necessary for exhaustive verification and validation of policy specifications to ensure that the policy specifications truly encapsulate the desires of the policy authors. We present a verifiable framework to enact a dynamic access control model by integrating the ANSI/INCTIS RBAC Reference Model in a workflow and an approach for property verifications of the access control model. Access control policies are expressed by the formal semantics of a model checker and properties are verified by the DiVinE model checker.

Dynamic Access Control Scheme for Personal Health Record in Cloud Computing

Presently, usage of Cloud computing is increasing, due to internet availability most of Personal Health Record (PHR) owners outsourcing their records to the cloud, but it is untrusted, so a security mechanism needed in this paper proposing Dynamic Time-based encryption (DTBE), it derived from classic ABE. In the past, many researchers suggested different access controls for secure PHR. Still, most of the access control mechanisms introduce burden to the PHR owner while performing dynamic operations insertion, PHR user revocation, and when it updates, PHR users attribute list. Most of the ABE schemes have several limitations as it cannot efficiently handle adding or revoking users or identity attributes. It needs to keep multiple encrypted copies of the same key that incurs high computational costs. So, there is a need for a suitable access control mechanism that should support effective policies.

Secure auditing and deduplication for encrypted cloud data supporting ownership modification

Storing only one unique copy of the same cloud data and guaranteeing its integrity are two main goals for cloud storage auditing and deduplication schemes. In such schemes, data owners can firmly believe the data integrity by periodically auditing and the cloud server can save lots of storage space by exploiting the duplication techniques. However, when a data owner deletes or modifies his outsourced data, he should lose the ownership for the original data and should not be able to successfully retrieve this data any more. For all we know, existing cloud storage auditing and deduplication literatures fail to support the modifications of ownership, which actually occur quite often in actual cloud storage scenarios. In this paper, we propose the first deduplicated data integrity auditing scheme supporting the ownership modification. It guarantees the integrity of the outsourced data and supports the dynamic access control over the outsourced data. We employ a re-encryption algorithm and the secure identity-based broadcast encryption technology, which prevent data from being disclosed to the revoked owners, even if they previously had prior ownership of these data. The security and efficiency of our proposed scheme have been validated by detailed analysis and experiments.

Attribute-Based Access Control Using Smart Contracts for the Internet of Things

Abstract Access control is one of the most important security concerns, which is critical in resource and information protection over IoT devices. This paper proposes a new scheme that combines attribute-based access control (ABAC) model with blockchain technology and uses smart contracts for access control judgment. This scheme can realize dynamic, distributed and reliable access control in the open IoT environment. The IoT access control system based on this scheme consists of five functional modules. The information registration point registers information for each device that joins the system. Policy enforcement point (PEP) is responsible for managing agent-devices in the system and processing original access requests from access subjects. Policy decision point (PDP) makes access control right decision through smart contracts. Policy administration point (PAP) is used to manage smart contract information. Policy information point (PIP) is used to manage key attribute information of devices used for access control judgment. The scheme also includes three types of smart contracts, one management contract (MC) is used to manage other contracts in the system, one policy decision contract (PDC) is responsible for obtaining attribute information from PIP and making final access control right decision, and a large number of policy contracts (PCs) which composed of a public policy contract (PPC) and a large number of exclusive policy contracts (EPCs). These PCs are used to implement specific attribute-based access control policies. To demonstrate the application of the scheme, we simulated a scenario of access control in a home IoT environment and verified the feasibility of access control decisions using our proposed scheme through three experiments.

Enhancing Secrecy Rate of UE with Dynamic Authentication and Access Control in 5G Communication Networks

Enhancing Secrecy Rate of UE with Dynamic Authentication and Access Control in 5G Communication Networks

A trust and attribute-based access control framework in internet of things

Internet of things (IoT) is widely used in kinds of environment where cloud computing provides super-strong computing support. However, it becomes a key issue that each node can access data under control within the human intention and data is shared securely in distributed IoT environment. Moreover, nodes may belong to different security domains, and data must be accessed only by selected users which could ensure the security of IoT system. Therefore, an effective access control technique is the key point to solve this issue. To address the problems of security, scalability and cross-domain, this paper proposes a fine-grained and dynamic access control model which combines ABAC with trust mechanism and considers dynamic trust attribute and static multi-attribute as synthetic constraints. The simulation results show the feasibility and effectiveness of the proposed scheme, which provides superior characteristics and improves the security of IoT system.

Fabric-iot: A Blockchain-Based Access Control System in IoT

IoT devices have some special characteristics, such as mobility, limited performance, and distributed deployment, which makes it difficult for traditional centralized access control methods to support access control in current large-scale IoT environment. To address these challenges, this paper proposes an access control system in IoT named fabric-iot, which is based on Hyperledger Fabric blockchain framework and attributed based access control (ABAC). The system contains three kinds of smart contracts, which are Device Contract (DC), Policy Contract (PC), and Access Contract (AC). DC provides a method to store the URL of resource data produced by devices, and a method to query it. PC provides functions to manage ABAC policies for admin users. AC is the core program to implement an access control method for normal users. Combined with ABAC and blockchain technology, fabric-iot can provide decentralized, fine-grained and dynamic access control management in IoT. To verify the performance of this system, two groups of simulation experiments are designed. The results show that fabric-iot can maintain high throughput in large-scale request environment and reach consensus efficiently in a distributed system to ensure data consistency.

A trust and attribute-based access control framework in internet of things

Internet of things (IoT) is widely used in kinds of environment where cloud computing provides super-strong computing support. However, it becomes a key issue that each node can access data under control within the human intention and data is shared securely in distributed IoT environment. Moreover, nodes may belong to different security domains, and data must be accessed only by selected users which could ensure the security of IoT system. Therefore, an effective access control technique is the key point to solve this issue. To address the problems of security, scalability and cross-domain, this paper proposes a fine-grained and dynamic access control model which combines ABAC with trust mechanism and considers dynamic trust attribute and static multi-attribute as synthetic constraints. The simulation results show the feasibility and effectiveness of the proposed scheme, which provides superior characteristics and improves the security of IoT system.

Secured Information Sharing in Mobile Cloud Computing using Access Controls

Presently usage of smart mobiles increasing, due to internet availability most of users outsourcing their data to cloud but it is untrusted, so a security mechanism needed in this work proposing Homomorphic cipher text policy-Attribute based encryption (HCP-ABE), it derived from classic ABE. “Mobile cloud computing are combinations of mobile computing and cloud computing”, mobile applications are designed and hosted in cloud computing without verifying about mobile environment. Security models are constructed using Perturbation methods as per literature. These models are not secure compared to cryptographic techniques. When perturbation methods are used, Data reconstruction becomes a significant challenge. Hence computations are complicated to perform. Furthermore, this method suffers a trade-off between accuracy and privacy and most of the research work focused on key management issues and static access policies but due to user dynamic the access control mechanism should design for proactive strategies. To support dynamic access control and operations HCP-ABE scheme intended. In this paper we identify challenges associated with mobile cloud-based security system and possible provide solutions to understand existing research work conducting compressive review on different access control mechanisms.

SODA: A software-defined security framework for IoT environments

The Internet of Things (IoT), based on interconnected devices, enables a variety of elegant new services that could not be realized in a traditional environment, and many of these services harvest the information of a potentially sensitive and private nature belonging to individual users. Unfortunately, existing security functions used to protect such information are difficult to implement in an IoT environment due to the widely varying capacities, functionalities, and security requirements of IoT devices. In this work, to protect against unrestricted accesses to other devices and information extortion from these devices, we propose SODA, a secure IoT gateway that enables a device-side dynamic access control and is capable of deploying various security services to protect sensitive and private information. To show its effectiveness and practicality, we assume that a large number of IoT devices are crowded around an IoT gateway, and we implement a prototype of SODA for such an environment based on software-defined-networking (SDN) and integrate virtual network functions (VNFs) over network function virtualization (NFV) on top of a real IoT device. From our evaluation, we demonstrate how SODA mitigates real-world attacks through its security functions, and presents how it satisfies the performance requirements of a real environment.

Dynamic Access Control to Semantics-Aware Streamed Process Logs

Business process logs are composed of event records generated, collected and analyzed at different locations, asynchronously and under the responsibility of different authorities. Their analysis is often delegated to auditors who have a mandate for monitoring processes and computing metrics but do not always have the rights to access the individual events used to compute them. A major challenge of this scenario is reconciling the requirements of privacy and access control with the need to continuously monitor and assess the business process. In this paper, we present a model, a language and a software toolkit for controlling access to process data where logs are made available as streams of RDF triples referring to some company-specific business ontology. Our approach is based on the novel idea of dynamic enforcement: we incrementally build dynamic filters for each process instance, based on the applicable access control policy and on the current prefix of the event stream. The implementation and performance validation of our solution is also presented.

ITrust: identity and trust based access control model for healthcare system security

The patient and healthcare professionals use the Electronic Healthcare System (EHS) for accessing medical records from the remote locations via the Internet. The emerging healthcare system has several advantages such as better management of the healthcare data, streamlined collaboration, improvement of medical care, insurance purpose, medical data backup, etc. Regardless of its advantages, the sensitivity and openness nature of the healthcare system arises different type of attacks and threats such as insider attack, service hijacking, abuse use of healthcare data, and impersonation attack. In the EHS, without knowing the prior information of the requester, data sharing is another considerable issue. Hence, a dynamic Access Control Model (ACM) is needed to overcome the above-discussed issues. In the EHS, the addition of trust into the access control solutions can provide dynamic access to the resources. To achieve such a model, in this paper, we have added user trust into the Identity Based Access Control (IBAC) model. For the computation of user trust, we have used beta reputation approach. An access control rule set has been proposed based on the trust degree and identity of the user to provide access in a controlled manner. This hybrid ACM and rule set not only protect the data from unauthorized access but also dynamically control the access view of the healthcare data. The experimental result of the proposed model shows that it is more accurate and reliable as compared to other trust models.

Deep reinforcement learning mechanism for dynamic access control in wireless networks handling mMTC

One important issue that needs to be addressed in order to provide effective massive deployments of IoT devices is access control. In 5G cellular networks, the Access Class Barring (ACB) method aims at increasing the total successful access probability by delaying randomly access requests. This mechanism can be controlled through the barring rate, which can be easily adapted in networks where Human-to-Human (H2H) communications are prevalent. However, in scenarios with massive deployments such as those found in IoT applications, it is not evident how this parameter should be set, and how it should adapt to dynamic traffic conditions. We propose a double deep reinforcement learning mechanism to adapt the barring rate of ACB under dynamic conditions. The algorithm is trained with simultaneous H2H and Machine-to-Machine (M2M) traffic, but we perform a separate performance evaluation for each type of traffic. The results show that our proposed mechanism is able to reach a successful access rate of 100 % for both H2H and M2M UEs and reduce the mean number of preamble transmissions while slightly affecting the mean access delay, even for scenarios with very high load. Also, its performance remains stable under the variation of different parameters.

Design of Wireless Network on Chip with Priority-Based MAC

The wireless network on chip WiNoC introduces wireless links in the traditional network on chip (NoC), which reduces the network diameter and enables high-throughput, low-latency data communications. In addition, if wireless nodes can dynamically request data transmission, wireless bandwidth will be more effectively utilized. In order to implement a conflict-free, adaptive bandwidth allocation strategy, a priority-based dynamic media access control mechanism has been designed. In this work, a dynamic priority calculation method has been proposed based on the packets’ transmission time and the waiting time in the queue. Then, a priority calculating unit is designed to calculate the dynamic priority of the packet. Finally, the central control unit designed obtains the dynamic priority of the packets, and dynamically authorizes the use rights of the wireless medium according to the priority of the data packet. Simulation experiments show that the media access control mechanism proposed in this paper has significant improvements in throughput, delay, and power consumption performances compared with other mechanisms [S.Deb et al., Wireless NoC as interconnection backbone for multicore chips: promises and challenges, IEEE J. Emerg. Sel. Topics Circuits Syst. 2 (2012) 228–239].