Hybrid Access Control Research Articles

Simulation-Based Evaluation of Advanced Threat Detection and Response in Financial Industry Networks Using Zero Trust and Blockchain Technology

The financial sector is increasingly facing advanced cyber threats, necessitating a shift from traditional security measures to more dynamic frameworks. This study presents a novel integration of Zero Trust architecture with hybrid access control system and blockchain technology to enhance security in financial institutions. Zero Trust enforces continuous authentication and dynamic access controls, while blockchain secures digital identities and transaction logs through its immutable ledger, ensuring data integrity and non-repudiation. The proposed framework, evaluated using OMNeT++ simulations enhanced by Ethereum-Ganache, shows improved detection accuracy, reduced false positives, and increased resistance to insider threats and other attacks. It also strengthens compliance with regulatory requirements through robust audit trails, providing enhanced protection for sensitive financial data.

Leveraging dual‐blockchain collaboration for logistics supply chain supervision

AbstractLogistics supply chain (LSC), a chain structure that integrates and coordinates all logistics transactions, has become an essential component of the modern logistics industry. By using blockchain, trusted logistics services enable participants to effectively record and track transactions during the logistics process. Current blockchain‐based LSC features distributed structure and data privacy requirements, hindering the supervision of logistics transactions. Leveraging emerging dual‐blockchain architecture to separate logistics transactions from supervision is a promising direction. However, the dual‐blockchain collaboration restricts supervision due to its cross‐chain privacy and efficiency. To address these issues, a logistics supply chain supervision scheme based on dual‐blockchain collaboration (DBC) is proposed. First, an independent supervision blockchain is constructed to balance the contradiction between distributed structure and supervision requirements. Second, two mechanisms are designed to enhance the privacy and performance of collaborative supervision. The hybrid access control mechanism enables fine‐grained supervision for different participants, and the aggregated transaction verification method supports efficient collaboration for logistics transactions. Security analysis and performance evaluation demonstrate the feasibility of DBC in enhancing the security and supervision of logistics data on the dual‐blockchain architecture. Experimental results show that the cross‐chain supervision overhead of DBC is reduced to of the baseline schemes.

A Novel Cloud Enabled Access Control Model for Preserving the Security and Privacy of Medical Big Data

In the context of healthcare, big data refers to a complex compilation of digital medical data collected from many sources that are difficult to manage with normal technology and software due to its size and complexity. These big data are useful in various aspects of healthcare, such as disease diagnosis, early prevention of diseases, and predicting epidemics. Even though medical big data has many advantages and a lot of potential for revolutionizing healthcare, it also has a lot of drawbacks and problems, of which security and privacy are of the utmost concern, owing to the severity of the complications once the medical data is compromised. On the other hand, it is evident that existing security and privacy safeguards in healthcare organizations are insufficient to protect their massive, big data repositories and ubiquitous environment. Thus, motivated by the synthesizing of the current knowledge pertaining to the security and privacy of medical big data, including the countermeasures, in the study, firstly, we provide a comprehensive review of the security and privacy of medical big data, including countermeasures. Secondly, we propose a novel cloud-enabled hybrid access control framework for securing the medical big data in healthcare organizations, and the result of this research indicates that the proposed access control model can withstand most cyber-attacks, and it is also proven that the proposed framework can be utilized as a primary base to build secure and safe medical big data solutions. Thus, we believe this research would be useful for future researchers to comprehend the knowledge on the security and privacy of medical big data and the development of countermeasures.

StuChain: an efficient blockchain-based student e-portfolio platform integrating hybrid access control approach

StuChain: an efficient blockchain-based student e-portfolio platform integrating hybrid access control approach

DHACS: Smart Contract-Based Decentralized Hybrid Access Control for Industrial Internet-of-Things

The integration between blockchains, Internet-of-Thing (IoT), and smart contracts is an emerging and promising technology. The advantages of this technology have raised the importance of Industrial Internet-of-Thing (IIoT) and have paved the pathway for “Industry 4.0.” Surprisingly, access control has received less attention in IIoTs. Though there are some solutions coming forward to use blockchains for IIoT to enable secure and resilient access control management, the challenge is to satisfy the low-latency requirements of IIoTs for validating and adding the blocks to the chain. Besides, role-based and rule-based access controls in the existing systems can be forged without organizational access controls and compliance. Therefore, we address these problems in this article. In the present work, we propose <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">DHACS</i> , a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Decentralized Hybrid Access Control for Smart contract</i> , for IIoTs. DHACS aims to provide transparency, reliability, and robustness to the existing access control mechanism in IIoTs. The framework is based on blockchain feasibilities that contribute to an interconnected hybrid access control through smart contract provision. It is a novel idea in the domain of IIoTs. We use three access control strategies, role-based, rule-based, and organization-based, to develop a hybrid approach for smart contract in DHACS. The operational transactions along with their access controls are accounted and blocks are made by the transaction pooler and block creator. We use a private blockchain environment; however, it can be extended to a public blockchain or consortium blockchain for geographical distributed dependency. We compare DHACS with three existing approaches in recent time. We measure the performance in terms of computational costs, storage complexity, and energy consumption. DHACS outperforms the others approaches and is considered to be efficient for IIoT applications with more than 30% better efficiency in access control management. To the best of our knowledge, DHACS is the first attempt to use decentralized blockchains with smart contract for hybrid access control in IIoTs.

Traditional and Hybrid Access Control Models: A Detailed Survey

Access control mechanisms define the level of access to the resources among specified users. It distinguishes the users as authorized or unauthorized based on appropriate policies. Several traditional and hybrid access control models have been proposed in previous researches over the last few decades. In this study, we provide a detailed survey of access control models and compare the traditional and hybrid access control models based on their access control criteria. This survey focuses on the growing literature of access control models and summarizes it through comparative analysis, identifying limitations and illustrating the advantages of both traditional and hybrid models. This study will help the researchers to get a deep understanding of the traditional and hybrid access control models.

Service-Based Hybrid Access Control Technology with Priority Level for the Internet of Vehicles under the Cloud Architecture

The communication process of devices in IoV under cloud architecture needs to be protected by access control models. However, existing access control models have difficulty establishing the appropriate granularity of permissions in the face of large amounts of data in IoV. Moreover, the access control model may need to temporarily change user privileges to accommodate the dynamic nature of IoV scenarios, a requirement that is difficult to implement for traditional access control models. The unstable connection status of devices in IoV also creates problems for access control. The service (composed of role and attribute) based access control model (in IoV) S-RABAC (V), under the Cloud computing architecture, introduces a formal theoretical model. The model uses attribute grouping and prioritization mechanisms to form a hierarchical structure. The permission combination pattern in the hierarchical structure can avoid duplicate permissions and reduce the number of permissions while ensuring fine-grained permissions. Different layers in the model have different priorities, and when a user’s permission requires temporary changes, it can be adjusted to the corresponding layers according to the user’s priority. In addition, users are allowed to keep their assigned privileges for a period to avoid frequent access control because of unstable connections. We have implemented the proposed access control model in Alibaba Cloud Computing and given six example demonstrations. The experiment shows that this is an access control model that can protect IoV security more effectively. Various unique mechanisms in the model enable S-RABAC(V) to improve the overall access control efficiency. The model adds some extra features compared to ABAC and RBAC and can generate more access control decisions using the priority mechanism.

Protocol-Based and Hybrid Access Control for the IoT: Approaches and Research Opportunities.

Internet of Things (IoT) applications and services are becoming more prevalent in our everyday life. However, such an interconnected network of intelligent physical entities needs appropriate security to sensitive information. That said, the need for proper authentication and authorization is paramount. Access control is in the front line of such mechanisms. Access control determines the use of resources only to the specified and authorized users based on appropriate policy enforcement. IoT demands more sophisticated access control in terms of its usability and efficiency in protecting sensitive information. This conveys the need for access control to serve system-specific requirements and be flexibly combined with other access control approaches. In this paper, we discuss the potential for employing protocol-based and hybrid access control for IoT systems and examine how that can overcome the limitations of traditional access control mechanisms. We also focus on the key benefits and constraints of this integration. Our work further enhances the need to build hierarchical access control for large-scale IoT systems (e.g., Industrial IoT (IIoT) settings) with protocol-based and hybrid access control approaches. We, moreover, list the associated open issues to make such approaches efficient for access control in large-scale IoT systems.

A blockchain-based access control scheme for smart home

With the advancement of technology and economy, the scale of the smart home industry has exploded. While improving people’s lives, smart home systems are facing threats to privacy leaks, malicious attacks, and structural security. Effective security mechanisms are very important for protecting valuable data in smart home systems. Access control helps information systems prevent malicious access, thereby reducing the risk of privacy leakage. Blockchain can provide security support for the Internet of Things system due to its advantages of decentralization and immutability. Therefore, in this paper, a smart home access control scheme based on blockchain is proposed. The scheme uses Hyperledger Fabric and implements access control strategies through smart contracts. By designing a hybrid access control model based on dynamic attribute-based access control and static access control matrix, the remote access control initiated by the user through the Internet and the access control between local devices are well guaranteed at the same time. Through safety analysis and performance evaluation, the feasibility of the proposed scheme is demonstrated.

Formalisation of access control based on observers automata

The modelling of access control (AC) policies aim to describe aspects of different security requirements at a higher level of abstraction. Once the AC policy has been modelled, the difficulty lies in the expression and formal verification of the properties of this policy. This paper proposes to develop a formal framework for the specification and validation of the hybrid AC policy. In order to increase the flexibility of AC, an extension of the UACML model to the emergency RBAC model (E-RBAC) is proposed. We start with the semiformal specification of AC rules using activity diagrams that we call E-UACML accompanied by AC constraints and spatio-temporal constraints. E-UACML is then translated into a formal specification expressed in the Fiacre language and the requirements in observer automata using the CDL language. The latter is used to formally verify the properties with OBP (model checking). We evaluate our approach with a case study.

Formalization of Access Control Based on Observers Automata

The modelling of access control (AC) policies aim to describe aspects of different security requirements at a higher level of abstraction. Once the AC policy has been modelled, the difficulty lies in the expression and formal verification of the properties of this policy. This paper proposes to develop a formal framework for the specification and validation of the hybrid AC policy. In order to increase the flexibility of AC, an extension of the UACML model to the emergency RBAC model (E-RBAC) is proposed. We start with the semiformal specification of AC rules using activity diagrams that we call E-UACML accompanied by AC constraints and spatio-temporal constraints. E-UACML is then translated into a formal specification expressed in the Fiacre language and the requirements in observer automata using the CDL language. The latter is used to formally verify the properties with OBP (model checking). We evaluate our approach with a case study.

A novel access control mechanism for secure cloud communication using SAML based token creation

Cloud computing has prominent branches of research with emerging technologies. The research related to security has increased with unusual disputes. Cloud service providers, as well as the users, have similar problems in concern with security issues. This paper has implemented to surmount protection-connected problems in deep related to data transfer problems in connection with efficiency in regard to time and cost. A hybrid access control mechanism (HACM) has been implemented, combining User-ID and User-Profile verification. Furthermore, the mechanism emphasizes the provision of safety measures in various circumstances. In this mechanism, SAML based token creation is employed to enhance safety measures. The architecture of this hybrid approach is offered to deal with User-ID and User-Profile managerial issues in the INTER/INTRA cloud framework. Indeed, it is verified with the implementation that this approach effectively improves safety measures in regard to time and cost.

A Hybrid Access Control Model With Dynamic COI for Secure Localization of Satellite and IoT-Based Vehicles

Secure localization of vehicles is gaining the attention of researchers from both academia and industry especially due to the emergence of internet of things (IoT). The modern vehicles are usually equipped with circuitries that gives connectivity with other vehicles and with cellular networks such as 4G/Fifth generation cellar network (5G). The challenge of secure localization and positioning is magnified further with the invention of technologies such as autonomous or driverless vehicles based on IoT, satellite, and 5G. Some satellite and IoT based localization techniques exploit machine learning, semantic segmentation, and access control mechanism. Access control provides access grant and secure information sharing mechanism to authorized users and restricts unauthorized users, which is necessary regarding security and privacy of government or military vehicles. Previously, static conflict of interest (COI) based access control was used for security proposes. However, static COI based access control creates excesses and administrative overload that creates latency in execution, which is the least tolerable factor in modern IoT or 5G control vehicles. Therefore, in this paper, a hybrid access control (HAC) model is proposed that implements the dynamic COI in the HAC model on the level of roles. The proposed model is enhanced by modifying the role-based access control (RBAC) model by inserting new attributes of the RBAC entities. The HAC model deals with COI on the level of roles in an efficient manner as compared to previously proposed models. Moreover, this model features significant improvement in terms of dynamic behavior, decreased administrative load, and security especially for vehicular localization. Furthermore, the mathematical modeling of the proposed model is implemented with an example scenario to validate the concept.

Kerberos Authorization with Hybrid Access Control Model in Public Cloud

Access control and Data confidentiality are key technology to ensure the security of system and to protect the privacy of the users. The modified Collaborative Trust Enhanced Security (CTES) model has an inbuilt access control mechanism for Kerberos protocol itself to enforce the access control policy directly into the Client system node. This paper explains the hybrid access control model with Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC) for modified CTES framework through Kerberos protocol. Hence, it retains the concept of “role”, “group” and “attributes” for the user which are necessary to protect data privacy in the system. Data confidentiality for the stored data in Cloud is achieved by cryptographic techniques. Gnu Privacy Guard (GnuPG) based certificate is capable enough to verify the identity of the correspondent in information exchange as well as the information integrity. It is a strongest authentication technique where the user is asked to provide his/her digital ID for validation in the Server and enables Single sign-on services for Kerberos Authorization in modified CTES model. In this paper, it is proposed for a new Kerberos Authorization with Hybrid Access Control Model (KAHAC) for single-domain systems and multi-domain systems in Public Cloud based on roles, attributes, groups, access modes and the type of resources.

Permission-Based Separation of Duty in Dynamic Role-Based Access Control Model

A major development in the field of access control is the dominant role-based access control (RBAC) scheme. The fascination of RBAC lies in its enhanced security along with the concept of roles. In addition, attribute-based access control (ABAC) is added to the access control models, which is famous for its dynamic behavior. Separation of duty (SOD) is used for enforcing least privilege concept in RBAC and ABAC. Moreover, SOD is a powerful tool that is used to protect an organization from internal security attacks and threats. Different problems have been found in the implementation of SOD at the role level. This paper discusses that the implementation of SOD on the level of roles is not a good option. Therefore, this paper proposes a hybrid access control model to implement SOD on the basis of permissions. The first part of the proposed model is based on the addition of attributes with dynamic characteristics in the RBAC model, whereas the second part of the model implements the permission-based SOD in dynamic RBAC model. Moreover, in comparison with previous models, performance and feature analysis are performed to show the strength of dynamic RBAC model. This model improves the performance of the RBAC model in terms of time, dynamicity, and automatic permissions and roles assignment. At the same time, this model also reduces the administrator’s load and provides a flexible, dynamic, and secure access control model.

An Incentive Mechanism Design View for Hybrid Access in Small Cell Networks: Keeping a Secret Is Not Smart

In this paper, we investigate the hybrid access control policy in two-tier small cell networks from the perspective of incentive mechanism design, considering macro-cell base station's (MBS) private information. Then, we formulate this problem as a Stackelberg game. To be specific, the MBS and small cell base stations (SBSs) are modeled as leader and followers, respectively. A subsidy mechanism is adopted by MBS when the SBS can provide acceptable service level for macro user equipment. Moreover, we consider the impacts of MBS's private information on the Stackelberg equilibrium (SE) of the proposed game, and we present the equilibrium analysis and relationship under different available information circumstances. To obtain relatively satisfactory outcome for both MBS and SBS, we discuss the design of bargaining scheme based on the SE. Theoretical analysis and simulation results show that it is better for MBS to broadcast the private information to get more payoff from the perspective of incentive mechanism design.

Integrated model for open learning environment with dynamic multilayer authentication and hybrid access control using cloud

Objective: This study mainly focuses on secure and user-friendly open learning environment using the cloud. This will improve the quality of education, individual care and global education. Methods: To make a deep analysis of the existing massive open online courses learning environment and build a mobile application using PHP and MySQL. The application is simulated under Veracode and the authentication attack prevention time is noted. In this paper hybrid Access Control Model is compared with other Access Control Models and the results are discussed. Findings: This research work recommends a mobile application using dynamic multilevel authentication with hybrid access control for open learning environment. The mobile application has the features like device identification, freedom in preparing security index, a random question from the security index instead of a textual password, cherished graphics password, limited unauthorized attempts with time bound and hybrid access control. Dynamic multilayer authentication proves prone free from authentication attacks. Hybrid access control under dynamic policy management delivers flexible and fine-grained authorization. This model supports primarily least privilege principle, flexibility, scalability, trust level, supporting heterogeneity and temporal constraints with dynamic policy management. It shows better results than the traditional Access Control Models. Application: The proposed system suggests a highly secured and cost-effective mechanism for the open learning environment. Keywords: Access Control, Dynamic Multilevel Authentication, Hybrid Access Control Model, Ontology, Open Learning Environment

A New Hybrid Access Control Model for Security Policies in Multimodal Applications Environments

A New Hybrid Access Control Model for Security Policies in Multimodal Applications Environments

HAC: Hybrid Access Control for Online Social Networks

The rapid development of communication and network technologies including mobile networks and GPS presents new characteristics of OSNs. These new characteristics pose extra requirements on the access control schemes of OSNs, which cannot be satisfied by relationship-based access control currently. In this paper, we propose a hybrid access control model (HAC) which leverages attributes and relationships to control access to resources. A new policy specification language is developed to define policies considering the relationships and attributes of users. A path checking algorithm is proposed to figure out whether paths between two users can fit in with the hybrid policy. We develop a prototype system and demonstrate the feasibility of the proposed model.

FRABAC: a new hybrid access control model for the heterogeneous multi-domain systems

FRABAC: a new hybrid access control model for the heterogeneous multi-domain systems