Traditional Access Control Systems Research Articles

Context-Aware Risk Attribute Access Control

Traditional access control systems exhibit limitations in providing flexible authorization and fine-grained access in the face of increasingly complex and dynamic access scenarios. This paper proposes a context-aware risk access control model to address these challenges. By developing a multi-level contextual risk indicator system, the model comprehensively considers real-time contextual information associated with access requests, dynamically evaluates the risk level of these requests, and compares the outcomes with predefined risk policies to facilitate access decisions. This approach enhances the dynamism and flexibility of access control. To improve the accuracy and reliability of risk assessments, we propose a combination weighting method grounded in game theory. This method reconciles subjective biases and the limitations of objective data by integrating both subjective and objective weighting techniques, thus optimizing the determination process for risk factor weights. Furthermore, smart contracts are introduced to monitor user behavior during access sessions, thereby preventing malicious attacks and the leakage of sensitive information. Finally, the model’s performance and authorization granularity are assessed through empirical experiments. The results indicate that the model effectively addresses the requirements of dynamic and fine-grained access scenarios, improving the system’s adaptability to risk fluctuations while safeguarding sensitive information.

A Block Chain-Based Access Control Framework with Privacy Protection in Cloud

Access control is a pivotal aspect of modern computing systems, ensuring that only authorized entities can interact with sensitive data and resources. Traditional access control methods, while effective, face challenges in terms of security, transparency, and scalability. Blockchain technology has emerged as a promising solution to enhance access control in cloud computing environments. Blockchain's inherent features, such as decentralization, immutability, and cryptographic security, offer a unique framework for addressing the limitations of traditional access control systems. In this paper, we explore the integration of blockchain technology with cloud computing to establish a more secure and transparent access control mechanism. By utilizing blockchain, access control policies and permissions can be stored in a tamper-proof and transparent ledger. Scalability is an issue since processing many access control transactions on the blockchain might cause network congestion and sluggish processing. Transactions take time to upload to the blockchain, which can delay real-time access choices. It takes skill to integrate and manage blockchain and cloud technologies together. Choosing the correct consensus mechanism affects system efficiency and security. Consider the costs of establishing and maintaining such a system and the difficulty of fixing faults owing to blockchain immutability. In conclusion, this paper underscores the significance of access control in cloud computing and the limitations of traditional approaches. By harnessing the power of blockchain technology, a more secure, transparent, and scalable access control framework can be established, revolutionizing the way we manage access to sensitive data and resources in complex digital ecosystems.

Enhancing Network Security: A Robust Network Access Control and Authentication Mechanism for Secure Data Transmission

In an era dominated by digital communication and networked systems, the imperative to secure data transmission is more critical than ever. This paper introduces a cutting-edge Network Access Control (NAC) and authentication mechanism aimed at fortifying the security of data transmission across networks. Leveraging advanced technologies such as biometric authentication, multi-factor authentication (MFA), and anomaly detection, the proposed mechanism establishes a robust line of defense against unauthorized access and evolving cyber threats. Drawing on a comprehensive review of literature, real-world case studies, and practical implementations, this paper substantiates the efficacy and feasibility of the proposed approach. The integration of innovative security protocols serves to address the vulnerabilities inherent in traditional access control systems, contributing to a dynamic and proactive network security paradigm.

Enhanced Adaptable and Distributed Access Control Decision Making Model Based on Machine Learning for Policy Conflict Resolution in BYOD Environment

Organisations are adopting new IT strategies such as “Bring Your Own Device” (BYOD) and remote working. These trends are highly beneficial both for enterprise owners and employees in terms of increased productivity and reduced costs. However, security issues such as unauthorised access as well as privacy concerns pose significant obstacles. These can be overcome by adopting access control techniques and a dynamic security and privacy policy that governs these issues where they arise. Policy decision points in traditional access control systems, such as role-based access control (RBAC), attribute-based access control (ABAC), or relationship-based access control (ReBAC), may be limited because the status of access control can vary in response to minor changes in user and resource properties. As a result, system administrators rely on a solution for constructing complex rules with many conditions and permissions for decision control. This results in access control issues, including policy conflicts, decision-making bottlenecks, delayed access response times and mediocre performance. This paper proposes a policy decision-making and access control-based supervised learning algorithm. The algorithm enhances policy decision points (PDPs). This is achieved by transforming the PDP’s problem into a binary classification for security access control that either grants or denies access requests. Also, a vector decision classifier based on the supervised machine learning algorithm is developed to generate an accurate, effective, distributed and dynamic policy decision point (PDP). Performance was evaluated using the Kaggle-Amazon access control policy dataset, which compared the effectiveness of the proposed mechanism to previous research benchmarks in terms of performance, time and flexibility. The proposed solution obtains a high level of privacy for access control policies because the PDP does not communicate directly with the policy administration point (PAP). In conclusion, PDP-based ML generates accurate decisions and can simultaneously fulfill multiple massive policies and huge access requests with 95% Accuracy in a short response time of around 0.15 s without policy conflicts. Access control security is improved by making it dynamic, adaptable, flexible and distributed.

A Privacy Risk Assessment Scheme for Fog Nodes in Access Control System

In the fog computing, it is difficult to satisfy the security and privacy requirement for traditional access control system, such as attribute-based access control system. Risk-based access control system can adapt to the dynamic fog environment. However, the existing risk schemes are modeled for users in majority, not for fog nodes, and the context and privacy sensitivity are rarely considered. In this article, we propose a risk assessment scheme for fog nodes in access control system. Firstly, to improve the accuracy of risk score, the risk assessment is modeled with the subject, object, and context for fog nodes; Secondly, we address the risk assessment computing module for every component. Moreover, we depict system model for risk assessment and implement its prototype system risk assessment model. In the end, the reasonability and correctness of computing model are analyzed by proving and simulation. According to the experiments, the accuracy of risk score is higher than that of the work-based access control and dynamic access control for IoT. Therefore, the feasibility and effectiveness of this scheme are proved through the experiments.

RF-Access: Barrier-Free Access Control Systems with UHF RFID

Traditional RFID-based access control systems use flap barriers to help manage pedestrian access and block unauthorized staff at any entrance, which requires visitors to swipe their cards individually and wait for the opening of the blocking body, resulting in low-frequency pedestrian access and even congestion in places with large passenger flow. This paper proposes a barrier-free access control system (RF-Access) with UHF RFID technology. The main advantage of RF-Access is that it provides non-intrusive access control by removing flap barriers and operations of swiping the card. The visitors just go across the system without any stay at the entrance. Meanwhile RF-Access performs the authentication, which greatly improves time efficiency and quality of service. RF-Access addresses two key issues of the non-intrusive access control: motion direction detection and illegal intrusion detection. In RF-Access, we first propose a dual-antenna system setup together with a time-slot-based model to monitor users’ moving directions, which is robust to different environmental factors, such as multi-path effects. Afterwards, we use a tag array to detect illegal intrusion in case attackers do not carry any RFID tags. We implement a prototype of RF-Access with commercial RFID devices. Extensive experiments show that our system can detect the moving direction with 99.83% accuracy and detect illegal intrusion with an accuracy of 96.67%.

Hierarchical Blockchain-Based Multi-Chaincode Access Control for Securing IoT Systems

The rapid growth of the Internet of Things (IoT) and its attributes of constrained devices and a distributed environment make it difficult to manage such a huge and growing network of devices on a global scale. Existing traditional access-control systems provide security and management to the IoT system. However, these mechanisms are based on central authority management, which introduces issues such as a single point of failure, low scalability, and a lack of privacy. In order to address these problems, many researchers have proposed using blockchain technology to achieve decentralized access control. However, such models are still faced with problems such as a lack of scalability and high computational complexity. In this paper, we propose a light-weight hierarchical blockchain-based multi-chaincode access control to protect the security and privacy of IoT systems. A clustering concept with BC managers enables the extended scalability of the proposed system. The architecture of the proposed solution contains three main components: an Edge Blockchain Manager (EBCM), which is responsible for authenticating and authorizing constrained devices locally; an Aggregated Edge Blockchain Manager (AEBCM), which contains various EBCMs to control different clusters and manage ABAC policies, and a Cloud Consortium Blockchain Manager (CCBCM), which ensures that only authorized users access the resources. In our solution, smart contracts are used to self-enforce decentralized AC policies. We implement a proof of concept for our proposed system using the permissioned Hyperledger Fabric. The simulation results and the security analysis show the efficiency and effectiveness of the proposed solution.

Big Data-Based Access Control System in Educational Information Security Assurance

Access control is a key strategy to prevent and protect the network. The most important task is to ensure that visitors will not use network resources and will not conduct unauthorized access to them. This paper studies a number of information security issues in the process of education informatization, aimed at studying the application of access control systems based on big data in education information security. This article elaborates on the related concepts of access control and proposes an attribute-based encryption scheme. Based on this, an information system security system model with security strategy as the core content is constructed. The experimental results in this paper show that the improved access control system has the more efficient guarantee ability in education information security, which is about 47.3% higher than the traditional access control system.

Data Science in Face Recognition System Based on BP Neural Network

With the rapid development of economy, people have higher and higher requirements for the performance of security system. The traditional access control system based on face recognition based on deep learning has gradually replaced the traditional access control system. This paper mainly describes the concepts of BP neural network and face recognition, and improves and designs a face recognition system. The detection accuracy of the system reaches 97.8%, the false detection rate is 0.8%, and the leakage rate is 0.8% the detection rate is 1.4%, and the accuracy of face recognition is 96.7%, which can well meet the requirements of contemporary face recognition.

Internet of Things Access Control System Based on Hyperledger

The current access control of IoT devices adopts the traditional method of centralized control, which leads to the shortcomings of single point of failure and low efficiency of the entire system. Due to the increasing amount of data generated by the Internet of Things network and the more complex data structure, the traditional access control system has exposed the problem of insufficient security when communicating. Based on the characteristics of blockchain decentralization, non-tampering, and programmable Hyperledger, an attribute-based access control mechanism combining blockchain with the Internet of Things is proposed to realize dynamic changes to the access control strategy and ensure the access control of the Internet of Things Safety and reliability.

A lightweight policy enforcement system for resource protection and management in the SDN-based cloud

SDN-based cloud adopts Software-defined Networking (SDN) to provide network services to the cloud, which allows more flexibility in network management. Meanwhile, the SDN controller provides users and administrators with various APIs to access and manage network resources. However, unauthorized requests, which are either sent from unregistered users or containing malicious operations, cannot be completely defended. Moreover, the correctness of network configuration in the SDN-based cloud cannot be guaranteed. In this paper, we propose SDNKeeper, a generic and fine-grained policy enforcement system for the SDN-based cloud, which can defend against unauthorized attacks and avoid network resource misconfiguration. Besides, a policy language is designed for administrators to define policies based on the attributes of the requester, resource, and environment. These policies will take effect when there are requests accessing the SDN controller via Northbound Interface (NBI). Specifically, SDNKeeper can block unauthorized network access requests outside the controller to protect the resources inside. Compared to other traditional policy-based access control systems, SDNKeeper is application-transparent and lightweight, which makes it easy to implement, deploy, and reconfigure at runtime. Based on the correctness proof of system design and the prototype implementation and evaluation, we conclude that SDNKeeper achieves accurate and efficient access control with insignificant throughput degradation and computational overhead.

TACIoT: multidimensional trust-aware access control system for the Internet of Things

Internet of Things environments are comprised of heterogeneous devices that are continuously exchanging information and being accessed ubiquitously through lossy networks. This drives the need of a flexible, lightweight and adaptive access control mechanism to cope with the pervasive nature of such global ecosystem, ensuring, at the same time, reliable communications between trusted devices. To fill this gap, this paper proposes a flexible trust-aware access control system for IoT (TACIoT), which provides an end-to-end and reliable security mechanism for IoT devices, based on a lightweight authorization mechanism and a novel trust modelthat has been specially devised for IoT environments. TACIoT extends traditional access control systems by taking into account trust values which are based on reputation, quality of service, security considerations and devices' social relationships. TACIoT has been implemented and evaluated successfully in a real testbed for constrained and non-constrained IoT devices.

Research of RFID Intelligent Access Control System in the Internet of Things

Traditional access control system is relatively simple, low efficiency, small storage capacity, which can not meet the initiative, timeliness, and flexibility requirements of security technology in the Internet of Things. To solve this problem, this paper researches and designs the intelligent access control system based on Radio Frequency Identification (RFID) technology. The system consists of an access control management system and an access controller. The system can not only be used as the import and export of safety management, but also contribute to the internal order management, achieve effective control and management of access control region.

Access control system based on dual-core digital signal processor and face recognition

To overcome the shortages of traditional access control system of face recognition, which is of poor stability and low speed, the design scheme of access control system of face recognition based on dual-core Digital Signal Processor ( DSP) was presented. The system structure and software realization technology were discussed. The speed of face recognition was improved through dual-core and code optimization techniques. The experimental results show that the system is of good stability, high recognition rate and high speed, and it is practical.

Access control for smarter healthcare using policy spaces

A fundamental requirement for the healthcare industry is that the delivery of care comes first and nothing should interfere with it. As a consequence, the access control mechanisms used in healthcare to regulate and restrict the disclosure of data are often bypassed in case of emergencies. This phenomenon, called “ break the glass”, is a common pattern in healthcare organizations and, though quite useful and mandatory in emergency situations, from a security perspective, it represents a serious system weakness. Malicious users, in fact, can abuse the system by exploiting the break the glass principle to gain unauthorized privileges and accesses. In this paper, we propose an access control solution aimed at better regulating break the glass exceptions that occur in healthcare systems. Our solution is based on the definition of different policy spaces, a language, and a composition algebra to regulate access to patient data and to balance the rigorous nature of traditional access control systems with the “delivery of care comes first” principle.

Enforcing access control in Web-based social networks

In this article, we propose an access control mechanism for Web-based social networks, which adopts a rule-based approach for specifying access policies on the resources owned by network participants, and where authorized users are denoted in terms of the type, depth, and trust level of the relationships existing between nodes in the network. Different from traditional access control systems, our mechanism makes use of a semidecentralized architecture, where access control enforcement is carried out client-side. Access to a resource is granted when the requestor is able to demonstrate being authorized to do that by providing a proof. In the article, besides illustrating the main notions on which our access control model relies, we present all the protocols underlying our system and a performance study of the implemented prototype.

Computer-supported access control

Traditionally, access control is understood as a purely technical mechanism which rejects or accepts access attempts automatically according to a specific preconfiguration. However, such a perspective neglects the practices of access control and the embeddedness of technical mechanisms within situated action. In this article, we reconceptualize the issue of access control on a theoretical, methodological, and practical level. On a theoretical level, we develop a terminology to distinguish between access control practices and the technical support mechanisms. We coin the term Computer Supported Access Control (CSAC) to emphasize this perspective. On a methodological level, we discuss empirical investigations of access control behavior from a situated action perspective. We discovered a differentiated set of social practices around traditional access control systems. By applying these findings to a practical level, we enhance the design space of computer supported access control mechanisms by suggesting a matrix of technical mechanisms which go beyond an ex-ante configuration.