Your search keyword '"Role-based access control"' showing total 3,883 results

1. Role-Based Access Control

Author

Alturi, Vijay, Ferraiolo, David, Perri, Pierluigi, Section editor, Jajodia, Sushil, editor, Samarati, Pierangela, editor, and Yung, Moti, editor

Published

2025

2. Category-Based Administrative Access Control Policies.

Author

Bertolissi, Clara, Fernandez, Maribel, and Thuraisingham, Bhavani

Subjects

SEMANTICS, POLICY analysis

Abstract

As systems evolve, security administrators need to review and update access control policies. Such updates must be carefully controlled due to the risks associated with erroneous or malicious policy changes. We propose a category-based access control (CBAC) model, called Admin-CBAC, to control administrative actions. Since most of the access control models in use nowadays (including the popular RBAC and ABAC models) are instances of CBAC, from Admin-CBAC, we derive administrative models for RBAC and ABAC, too. We present a graph-based representation of Admin-CBAC policies and a formal operational semantics for administrative actions via graph rewriting. We also discuss implementations of Admin-CBAC exploiting the graph-based representation. Using the formal semantics, we show how properties (such as safety, liveness, and effectiveness of policies) and constraints (such as separation of duties) can be checked, and discuss the impact of policy changes. Although the most interesting properties of policies are generally undecidable in dynamic access control models, we identify particular cases where reachability properties are decidable and can be checked using our operational semantics, generalising previous results for RBAC and ABACα. [ABSTRACT FROM AUTHOR]

Published

2025

3. Trustworthy AI: Securing Sensitive Data in Large Language Models.

Author

Feretzakis, Georgios and Verykios, Vassilios S.

Subjects

*LANGUAGE models, *DATA privacy, *ACCESS control, *ADAPTIVE control systems, *TRUST

Abstract

Large language models (LLMs) have transformed Natural Language Processing (NLP) by enabling robust text generation and understanding. However, their deployment in sensitive domains like healthcare, finance, and legal services raises critical concerns about privacy and data security. This paper proposes a comprehensive framework for embedding trust mechanisms into LLMs to dynamically control the disclosure of sensitive information. The framework integrates three core components: User Trust Profiling, Information Sensitivity Detection, and Adaptive Output Control. By leveraging techniques such as Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), Named Entity Recognition (NER), contextual analysis, and privacy-preserving methods like differential privacy, the system ensures that sensitive information is disclosed appropriately based on the user's trust level. By focusing on balancing data utility and privacy, the proposed solution offers a novel approach to securely deploying LLMs in high-risk environments. Future work will focus on testing this framework across various domains to evaluate its effectiveness in managing sensitive data while maintaining system efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

4. Architecture for Enhancing Communication Security with RBAC IoT Protocol-Based Microgrids.

Author

Shin, SooHyun, Park, MyungJoo, Kim, TaeWan, and Yang, HyoSik

Subjects

*TELECOMMUNICATION systems, *ELECTRIC power distribution grids, *TECHNOLOGICAL innovations, *ACCESS control, *MICROGRIDS

Abstract

In traditional power grids, the unidirectional flow of energy and information has led to a decrease in efficiency. To address this issue, the concept of microgrids with bidirectional flow and independent power sources has been introduced. The components of a microgrid utilize various IoT protocols such as OPC-UA, MQTT, and DDS to implement bidirectional communication, enabling seamless network communication among different elements within the microgrid. Technological innovation, however, has simultaneously given rise to security issues in the communication system of microgrids. The use of IoT protocols creates vulnerabilities that malicious hackers may exploit to eavesdrop on data or attempt unauthorized control of microgrid devices. Therefore, monitoring and controlling security vulnerabilities is essential to prevent intrusion threats and enhance cyber resilience in the stable and efficient operation of microgrid systems. In this study, we propose an RBAC-based security approach on top of DDS protocols in microgrid systems. The proposed approach allocates roles to users or devices and grants various permissions for access control. DDS subscribers request access to topics and publishers request access to evaluations from the role repository using XACML. The overall implementation model is designed for the publisher to receive XACML transmitted from the repository and perform policy decision making and enforcement. By applying these methods, security vulnerabilities in communication between IoT devices can be reduced, and cyber resilience can be enhanced. [ABSTRACT FROM AUTHOR]

Published

2024

5. HEALTHSOLID 4.0: A NOVEL SOLID-POD AND BLOCKCHAIN-ENABLED FRAMEWORK FOR ROLE-BASED ACCESS CONTROL AND SECURE HEALTHCARE INFORMATION EXCHANGE.

Author

Dadhania, Avani and Patel, Hiren

Subjects

MEDICAL record access control, COMPUTER security, ELECTRONIC health records, BLOCKCHAINS, HEALTH care industry, ACCESS control

Abstract

Several blockchain-based models have surfaced in recent years to offer a safe method of storing and accessing delicate electronic medical records (EMRs) and role-based access control mechanisms across the healthcare industry. However, single points of failure, Security, privacy and unauthorized access of data are measure concerns for health records access management. Blockchain technology is a decentralized digital ledger that records transactions across multiple computers to ensure security, transparency, and immutability. Solid is a decentralized platform that provides patient centric access control of Electronic Medical Records (EMRs). In this study, a blockchain and solid-pod enabled secure framework has been proposed for EMR transactions and healthcare clouds. This has a significant impact on how quickly and easily emergency EMRs may be shared in a smart healthcare system. Solid and Blockchain prioritize privacy and security by enabling users to set immutable, transparent, and fine-grained access controls for their data using solidity-based smart contracts. For the performance evaluation of our proposed system, solid-pod computing and storage results are analyzed. [ABSTRACT FROM AUTHOR]

Published

2024

6. Building Trust in Conversational AI: A Review and Solution Architecture Using Large Language Models and Knowledge Graphs.

Author

Zafar, Ahtsham, Parthasarathy, Venkatesh Balavadhani, Van, Chan Le, Shahid, Saad, Khan, Aafaq Iqbal, and Shahid, Arsalan

Subjects

LANGUAGE models, ARTIFICIAL intelligence, KNOWLEDGE graphs, TRUST, ACCESS control, ACCURACY of information

Abstract

Conversational AI systems have emerged as key enablers of human-like interactions across diverse sectors. Nevertheless, the balance between linguistic nuance and factual accuracy has proven elusive. In this paper, we first introduce LLMXplorer, a comprehensive tool that provides an in-depth review of over 205 large language models (LLMs), elucidating their practical implications, ranging from social and ethical to regulatory, as well as their applicability across industries. Building on this foundation, we propose a novel functional architecture that seamlessly integrates the structured dynamics of knowledge graphs with the linguistic capabilities of LLMs. Validated using real-world AI news data, our architecture adeptly blends linguistic sophistication with factual rigor and further strengthens data security through role-based access control. This research provides insights into the evolving landscape of conversational AI, emphasizing the imperative for systems that are efficient, transparent, and trustworthy. [ABSTRACT FROM AUTHOR]

Published

2024

7. Share Spell - From Fantasy to Reality: A Collaboration Platform with Learning Analytics for a Dynamic Online Learning Environment System

Author

Soni, Priyanshi, Prajapat, Shaligram, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Naik, Nitin, editor, Jenkins, Paul, editor, Prajapat, Shaligram, editor, and Grace, Paul, editor

Published

2024

8. Ensuring Securing PII Data in the AWS Cloud: A Comprehensive Guide to PCI DSS Compliance

Author

Shabina, Ali, Rao Faizan, Jahankhani, Hamid, Siddiqi, Yusra, Hassan, Bilal, Masys, Anthony J., Editor-in-Chief, Bichler, Gisela, Advisory Editor, Bourlai, Thirimachos, Advisory Editor, Johnson, Chris, Advisory Editor, Karampelas, Panagiotis, Advisory Editor, Leuprecht, Christian, Advisory Editor, Morse, Edward C., Advisory Editor, Skillicorn, David, Advisory Editor, Yamagata, Yoshiki, Advisory Editor, Jahankhani, Hamid, editor, Bowen, Gordon, editor, Sharif, Mhd Saeed, editor, and Hussien, Osama, editor

Published

2024

9. Hospital Management using Gin Framework

Author

Sona, S, Thashmigaa, E M, and Menaha, C.

Published

2024

10. NDN-RBE: An Accountable Privacy Aware Access Control Framework For NDN.

Author

Sultan, Nazatul Haque, Varadharajan, Vijay, Dulal, Saurab, Camtepe, Seyit, and Nepal, Surya

Abstract

Named Data Networking (NDN) is an emerging network architecture. An important characteristic of NDN is its in-network cache, which enables Data packets to be available from multiple locations on the Internet. Hence the enforcement of access control mechanisms becomes even more critical in the NDN. This paper proposes a novel access control scheme referred to as Role-Based Encryption for NDN (NDN-RBE), which uses a broadcast encryption mechanism to achieve secure data access control. Our scheme uses the role inheritance property of the traditional Role-Based Access Control (RBAC) model to achieve efficient data access control over hierarchical content. This makes our scheme particularly suitable for large-scale real-world content-centric services like Netflix. Our scheme also supports additional design features such as anonymous signature-based authentication, batch signature verification and two types of privilege revocations. In addition, our formal security analysis demonstrates that our scheme is provably secure against Chosen Plaintext Attacks. Our performance and functionality comparison show that our scheme outperforms other notable existing works in terms of security, functionality, computation, communication and storage overhead. Furthermore, our experimental results show an improvement in content delivery time of the order of 15 percent compared with the other closely related works. [ABSTRACT FROM AUTHOR]

Published

2024

11. Comparative analysis of identity management, access control, and authorization practices in public and private universities [version 2; peer review: 2 approved]

Author

Vesna Dimitrova and Elissa Mollakuqe

Subjects

Identity Management, Access Control Policies, Authorization Mechanisms, Cybersecurity Practices, User Authentication, Role-Based Access Control, eng, Science, Social Sciences

Abstract

Background This research delves into the critical aspects of identity management, access control, and authorization practices within the domains of public and private universities. Identity management involves the meticulous management and control of user identities, encompassing the establishment and maintenance of user profiles, role assignments, and access privileges. Access control is the practice of defining and enforcing policies that govern who can access an IT system or application and which resources they can interact with. Authorization, meanwhile, determines the specific actions and privileges granted to users based on their roles and permissions. Methods To understand the variances in identity management and access control approaches, we conducted a comparative analysis between public and private universities. Our investigation scrutinized the user populations with access to university systems, the enforcement of access limitations, authentication methods, and password policies. Additionally, we examined the nuances of authorization processes, levels of authorization, access approval authorities, user status and role changes, unique user account management, account deletion procedures, user authentication methods, password complexity and expiration policies, password storage methods, and session termination policies. Results This study revealed that both public and private universities prioritize these security measures, with a common categorization of these processes. Nevertheless, there exist disparities, such as the inclusion of contractors and vendors in the user population at private universities, the manual deletion of user accounts in private institutions, and variations in password policies and storage methods. Private universities tend to enforce stricter password policies, employ more secure password storage methods, and implement automatic session termination features. Conclusions This research provides valuable insights into the practices and approaches adopted by public and private universities to safeguard their digital environments. The findings serve as a valuable resource for enhancing identity management, access control, and authorization protocols, enabling institutions to fortify their cybersecurity defenses in an ever-evolving threat landscape.

Published

2024

12. Ephemeral Secret Leakage-Free ID-Role-Based Access Control Authentication and Key Exchange Protocol for Securing Electric Vehicle Data

Author

Amang Sudarsono, Rahardhita Widyatra Sudibyo, Idris Winarno, and Mike Yuliana

Subjects

Electric vehicle, role-based access control, identity-based cryptography, authentication, authorization, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Role-based Access Control (RBAC) promises an efficient authorization management system in accessing resources including electric vehicle (EV) data stored in the cloud server. In this EV data security implementation, access control has to be strong and efficient with respect to EV user authentication information, thus access control mechanism mandatorily relies on authentication as the system access prerequisite. In this work, identity-based cryptography (IBC) is incorporated with RBAC to invent an EV user role-based access control immersed in his/her identity as an internal EV user’s authentication and key exchange. Contribution to our work is in a simple way involving only the EV user’s signature to verify simultaneously both important aspects of authentication and authorization. In this case, authentication is carried out based on identity while authorization is activated based on EV user’s role. We formally prove that the proposed protocol satisfies the security requirements of both authentication and authorization outright by verifying EV user’s signature. The evaluation results show that the total computational cost for authentication and key exchange process between EV user and the server is practical enough and it only consumes approximately 800 ms.

Published

2024

13. SAAC: Secure Access Control Management Framework for Multi-User Smart Home Systems

Author

Iram Fatima Hashmi, Zafar Iqbal, Eman Munir, Natalia Kryvinska, Iryna Ivanochko, and Gabriel Avelino Sampedro

Subjects

Smart home, access control, authorization, multi-user, attribute-based access control, role-based access control, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In a smart home environment, multiple users can access a single smart device simultaneously. Moreover, these multiple users may have conflicting demands at a time; that is, one user’s demands differ from another for the same device based on the role of users and environmental factors. Therefore, existing single-user access control systems cannot handle such conflicting and dynamically changing demands, considering both roles and environmental factors in the multi-user smart home environment. Considering this issue, we proposed a Smart Access Control and Authorization framework (SAAC). It is a multi-user access control solution that has four modules, namely, a user interaction module, a backend server module, a policy manager module, and a policy execution module. The user interaction module collects user data and resource policies, which are processed by the backend server and forwarded to the policy manager. The policy manager resolves conflicts and generates final policies, which are stored in the backend server for enforcement by the policy execution module. The finalized policies are shared with the backend server module and saved there till needed for execution by the policy execution module to enforce the access control decision. We have implemented a proof of concept of the proposed framework on VS Code using the Casbin library. The performance evaluation results show our framework’s effectiveness and efficiency with lower computational complexity requirements than existing methods. Finally, we performed a security analysis of the proposed model based on the STRIDE model that confirms its robustness against access control attacks.

Published

2024

14. Provisioning trust-oriented role-based access control for maintaining data integrity in cloud.

Author

Saxena, Urvashi Rahul and Alam, Taj

Abstract

Cloud computing platforms have been one of the best sources for resource computation and service recommendations in the recent years. Users' reliance on the cloud has increased dramatically during the pandemic period, particularly for data storage and pay-per-use services. Restricted and reliable access control is essential for protecting the data stored in the cloud. The traditional role-based access control techniques are ineffective in multi-tenant computing systems like the cloud. To provide security in cloud computing systems and offer a trusted environment for service providers and service users, we present a trust-oriented role-based access control paradigm in this work. The Trust Management System's reputation is something that TRBAC wants to uphold by ensuring that various cloud threats do not compromise the service requests made and used by individual users. Validation and analysis of the membership credentials of users and roles mapped in the access control list ensure restricted access control in TRBAC. The proposed model intends to assist the data owners in identifying reliable service users and service providers by reviewing the interaction history and assessing direct, indirect, and weighted trust. This paper demonstrates how calculated trust values detect nefarious nodes and recommend defense mechanisms against various security concerns, including the Sybil attack, the On–off attack, the Collusion attack, and the DoS attack. To illustrate the impact of the suggested mitigation techniques and to handle various security concerns, a comparative analysis of the TRBAC model is done with its peers. [ABSTRACT FROM AUTHOR]

Published

2023

15. Building Trust in Conversational AI: A Review and Solution Architecture Using Large Language Models and Knowledge Graphs

Author

Ahtsham Zafar, Venkatesh Balavadhani Parthasarathy, Chan Le Van, Saad Shahid, Aafaq Iqbal Khan, and Arsalan Shahid

Subjects

knowledge graphs, large language models, LLMXplorer, role-based access control, trustworthiness, Neo4j, Technology

Abstract

Conversational AI systems have emerged as key enablers of human-like interactions across diverse sectors. Nevertheless, the balance between linguistic nuance and factual accuracy has proven elusive. In this paper, we first introduce LLMXplorer, a comprehensive tool that provides an in-depth review of over 205 large language models (LLMs), elucidating their practical implications, ranging from social and ethical to regulatory, as well as their applicability across industries. Building on this foundation, we propose a novel functional architecture that seamlessly integrates the structured dynamics of knowledge graphs with the linguistic capabilities of LLMs. Validated using real-world AI news data, our architecture adeptly blends linguistic sophistication with factual rigor and further strengthens data security through role-based access control. This research provides insights into the evolving landscape of conversational AI, emphasizing the imperative for systems that are efficient, transparent, and trustworthy.

Published

2024

16. Protecting Smart Home from Cybersecurity Threats Strategies for Homeowners.

Author

Botto-Tobar, Miguel, Rehan, Sumaiya, and Verma, Ravi Prakash

Subjects

SMART homes, DATA privacy, MULTI-factor authentication, CYBERTERRORISM, COMPUTER software security, INTERNET security, PERSONALLY identifiable information, DATA security failures

Abstract

Cyberthreat proliferation parallels the rapid surge in smart home usage. While having everything in one place is convenient, it also increases your home's vulnerability to cyber threats. Such an attack could result in bodily harm, the theft of sensitive information, or both. To mitigate the effects of these threats, owners of smart homes can make efforts to prevent cybercriminals from breaking into their premises starting by updating their firmware to the most recent version, creating secure passwords, and enabling two-factor authentication. Second, people should safeguard their gadgets by creating unique user IDs, disabling unneeded functions, and always keeping a tight eye on them. Finally, they must safeguard the facility where they conduct business by installing surveillance equipment, employing electronic locks, and restricting network access. Individuals must take these safeguards, but they must also stay informed about the most recent threats to home cybersecurity and the best strategies to combat them. Smart home device owners should become acquainted with the risks to which their devices are prone and ensure that their devices are updated to the most recent versions of all available software and security upgrades. Collaboration between homeowners, connected device manufacturers, and internet service providers is required to ensure the security of a smart home. Homeowners should research the security features available in smart home devices and only buy from reputable businesses that value consumer privacy and security. As the Internet of Things (IoT) expands and develops, a data privacy standard that meets the criteria of Data protection is in great demand. Safeguarding smart family apps necessitates a community agreement and specific permission from users to store their personal information in the product's database. [ABSTRACT FROM AUTHOR]

Published

2023

17. An Optimized Role-Based Access Control Using Trust Mechanism in E-Health Cloud Environment

Author

Ateeq Ur Rehman Butt, Tariq Mahmood, Tanzila Saba, Saeed Ali Omer Bahaj, Faten S. Alamri, Muhammad Waseem Iqbal, and Amjad R. Khan

Subjects

E-health, role-based access control, trust, cloud environment, data management, IEEE, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In today’s world, services are improved and advanced in every field of life. Especially in the health sector, information technology (IT) plays a vigorous role in electronic health (e-health). To achieve benefits from e-health, its cloud-based implementation is necessary. With this environment’s multiple benefits, privacy and security loopholes exist. As the number of users grows, the Electronic Healthcare System’s (EHS) response time becomes slower. This study presented a trust mechanism for access control (AC) known as role-based access control (RBAC) to address this issue. This method observes the user’s behavior and assigns roles based on it. The AC module has been implemented using SQL Server, and an administrator develops controls for users with roles and access to multiple EHS modules. To validate the user’s trust value, A.net-based framework has been introduced. The framework of e-health proposed in this research ensures that users can protect their data from intruders and other security threats.

Published

2023

18. Samyukta: A Unified Access Control Model using Roles, Labels, and Attributes

Author

Radhika, B. S., Kumar, N. V. Narendra, Shyamasundar, R. K., Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Badarla, Venkata Ramana, editor, Nepal, Surya, editor, and Shyamasundar, Rudrapatna K., editor

Published

2022

19. Role Access Control Search Scheme Based on Attribute Encryption

Author

Cao, Xinhui, Ye, Jun, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Hirche, Sandra, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Möller, Sebastian, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Zhang, Junjie James, Series Editor, Pei, Yan, editor, Chang, Jia-Wei, editor, and Hung, Jason C., editor

Published

2022

20. A Fine-Grained Access Control Scheme for Electronic Health Records Based on Roles and Attributes

Author

Zhang, Shaobo, Yang, Shuo, Zhu, Gengming, Luo, Entao, Zhang, Jiyong, Xiang, Desheng, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Wang, Guojun, editor, Choo, Kim-Kwang Raymond, editor, Ko, Ryan K. L., editor, Xu, Yang, editor, and Crispo, Bruno, editor

Published

2022

21. Integration of Attribute-Based Access Control in Microservices Architecture

Author

Singh, Amandeep, Raj, Vinay, Ravichandra, Sadam, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Tuba, Milan, editor, Akashe, Shyam, editor, and Joshi, Amit, editor

Published

2022

22. Enhancement in Security for Intercloud Scenario with the Help of Role-Based Access Control Model

Author

Dixit, Rashmi, Ravindranath, K., Howlett, Robert J., Series Editor, Jain, Lakhmi C., Series Editor, Senjyu, Tomonobu, editor, Mahalle, Parakshit, editor, Perumal, Thinagaran, editor, and Joshi, Amit, editor

Published

2022

23. On the Analysis Problem of the Attribute-Based Access Control Model HGABAC

Author

Truong, Anh, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Shakya, Subarna, editor, Balas, Valentina Emilia, editor, Kamolphiwong, Sinchai, editor, and Du, Ke-Lin, editor

Published

2022

24. H-RCBAC: Hadoop Access Control Based on Roles and Content

Author

Nait Bahloul, Sarah, Bessaoud, Karim, Abid, Meriem, Howlett, Robert J., Series Editor, Jain, Lakhmi C., Series Editor, Ben Ahmed, Mohamed, editor, Teodorescu, Horia-Nicolai L., editor, Mazri, Tomader, editor, Subashini, Parthasarathy, editor, and Boudhir, Anouar Abdelhakim, editor

Published

2022

25. Towards for Designing Educational System Using Role-Based Access Control.

Author

Kabier, Maha Kadhim, Yassin, Ali A., and Abduljabbar, Ameen

Subjects

ACCESS control, COVID-19 pandemic, DATA security, DIGITAL signatures, MULTI-factor authentication, SECURITY systems

Abstract

During the COVID-19 pandemic, online electronic educational systems have been used in most schools and universities as they were forced to move their operations from classrooms to online settings. However, these systems face a serious security issue. Access control considers the core of data security for any implemented system. This paper presents the well-known role-based access control (RBAC) approach to enhance system security and improve user role and system privilege. This study also addresses the issues faced by extant schemes, such as security risk tolerance, by proposing a privacy-preserving educational system that utilizes RBAC and smart multifactor authentication. This approach uses an asymmetric cryptosystem based on the Elgamal digital signature operation to provide multi-factor authentication while relying on low-complexity cryptographic hash functions. RBAC manages system security via the "user classification, role authorization, and unified management" approach. By limiting the amount of data that users can access, RBAC is particularly suited for multi-level applications. This approach also uses informal analysis and the Scyther tool to conduct extensive formal security proofs. RBAC offers many benefits, including mutual authentication, identity anonymity, forward secrecy, key management, and high resistance to well-known attacks, such as phishing, replay, Man-In-The-Middle (MITM), and insider attacks. Compared with other schemes, RBAC offers more security features and boasts higher cost effectiveness in processing and communication. Furthermore, our work achieves a good balance between performance and security complexity when compared to the state-of-the-art. So, we get good results at a cost of 0.253 ms for computing and 1326 bits for communication. [ABSTRACT FROM AUTHOR]

Published

2023

26. Application of role-based access control in cyber security of substation

Author

RUAN Lixiang, SHEN Yifei, WANG Zhicheng, and LI Guanghua

Subjects

role-based access control, iec 62351, cyber security, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

By following the encrypted communication proposed by IEC 62351-3 and the identity authentication technology by IEC 62351-4， the paper carries out research on role-based access control technology on the theoretical basis of IEC 62351-8. This technology preassigns a role to each client communication device in the communication link according to actual applications. It takes the digital certificate for its secure communication as a carrier to expand the access token that forms the role. The server device recognizes and extracts the role of the client from the digital certificate used by the client in secure communication and grants the client corresponding access permissions according to the preset mapping of roles and permissions to realize the role-based access control function. The purpose of hierarchical and sub-authorized access to IEC 61850 communication has been achieved. This technology improves the controllability of remote operation of power system equipment and has been applied in substations.

Published

2022

27. Distributed Authentication and Authorization Models in Cloud Computing Systems: A Literature Review

Author

Abdulghafour Mohammad

Subjects

access control models, access control requirements, role-based access control, attribute-based encryption model, multitenancy model, cloud computing, Technology (General), T1-995

Abstract

As the functionality and services provided by cloud computing increase, control access to these services becomes more complex, and more security breaches are generated. This is mainly based on the emergence of new requirements and constraints in the open, dynamic, heterogeneous, and distributed cloud environment. Despite the importance of identifying these requirements for designing and evaluating access control models, the available studies do not provide a rigorous review of these requirements and the mechanisms that fulfill them. The purpose of this study was to conduct a literature review of the published articles that have dealt with cloud access control requirements and techniques. This paper allowed us to answer the following two research questions: What cloud access control security requirements have been presented in the published literature? What access control mechanisms are proposed to fulfill them? This review yielded 21 requirements and nine mechanisms, reported by 20 manuscripts. The identified requirements in this review will help researchers, academics and practitioners assess the effectiveness of cloud access control models and identify gaps that are not addressed in the proposed solutions. In addition, this review showed the current cloud access control mechanisms used to meet these requirements such as access control based on trust, risk, multi-tenant, and attribute encryption.

Published

2022

28. Application of Rules and Authorization Key for Secured Online Training—A Survey

Author

Saxena, Priyanka, Sanyal, Hrithik, Agrawal, Rajneesh, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Shakya, Subarna, editor, Balas, Valentina Emilia, editor, Haoxiang, Wang, editor, and Baig, Zubair, editor

Published

2021

29. SEMRAchain: A Secure Electronic Medical Record Based on Blockchain Technology.

Author

Mhamdi, Halima, Ayadi, Manel, Ksibi, Amel, Al-Rasheed, Amal, Soufiene, Ben Othman, and Hedi, Sakli

Subjects

ELECTRONIC health records, BLOCKCHAINS, ACCESS control, SYSTEM failures, MEDICAL personnel

Abstract

A medical record is an important part of a patient's follow-up. It comprises healthcare professionals' views, prescriptions, analyses, and all information about the patient. Several players, including the patient, the doctor, and the pharmacist, are involved in the process of sharing, and managing this file. Any authorized individual can access the electronic medical record (EMR) from anywhere, and the data are shared among various health service providers. Sharing the EMR requires various conditions, such as security and confidentiality. However, existing medical systems may be exposed to system failure and malicious intrusions, making it difficult to deliver dependable services. Additionally, the features of these systems represent a challenge for centralized access control methods. This paper presents SEMRAchain a system based on Access control (Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC)) and a smart contract approach. This fusion enables decentralized, fine-grained, and dynamic access control management for EMR management. Together, blockchain technology as a secure distributed ledger and access control provides such a solution, providing system stakeholders with not just visibility but also trustworthiness, credibility, and immutability. [ABSTRACT FROM AUTHOR]

Published

2022

30. Privacy preserving mobile forensic framework using role‐based access control and cryptography.

Author

Hyder, Muhammad Faraz, Arshad, Saadia, Arfeen, Asad, and Fatima, Tasbiha

Subjects

ACCESS control, PRIVACY, KEYWORD searching, MOBILE operating systems, TELEPHONE calls, DATA analysis

Abstract

Summary: The rise of social media‐related crimes has led to the rise of mobile forensics. Since mobile forensics and privacy preservation are conflicting fields, it is important to find a middle ground where forensics can be performed on any device without compromising the confidentiality of an individual. This paper presents a framework called "role‐based mobile forensics framework with cryptography (RBMF2C)" that can be easily implemented and protects users' privacy and does not interfere with the forensic process. A mobile forensic platform called Sher‐locked phones developed using C# is also presented in this paper that is developed following the aforementioned RBMF2C framework. This platform consists of five layers: access control, evidence gathering, data analysis, privacy, and reporting layer. The developed platform implements the RBMF2C framework on the evidence gathering, analysis, and reporting layer to protect the evidential image, evidential findings, and final report from being accessed by unauthorized users. The implementation of privacy preservation techniques as proposed by the proposed framework such as role‐based access control, keyword search, and encryption/ decryption did not hinder the performance of the developed toolkit, and suspects data privacy is also preserved to a substantial extent. [ABSTRACT FROM AUTHOR]

Published

2022

31. Centralized and Decentralized Distributed Energy Resource Access Control Implementation Considerations.

Author

Fragkos, Georgios, Johnson, Jay, and Tsiropoulou, Eirini Eleni

Subjects

*POWER resources, *ACCESS control, *WEB-based user interfaces, *ELECTRIC power distribution grids, *RENEWABLE energy sources, *APPROPRIATE technology, *PHOTOVOLTAIC power generation

Abstract

A global transition to power grids with high penetrations of renewable energy generation is being driven in part by rapid installations of distributed energy resources (DER). New DER equipment includes standardized IEEE 1547-2018 communication interfaces and proprietary communications capabilities. Interoperable DER provides new monitoring and control capabilities. The existence of multiple entities with different roles and responsibilities within the DER ecosystem makes the Access Control (AC) mechanism necessary. In this paper, we introduce and compare two novel architectures, which provide a Role-Based Access Control (RBAC) service to the DER ecosystem's entities. Selecting an appropriate RBAC technology is important for the RBAC administrator and users who request DER access authorization. The first architecture is centralized, based on the OpenLDAP, an open source implementation of the Lightweight Directory Access Protocol (LDAP). The second approach is decentralized, based on a private Ethereum blockchain test network, where the RBAC model is stored and efficiently retrieved via the utilization of a single Smart Contract. We have implemented two end-to-end Proofs-of-Concept (PoC), respectively, to offer the RBAC service to the DER entities as web applications. Finally, an evaluation of the two approaches is presented, highlighting the key speed, cost, usability, and security features. [ABSTRACT FROM AUTHOR]

Published

2022

32. Double Diagonal Puzzle Encryption Standard-512 for Securing Data over Cloud Environment.

Author

Ahmed, Quazi Warisha and Garg, Shruti

Abstract

The ever-increasing use of cloud computing and services has raised questions of securely accessing data. Security concernsare a significant hurdle to storing large-scale data in the cloud while controlling and preventing illegal access to data saved in the cloud remains a challenge. Cloud data is managed and owned by a method known as role-based access control (RBAC). Security in role and privileges of users on data objects in RBAC is a cause for concern. In this paper, Double Diagonal Puzzle Encryption Standard - 512 (DDPES-512) has been proposed using reservoir computing. DDPES-512 works on the principle of Advanced Encryption Standard (AES) in which the encryption keys are generated using a Double Diagonal Puzzle (DDP) scheme. The recommended algorithm, DDPES-512 has been compared with ciphertext-policy attribute-based Encryption (CP-ABE) and CP-ABE with anonymization and signature and it was found that DDPES-512 is the more secure algorithm in terms of time taken to generate a secret key (the interval is decreased by 6.45% and the storage overhead of the cloud server was reduced by 12.90% in the cloud environment). [ABSTRACT FROM AUTHOR]

Published

2022

33. A novel role-mapping algorithm for enhancing highly collaborative access control system.

Author

Abdelfattah, Doaa, Hassan, Hesham A., and Omara, Fatma A.

Subjects

ALGORITHMS, ACCESS control, CLOUD computing, SCALABILITY

Abstract

The collaboration among different organizations is considered one of the main benefits of moving applications and services to a cloud computing environment. Unfortunately, this collaboration raises many challenges such as the access of sensitive resources by unauthorized people. Usually, Role-Based Access-Control (RBAC) model is deployed in large organizations. This paper addresses the scalability problem of the online stored rules. This problem affects the performance of the access control system due to increasing number of shared resources and/or number of collaborating organizations in the same cloud environment. Therefore, this paper proposes replacing the cross-domain RBAC rules with Role-To-Role (RTR) mapping rules among all organizations. The RTR mapping rules are generated using a newly proposed Role-Mapping algorithm. A comparative study is performed to evaluate the proposed algorithm's performance with concerning the Rule-Store size and the authorization response time. According to the results, it is found that the proposed algorithm reduces the number of stored rules which minimizes the Rule-Store size and reduces the authorization response time. Additionally, this paper proposes applying a concurrent approach on the RTR mapping model using the proposed Role-Mapping algorithm to achieve more savings in the authorization response time. Therefore, it will be suitable in highly-collaborative cloud environments. [ABSTRACT FROM AUTHOR]

Published

2022

34. Powerful authentication regime applicable to naval OFP integrated development (PARANOID): a vision for non-circumventable code signing and traceability for embedded avionics software

Author

Garcia, Joe, Shannon, Russell, Jacobson, Aaron, Mosca, William, Burger, Michael, and Maldonado, Roberto

Published

2021

35. Powerful authentication regime applicable to naval OFP integrated development (PARANOID): a vision for non-circumventable code signing and traceability for embedded avionics software

Author

Joe Garcia, Russell Shannon, Aaron Jacobson, William Mosca, Michael Burger, and Roberto Maldonado

Subjects

software development, blockchain, cybersecurity, operational flight program, secure development environment, secure virtual machine, zero trust, embedded systems, mission-critical systems, ofp, devops, devsecops, software support activity, ssa, sde, permissioned blockchain, cryptocurrency, time-limited authorization for developer action, tada, code signing, trusted software guard, sgx, trusted execution technology, txt, trusted platform module, self-hosting, controlled access blockchain, cablock, role-based access control, rbac, Military Science

Abstract

Purpose – This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software support activity (SSA), with said paradigm supporting strong traceability and provability concerning the SSA’s output product, known as an operational flight program (OFP). Through a secure development environment (SDE), each critical software development function performed on said OFP during its development has a corresponding record represented on a blockchain. Design/methodology/approach – An SDE is implemented as a virtual machine or container incorporating software development tools that are modified to support blockchain transactions. Each critical software development function, e.g. editing, compiling, linking, generates a blockchain transaction message with associated information embedded in the output of a said function that, together, can be used to prove integrity and support traceability. An attestation process is used to provide proof that the toolchain containing SDE is not subject to unauthorized modification at the time said critical function is performed. Findings – Blockchain methods are shown to be a viable approach for supporting exhaustive traceability and strong provability of development system integrity for mission-critical software produced by an NAE SSA for NAE embedded systems software. Practical implications – A blockchain-based authentication approach that could be implemented at the OFP point-of-load would provide for fine-grain authentication of all OFP software components, with each component or module having its own proof-of-integrity (including the integrity of the used development tools) over its entire development history. Originality/value – Many SSAs have established control procedures for development such as check-out/check-in. This does not prove the SSA output software is secure. For one thing, a build system does not necessarily enforce procedures in a way that is determinable from the output. Furthermore, the SSA toolchain itself could be attacked. The approach described in this paper enforces security policy and embeds information into the output of every development function that can be cross-referenced to blockchain transaction records for provability and traceability that only trusted tools, free from unauthorized modifications, are used in software development. A key original concept of this approach is that it treats assigned developer time as a transferable digital currency.

Published

2021

36. Role Mining: Survey and Suggestion on Role Mining in Access Control

Author

Jia, Jinsuo, Guan, Jianfeng, Wang, Lili, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, You, Ilsun, editor, Chen, Hsing-Chung, editor, Leu, Fang-Yie, editor, and Kotenko, Igor, editor

Published

2020

37. Improvements Based on JWT and RBAC for Spring Security Framework

Author

Zhang, Gongxuan, Zhang, Mingyue, Fan, Xinyi, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Yu, Shui, editor, Mueller, Peter, editor, and Qian, Jiangbo, editor

Published

2020

38. Using Sugiyama-Styled Graphs to Directly Manipulate Role-Based Access Control Configurations

Author

Bertard, Anja, Kopp, Jennifer-Kathrin, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Kotenko, Igor, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Stephanidis, Constantine, editor, and Antona, Margherita, editor

Published

2020

39. The Study on the Access Mechanism for My Health Bank

Author

Wu, Mei-Yu, Ke, Chih-Kun, Chung, Li-Hao, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Hirche, Sandra, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Möller, Sebastian, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zhang, Junjie James, Series Editor, Hung, Jason C., editor, Yen, Neil Y., editor, and Chang, Jia-Wei, editor

Published

2020

40. Role-Based Authorization and Authentication Framework for Remote Service Access by In-Vehicle Users

Author

Goel, Diksha, Quamara, Megha, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Hirche, Sandra, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Möller, Sebastian, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zhang, Junjie James, Series Editor, Kumar, Amit, editor, Paprzycki, Marcin, editor, and Gunjan, Vinit Kumar, editor

Published

2020

41. Streamlining Certification Management with Automation and Certification Retrieval : System development using ABP Framework, Angular, and MongoDB

Author

Hassan, Nour Al Dine and Hassan, Nour Al Dine

Abstract

This thesis examines the certification management challenge faced by Integrity360. The decentralized approach, characterized by manual processes and disparate data sources, leads to inefficient tracking of certification status and study progress. The main objective of this project was to construct a system that automates data retrieval, ensures a complete audit, and increases security and privacy. Leveraging the ASP.NET Boilerplate (ABP) framework, Angular, and MongoDB, an efficient and scalable system was designed, developed, and built based on DDD (domain-driven design) principles for a modular and maintainable architecture. The implemented system automates data retrieval from the Credly API, tracks exam information, manages exam vouchers, and implements a credible authentication system with role-based access control. With the time limitations behind the full-scale implementation of all the planned features, such as a dashboard with aggregated charts and automatic report generation, the platform significantly increases the efficiency and precision of employee certification management. Future work will include these advanced functionalities and integrations with external platforms to improve the system and increase its impact on operations in Integrity360.

Published

2024

42. Hospital Management using Gin Framework

Author

Sona S, Thashmigaa E M, Menaha C., Sona S, Thashmigaa E M, and Menaha C.

Abstract

The ever-evolving landscape of healthcare necessitates the development of efficient Hospital Management Systems (HMS) to optimize operational workflows and facilitate superior patient care. This paper introduces the design and implementation of an HMS using the Gin Framework, a lightweight and versatile web framework tailored for the Go programming language. The proposed HMS encompasses essential modules, such as patient registration, appointment scheduling, electronic health records (EHR), inventory management, and billing. Leveraging the Gin Framework's performance-oriented architecture, the system aims to streamline administrative processes, improve communication among healthcare professionals, and elevate the overall quality of healthcare services. The Gin Framework serves as the underpinning technology for the web application, offering a robust and scalable foundation. Through the utilization of RESTful API endpoints, the system ensures seamless integration with external services and devices, emphasizing interoperability and future scalability. Key functionalities of the HMS include user authentication, role-based access control, real-time updates, and a user-friendly interface. The implementation adheres to industry best practices, prioritizing security, data integrity, and compliance with healthcare standards. System evaluation involves comprehensive usability testing, performance analysis, and feedback solicitation from healthcare professionals and administrators. Results indicate that the HMS developed with the Gin Framework meets the requirements of a contemporary healthcare environment, delivering efficiency gains, improved data accuracy, and enhanced communication. In conclusion, this paper showcases the feasibility and efficacy of employing modern web frameworks, specifically the Gin Framework, to develop scalable and feature-rich healthcare management solutions. The proposed HMS contributes to ongoing efforts to enhance efficiency and quality in health

Published

2024

43. A Clark-Wilson and ANSI role-based access control model

Author

Tsegaye, Tamir and Flowerday, Stephen

Published

2020

44. ReportFlow: an application for EEG visualization and reporting using cloud platform

Author

S. Bertuccio, G. Tardiolo, F. M. Giambò, G. Giuffrè, R. Muratore, C. Settimo, A. Raffa, S. Rigano, A. Bramanti, N. Muscarà, and M. C. De Cola

Subjects

Cloud, Public key, Security, Privacy, Role-based access control, Medical reports, Computer applications to medicine. Medical informatics, R858-859.7

Abstract

Abstract Background The cloud is a promising resource for data sharing and computing. It can optimize several legacy processes involving different units of a company or more companies. Recently, cloud technology applications are spreading out in the healthcare setting as well, allowing to cut down costs for physical infrastructures and staff movements. In a public environment the main challenge is to guarantee the patients’ data protection. We describe a cloud-based system, named ReportFlow, developed with the aim to improve the process of reporting and delivering electroencephalograms. Methods We illustrate the functioning of this application through a use-case scenario occurring in an Italian hospital, and describe the corresponding key encryption and key management used for data security guarantee. We used the X2 test or the unpaired Student t test to perform pre-post comparisons of some indexes, in order to evaluate significant changes after the application of ReportFlow. Results The results obtained through the use of ReportFlow show a reduction of the time for exam reporting (t = 19.94; p

Published

2021

45. Policy-Based Access Control Scheme for Securing Hadoop Ecosystem

Author

Shetty, Madhvaraj M., Manjaiah, D. H., Hemdan, Ezz El-Din, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Balas, Valentina Emilia, editor, Sharma, Neha, editor, and Chakrabarti, Amlan, editor

Published

2019

46. A New RFID Middleware and BagTrac Application

Author

Rouchdi, Yassir, Haibi, Achraf, El Yassini, Khalid, Boulmalf, Mohammed, Oufaska, Kenza, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, and Ezziyyani, Mostafa, editor

Published

2019

47. Automated Security Analysis of Authorization Policies with Contextual Information

Author

Dinh, Khai Kim Quoc, Truong, Anh, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Hameurlain, Abdelkader, editor, Wagner, Roland, editor, and Dang, Tran Khanh, editor

Published

2019

48. Adventures in the Analysis of Access Control Policies

Author

Truong, Anh, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Dang, Tran Khanh, editor, Küng, Josef, editor, Takizawa, Makoto, editor, and Bui, Son Ha, editor

Published

2019

49. Genetic Algorithm-Based Deep Learning Ensemble for Detecting Database Intrusion via Insider Attack

Author

Bu, Seok-Jun, Cho, Sung-Bae, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Pérez García, Hilde, editor, Sánchez González, Lidia, editor, Castejón Limas, Manuel, editor, Quintián Pardo, Héctor, editor, and Corchado Rodríguez, Emilio, editor

Published

2019

50. A Secure Access Control Framework for Cloud Management.

Author

Zhang, Jiawei, Lu, Ning, Ma, Jianfeng, Wang, Ruixiao, and Shi, Wenbo

Subjects

*ACCESS control, *PUBLIC key cryptography, *STATISTICAL decision making, *CLOUD computing

Abstract

Cloud operating system (Cloud OS) is the heart of cloud management platform that takes control of various cloud resources. Therefore, it attracts numerous attacks, especially unauthorized access. Many existing works adopt role-based access control (RBAC) model for Cloud OS access control and token-based approaches as user credentials of sessions or transactions between users and cloud, but they fail to resist privilege abuse caused by RBAC policy rules tampering or token hijacking. To addresses this challenging problem, we propose a secure access control framework suitable for resource-centric Cloud OS. For one thing, we propose a new authorization model with cryptographically protected RBAC policy rules. To solve the policy decision problem caused by encrypted policy rules in this model, an approach is developed to transform it into permission searching problem and we further propose a policy decision scheme based on this. For another thing, we achieve user token unlinkability and token-replay-attack resistance by introducing randomization mechanism and leveraging one-show token technique. A proof of concept implementation has been developed and the proposed scheme is proven secure and efficient by security analysis and the performance evaluation. [ABSTRACT FROM AUTHOR]

Published

2022