Fine-Grained Role- and Attribute-Based Access Control for Web Applications

2013 ◽  
pp. 171-187 ◽  
Author(s):  
Seyed Hossein Ghotbi ◽  
Bernd Fischer
Keyword(s):  
Access Control ◽  
Web Applications ◽  
Fine Grained ◽  
Attribute Based Access Control

scholarly journals Practical Multiauthority Attribute-Based Access Control for Edge-Cloud-Aided Internet of Things

2021 ◽  
Vol 2021 ◽  
pp. 1-22
Author(s):  
Kaiqing Huang ◽  
Xueli Wang ◽  
Zhiqiang Lin
Keyword(s):  
Internet Of Things ◽  
Access Control ◽  
Data Access ◽  
Edge Computing ◽  
Fine Grained ◽  
Technical Requirements ◽  
Data Access Control ◽  
Heavy Burden ◽  
Attribute Based Access Control ◽  
Access Privileges

With the assistance of edge computing which reduces the heavy burden of the cloud center server by using the network edge servers, the Internet of Things (IoTs) architectures enable low latency for real-time devices and applications. However, there still exist security challenges on data access control for the IoT. Multiauthority attribute-based encryption (MA-ABE) is a promising technique to achieve access control over encrypted data in cross-domain applications. Based on the characteristics and technical requirements of the IoT, we propose an efficient fine-grained revocable large universe multiauthority access control scheme. In the proposed scheme, the most expensive encryption operations have been executed in the user’s initialization phase by adding a reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Massive decryption operations are outsourced to the near-edge servers for reducing the computation overhead of decryption. An efficient revocation mechanism is designed to change users’ access privileges dynamically. Moreover, the scheme supports ciphertext verification. Only valid ciphertext can be stored and transmitted, which saves system resources. With the help of the chameleon hash function, the proposed scheme is proven CCA2-secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable in edge computing for the IoT.

scholarly journals Hybrid Role and Attribute Based Access Control Applied in Information Systems

2021 ◽  
Vol 21 (3) ◽  
pp. 85-96
Author(s):  
Maria Penelova
Keyword(s):  
Information Systems ◽  
Access Control ◽  
Accounting Information ◽  
Role Based Access Control ◽  
Accounting Information System ◽  
Fine Grained ◽  
Proposed Model ◽  
Control Scheme ◽  
Attribute Based Access Control ◽  
Role Based

Abstract It this paper it is proposed a new access control model – Hybrid Role and Attribute Based Access Control (HRABAC). It is an extension of Role-Based Access Control (RBAC). HRABAC is designed for information systems and enterprise software and combines the advantages of RBAC and Attribute-Based Access Control (ABAC). HRABAC is easy configurable, fine-grained and supports role hierarchies. The proposed model HRABAC describes the access control scheme in Laravel package laravelroles/rolespermissions, which is developed by the author of the paper, as an answer to the requirements of practice of fine-grained and easy configurable access control solution. Laravel is chosen, because it is the most popular and the most widely used PHP framework. The package laravelroles/rolespermissions is developed on Laravel so that maximum number of programmers could use it. This package contains working and tested functionalities for managing users, roles and permissions, and it is applied in accounting information system.

A JSON-Based Fast and Expressive Access Control Policy Framework

2019 ◽  
pp. 70-91
Author(s):  
Hao Jiang ◽  
Ahmed Bouabdallah
Keyword(s):  
Access Control ◽  
Rapid Development ◽  
Control Policy ◽  
Policy Framework ◽  
Shared Resources ◽  
Policy Language ◽  
Memory Space ◽  
Fine Grained ◽  
Attribute Based Access Control ◽  
Time Critical

Along with the rapid development of ICT technologies, new areas like Industry 4.0, IoT, and 5G have emerged and brought out the need for protecting shared resources and services under time-critical and energy-constrained scenarios with real-time policy-based access control. To achieve this, the policy language needs to be very expressive but lightweight and efficient. These challenges are investigated and a set of key requirements for such a policy language is identified. JACPoL is accordingly introduced as a descriptive, scalable, and expressive policy language in JSON. JACPoL by design provides a flexible and fine-grained ABAC style (attribute-based access control) while it can be easily tailored to express other access control models. The design and implementation of JACPoL are illustrated together with its evaluation in comparison with other existing policy languages. The result shows that JACPoL can be as expressive as existing ones but more simple, scalable, and efficient. The performance evaluation shows that JACPoL requires much less processing time and memory space than XACML.

scholarly journals AACS: Attribute-Based Access Control Mechanism for Smart Locks

Symmetry ◽  
2020 ◽  
Vol 12 (6) ◽  
pp. 1050
Author(s):  
Zhenghao Xin ◽  
Liang Liu ◽  
Gerhard Hancke
Keyword(s):  
Access Control ◽  
Control Mechanism ◽  
Multiple Roles ◽  
Control Mechanisms ◽  
Fine Grained ◽  
Identity Based ◽  
Access Control Mechanism ◽  
Attribute Based Access Control ◽  
Hierarchical Management ◽  
Management Issues

This article researched the security and application of smart locks in Internet of Things environments in the domain of computer and engineer science and symmetry. Smart locks bring much convenience for users. However, most smart lock systems are cloud-based and it is problematic managing and enforcing the permissions of an authorized device if the device is offline. Moreover, most smart lock systems lack fine-grained access control and cascading removal of permissions. In this paper, we leverage attribute-based access control mechanisms to manage the access of visitors with different identities. We use identity-based encryption to verify the identity of the visitor. In our proposed system, the administrator uses the policy set in the smart lock to implement access control on the device side, which reduces the dependence of access control on the server. We set attributes such as role, time, date, and location to have fine-grained control over access to different permissions and roles that might appear in the house. And the scheme provides the cascading delete function while providing the group access function. Our solution considers multiple roles in the home as well as hierarchical management issues, and improves the applicability of the smart lock system in complex residential and commercial situations. In the experimental section, we show that our system can be applied to premises with many different inhabitant identities.

scholarly journals Extended Authorization Policy for Graph-Structured Data

2021 ◽  
Vol 2 (5) ◽  
Author(s):  
Aya Mohamed ◽  
Dagmar Auer ◽  
Daniel Hofer ◽  
Josef Küng
Keyword(s):  
Access Control ◽  
Control Process ◽  
Structured Data ◽  
Fine Grained ◽  
Starting Point ◽  
Authorization Policies ◽  
Attribute Based Access Control ◽  
Model Database ◽  
Definition Of ◽  
The University

AbstractThe high increase in the use of graph databases also for business- and privacy-critical applications demands for a sophisticated, flexible, fine-grained authorization and access control (AC) approach. Attribute-based access control (ABAC) supports a fine-grained definition of authorization rules and policies. Attributes can be associated with the subject, the requested resource and action, but also the environment. Thus, this is a promising starting point. However, specific characteristics of graph-structured data, such as attributes on vertices and edges along a path from a given subject to the resource to be accessed, are not yet considered. The well-established eXtensible Access Control Markup Language (XACML), which defines a declarative language for fine-grained, attribute-based authorization policies, is the basis for our proposed approach—XACML for Graph-structured data (XACML4G). The additional path-specific constraints, described in graph patterns, demand for specialized processing of the rules and policies as well as adapted enforcement and decision-making in the access control process. To demonstrate XACML4G and its enforcement process, we present a scenario from the university domain. Due to the project’s environment, the prototype is built with the multi-model database ArangoDB. Finally, compliance of XACML4G with quality standards for access control systems administration and enforcement is assessed. The results are promising and further studies concerning performance and use in practice are planned.

scholarly journals Integrity Checking in Cloud Storage and Policy Based User Revocation using Attribute Based Encryption

2019 ◽  
Vol 8 (3) ◽  
pp. 6905-6911
Keyword(s):  
Distributed Computing ◽  
Access Control ◽  
Online Information ◽  
Fine Grained ◽  
Attribute Based Encryption ◽  
Integrity Checking ◽  
Proposed Model ◽  
User Revocation ◽  
Access Control System ◽  
Attribute Based Access Control

Applications that range over various mists are frequently observed to be powerless against security dangers. Such profoundly heterogeneous situations need a fine-grained access control system like Attribute-based Access Control for upholding security. One of the most encouraging applications in distributed computing is online information sharing. Step by step instructions to share client information securely and productively has turned out to be one of the most testing issues in distributed computing. Be that as it may, this postures new provokes identified with making secure and solid information stockpiling over questionable specialist co-ops. The principle objective of distributed computing is the means by which to verify, secure the information and procedure. In this study, we find the issue of guaranteeing the respectability of data in cloud computing. Specifically, we consider techniques for decreasing the weight of producing a consistent measure of metadata at the customer side. Ascribe division chooses whether to momentarily disavow client approval as indicated by property subset. Furthermore, we propose another model called Policy-based Attribute Based Access Control (Pa-ABAC) utilizing half breed property based encryption. Our goal is to officially determine the conduct of various components of the proposed model in a cloud domain. This is imperative to build up a substantial security arrangement for a cloud situation free from determination mistakes and irregularities.

Sign in / Sign up

Export Citation Format

Share Document