A Novel Trust-Based Privacy Preserving Access Control Framework in Web Services Paradigm

2014 ◽  
pp. 441-453 ◽  
Author(s):  
Rekha Bhatia ◽  
Manpreet Singh
Keyword(s):  
Web Services ◽  
Access Control ◽  
Privacy Preserving ◽  
Control Framework

Web Service Access Control Based on Browser Fingerprint Detection

2021 ◽  
Author(s):  
Liu Hui ◽  
He Xudong ◽  
Gao Fan ◽  
Wang KaiLun ◽  
Yuan Enze
Keyword(s):  
Web Services ◽  
Access Control ◽  
Web Service ◽  
Data Access ◽  
Service Access ◽  
Web Data ◽  
Adversarial Learning ◽  
Data Access Control ◽  
Control Framework ◽  
Fingerprint Detection

Web services have covered all areas of social life, and various browsers have become necessary software on computers and mobile phones, and they are also the entrances to Web services. All kinds of threats to web data security continue to appear, so web services and browsers have become the focus of security. In response to the requirements of Web service for access entity identification and data access control, this paper proposes a multi-dimensional browser fingerprint detection method based on adversarial learning, and designs a Web service access control framework combined with browser fingerprint detection. Through the joint use of multi-dimensional browser features, adversarial learning is used to improve the accuracy and robustness of browser fingerprint detection; a cross-server and browser-side Web service access control framework is established by creating tags for Web data resources and access entities. Based on the mapping relationship between browser fingerprint detection entities and data resources, fine-grained hierarchical data access control is realized. Through experiments and analysis, the browser fingerprint detection method proposed in this paper is superior to existing machine learning detection methods in terms of accuracy and robustness. Based on the adversarial learning method, good detection results can be obtained in the case of a small number of user samples. At the same time, the open source data set is further used to verify the advantages of the method in this paper. The Web service access control framework can satisfy the requirements of Web data security control, is an effective supplement to user identification technology, and is implementable.

scholarly journals An access control framework for web services

2005 ◽  
Vol 13 (1) ◽  
pp. 29-38 ◽  
Author(s):  
M. Coetzee ◽  
J.H.P. Eloff
Keyword(s):  
Web Services ◽  
Access Control ◽  
Control Framework

PolyOrBAC

2011 ◽  
pp. 901-923 ◽  
Author(s):  
Anas Abou El Kalam ◽  
Yves Deswarte
Keyword(s):  
Web Services ◽  
Access Control ◽  
Web Service ◽  
Service Access ◽  
Control Mechanisms ◽  
Model Checker ◽  
Control Framework ◽  
The One ◽  
Organization Based Access Control ◽  
The Web

With the emergence of Web Services-based collaborative systems, new issues arise, in particular those related to security. In this context, Web Service access control should be studied, specified and enforced. This work proposes a new access control framework for Inter-Organizational Web Services: “PolyOr- BAC”. On the one hand, the authors extend OrBAC (Organization-Based Access Control Model) to specify rules for intra- as well as inter-organization access control; on the other hand, they enforce these rules by applying access control mechanisms dedicated to Web Services. Furthermore, the authors propose a runtime model checker for the interactions between collaborating organizations, to verify their compliance with previously signed contracts. In this respect, not only their security framework handles secure local and remote accesses, but also deals with competition and mutual suspicion between organizations, controls the Web Service workflows and audits the different interactions. In particular, every deviation from the signed contracts triggers an alarm, the concerned parties are notified, and audits can be used as evidence for a judge to sanction the party responsible for the deviation.

PolyOrBAC

2011 ◽  
pp. 537-557
Author(s):  
Anas Abou El Kalam ◽  
Yves Deswarte
Keyword(s):  
Web Services ◽  
Access Control ◽  
Web Service ◽  
Service Access ◽  
Control Mechanisms ◽  
Model Checker ◽  
Control Framework ◽  
The One ◽  
Organization Based Access Control ◽  
The Web

With the emergence of Web Services-based collaborative systems, new issues arise, in particular those related to security. In this context, Web Service access control should be studied, specified and enforced. This work proposes a new access control framework for Inter-Organizational Web Services: “PolyOr- BAC”. On the one hand, the authors extend OrBAC (Organization-Based Access Control Model) to specify rules for intra- as well as inter-organization access control; on the other hand, they enforce these rules by applying access control mechanisms dedicated to Web Services. Furthermore, the authors propose a runtime model checker for the interactions between collaborating organizations, to verify their compliance with previously signed contracts. In this respect, not only their security framework handles secure local and remote accesses, but also deals with competition and mutual suspicion between organizations, controls the Web Service workflows and audits the different interactions. In particular, every deviation from the signed contracts triggers an alarm, the concerned parties are notified, and audits can be used as evidence for a judge to sanction the party responsible for the deviation.

A Semantic-Aware Context-Based Access Control Framework for Mobile Web Services

2012 ◽  
Vol 195-196 ◽  
pp. 498-503 ◽  
Author(s):  
Hai Bo Shen ◽  
Yu Cheng
Keyword(s):  
Web Services ◽  
Access Control ◽  
Knowledge Base ◽  
Contextual Information ◽  
Control Mechanisms ◽  
Semantic Web Technologies ◽  
Mobile Web Services ◽  
Mobile Web ◽  
Access Control Policies ◽  
Control Framework

As computing technology becomes more pervasive and mobile services are deployed, applications will need flexible access control mechanisms. Unlike traditional approaches based on the identity/role for access control, access decisions for these applications will depend on the combination of the required attributes of users and the contextual information. This paper proposes a semantic-aware context-based access control framework (called SA_CBAC) to be applied in mobile web services environment by combining semantic web technologies with context-based access control mechanism. In order to handle context information in the framework, this paper proposes a context ontology to represent contextual information and employ it in the inference engine. This paper also focuses on access control policies and addresses these issues by representing context, user attributes and resource attributes in knowledge base and extending XACML to incorporate the knowledge base.

Sign in / Sign up

Export Citation Format

Share Document