scholarly journals Trust Enhanced Role Based Access Control Using Genetic Algorithm

2018 ◽  
Vol 8 (6) ◽  
pp. 4724
Author(s):  
Saleh Mowla ◽  
Niharika Sinha ◽  
Raghavendra Ganiga ◽  
Nisha P. Shetty
Keyword(s):  
Genetic Algorithm ◽  
Access Control ◽  
Large Scale ◽  
Healthcare Organization ◽  
Small Scale ◽  
Role Based Access Control ◽  
Business Organizations ◽  
Hierarchical Nature ◽  
Role Based ◽  
Gain Access

<p>Improvements in technological innovations have become a boon for business organizations, firms, institutions, etc. System applications are being developed for organizations whether small-scale or large-scale. Taking into consideration the hierarchical nature of large organizations, security is an important factor which needs to be taken into account. For any healthcare organization, maintaining the confidentiality and integrity of the patients’ records is of utmost importance while ensuring that they are only available to the authorized personnel. The paper discusses the technique of Role-Based Access Control (RBAC) and its different aspects. The paper also suggests a trust enhanced model of RBAC implemented with selection and mutation only ‘Genetic Algorithm’. A practical scenario involving healthcare organization has also been considered. A model has been developed to consider the policies of different health departments and how it affects the permissions of a particular role. The purpose of the algorithm is to allocate tasks for every employee in an automated manner and ensures that they are not over-burdened with the work assigned. In addition, the trust records of the employees ensure that malicious users do not gain access to confidential patient data.</p>

An Audit-Integrated ARBAC Model

2012 ◽  
Vol 263-266 ◽  
pp. 1600-1604
Author(s):  
Qiang Liu ◽  
Jian Hua Zhang
Keyword(s):  
Access Control ◽  
Decision Process ◽  
Large Scale ◽  
Control Model ◽  
Main Stream ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Distributed Application ◽  
Role Based ◽  
Set Up

Role-Based Access Control (RBAC) model is the main-stream access control model. When addressing large-scale and distributed application, the highest Security Administrator(SA) of RBAC model always try to transfer his management authority to his inferior SAs to decrease his workload. However, How to ensure that these inferior SAs perform their management authorities legally is a big problem. Although there are a technology framework of administrative RBAC model, named ARBAC97, the supervise mechanism and audit mechanism on the utilization of transferred authorities is incomplete in RBAC model. In this research, an audit-integrated ARBAC (au-ARBAC) model is presented. In the au-ARBAC model, a right and liability mechanism has been set up, an audit role is defined and auditing permission is assigned to this role. At the same time, we put forwards two types basic audit business: routine audit and accident audit. As to accident audit, a decision process for division of responsibility is designed to clarify the responsibility of wrongdoer SAs. The Au-ARBAC model can help to improve the Consciousness of authorization responsibility and to perform their management authorities responsibly and legally.

scholarly journals Secure administration of cryptographic role-based access control for large-scale cloud storage systems

2014 ◽  
Vol 80 (8) ◽  
pp. 1518-1533 ◽  
Author(s):  
Lan Zhou ◽  
Vijay Varadharajan ◽  
Michael Hitchens
Keyword(s):  
Access Control ◽  
Cloud Storage ◽  
Large Scale ◽  
Storage Systems ◽  
Role Based Access Control ◽  
Role Based

scholarly journals Access Control Role Evolution Mechanism for Open Computing Environment

Electronics ◽  
2020 ◽  
Vol 9 (3) ◽  
pp. 517
Author(s):  
Aodi Liu ◽  
Xuehui Du ◽  
Na Wang
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Current System ◽  
Data Sets ◽  
Role Based Access Control ◽  
Real World Data ◽  
Evolution Mechanism ◽  
Role Relationship ◽  
Computing Environments ◽  
Role Based

Data resources in open computing environments (including big data, internet of things and cloud computing) are characterized by large scale, wide source, and strong dynamics. Therefore, the user-permission relationship of open computing environments has a huge scale and will be dynamically adjusted over time, which enables effective permission management in the role based access control (RBAC) model to become a challenging problem. In this paper, we design an evolution mechanism of access control roles for open computing environments. The mechanism utilizes the existing user-permission relationship in the current system to mine the access control role and generate the user-role and role-permission relationship. When the user-permission relationship changes, the roles are constantly tuned and evolved to provide role support for access control of open computing environments. We propose a novel genetic-based role evolution algorithm that can effectively mine and optimize roles while preserving the core permissions of the system. In addition, a role relationship aggregation algorithm is proposed to realize the clustering of roles, which provides a supplementary reference for the security administrator to give the role real semantic information. Experimental evaluations in real-world data sets show that the proposed mechanism is effective and reliable.

Mining Least Privilege Roles by Genetic Algorithm

2011 ◽  
Vol 121-126 ◽  
pp. 4508-4512
Author(s):  
Li Jun Dong ◽  
Mao Cai Wang ◽  
Xiao Jun Kang
Keyword(s):  
Genetic Algorithm ◽  
Access Control ◽  
Role Based Access Control ◽  
Formal Definition ◽  
Generic Algorithm ◽  
Important Constraint ◽  
Least Privilege ◽  
Role Based

Role-based access control (RBAC) has been adopted widely by reducing the complexity of the management of access control. The least privilege principle is a very important constraint policy of RBAC. A key problem related to this is the notion of goodness/interestingness – when is a role good? Devising a complete and correct set of roles for supporting the least privilege principle has been recognized as one of the most important tasks in implementing RBAC. In this paper, to address this problem, we map this problem to a formal definition in mathematics – δ-approx least privilege mining (δ-approx LPM). We introduce a method named GABM to enforce LPM based on the generic algorithm. By GABM, the least privilege roles can be found out correctly. Our experiments display the effect of GABM. Finally, we conclude our work.

On Ontology of Integration Between Access Control and Business Process Deep Structure

2020 ◽  
pp. 226-246
Author(s):  
Sérgio Luís Guerreiro
Keyword(s):  
Access Control ◽  
Business Process ◽  
Business Processes ◽  
Deep Structure ◽  
Role Based Access Control ◽  
Access Control Models ◽  
Role Based ◽  
Industrial Standards ◽  
Logic Description ◽  
Gain Access

Access control models (ACM) offers the guarantee that only the qualified users can gain access to the artifacts contained in business processes. Business processes are designed, implemented, and operated using many industrial standards that challenge the interoperation with access control standards. Enterprise engineering (EE) introduces rigorous capabilities to design and implement the essential concepts related with the dynamic of business processes. ACM deals with the systematic design and implementation of dynamic and static access control concepts to qualify the access of the users to the artifacts. This chapter proposes an ontological integration between EE and ACM concepts in order to enable the discussion of access control in the deep structure of the business processes. ACM integrated with EE allow the run-time qualification of the actors while they perform all the business process steps and not only at invocation time. The proposal encompasses business process designed with DEMO ontology and role-based access control concepts using a mathematical model logic description.

Securing Event-Based Systems

2010 ◽  
pp. 119-139 ◽  
Author(s):  
Jean Bacon ◽  
David Eyers ◽  
Jatinder Singh
Keyword(s):  
Distributed Systems ◽  
Access Control ◽  
Environmental Monitoring ◽  
Large Scale ◽  
Role Based Access Control ◽  
Selective Encryption ◽  
Role Based ◽  
Point To Point ◽  
Event Based ◽  
Administrative Domains

The scalability properties of event-based communication paradigms make them suitable for building large-scale distributed systems. For effective management at the application level, such systems often comprise multiple administrative domains, although their underlying communication infrastructure can be shared. Examples of such systems include those required by government and public bodies for domains such as healthcare, police, transport and environmental monitoring. We investigate how to build security into these systems. We outline point-to-point and publish/subscribe event-based communication, and examine security implications in each. Publish/subscribe decouples communicating entities. This allows for efficient event dissemination, however it makes controlling data visibility more difficult. Some data is sensitive and must be protected for personal and legal reasons. Large pub/sub systems distribute events using intermediate broker nodes. Some brokers may not be fully trusted. We discuss how selective encryption can effect security without impacting on content-based routing, and the implications of federated multi-domain systems.We discuss the specification of policy using role-based access control, and demonstrate how to enforce the security of the communications API and the broker network.

scholarly journals BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT

Computers ◽  
2018 ◽  
Vol 7 (3) ◽  
pp. 39 ◽  
Author(s):  
Ronghua Xu ◽  
Yu Chen ◽  
Erik Blasch ◽  
Genshe Chen
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Smart Cities ◽  
Single Point ◽  
Raspberry Pi ◽  
Role Based Access Control ◽  
Privacy And Security ◽  
Smart Contract ◽  
Attribute Based Access Control ◽  
Role Based

While Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today’s AC is the centralized authorization server, which can cause a performance bottleneck or be the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices, services and information in large-scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI nodes) and more powerful computing devices (i.e., laptops) and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.

scholarly journals BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for IoT

2018 ◽  
Author(s):  
Ronghua Xu ◽  
Yu Chen ◽  
Erik Blasch ◽  
Genshe Chen
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Smart Cities ◽  
Single Point ◽  
Raspberry Pi ◽  
Role Based Access Control ◽  
Privacy And Security ◽  
Smart Contract ◽  
Attribute Based Access Control ◽  
Role Based

While the Internet of Things (IoT) technology has been widely recognized as the essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today's AC is the centralized authorization server, which can be the performance bottleneck or the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable an effective protection for devices, services and information in large scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registering, propagating and revocating of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI node) and more powerful computing devices (i.e., laptops), and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.

scholarly journals A 4D-Role Based Access Control Model for Multitenancy Cloud Platform

2016 ◽  
Vol 2016 ◽  
pp. 1-16 ◽  
Author(s):  
Jiangfeng Li ◽  
Zhenyu Liao ◽  
Chenxi Zhang ◽  
Yang Shi
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Control Model ◽  
Role Based Access Control ◽  
Cloud Platform ◽  
Access Control Model ◽  
Role Hierarchy ◽  
User Access ◽  
Role Based ◽  
Novel Concept

Since more and more applications and services have been transferred from servers in the B/S architecture to cloud, user access control has become a significant part in a multitenancy cloud platform. Role based access control model makes users participate in an enterprise system as particular identities. However, in a multitenancy cloud environment, it has a high probability that the information of tenants has been leaked by using existing role based access control (RBAC) model. Moreover, management problems may emerge in the multitenancy platform with the increment of the number of tenants. In this paper, a novel concept of 4D-role is presented. With a detailed definition on the concept of 4D-role, a 4D-role based multitenancy model is proposed for running various applications and services in the multitenancy cloud platform. A theoretical analysis indicates that the model has the characters of tenant isolation, role hierarchy, and administration independence. The three characters are also verified by experimental evaluation. Moreover, the evaluation results indicate that the model has a good performance in using cloud resources when large-scale users are operating in the cloud platform simultaneously.

Sign in / Sign up

Export Citation Format

Share Document