An adaptive control mechanism for access control in large-scale distributed systems

2013 ◽  
Vol 36 (1) ◽  
pp. 26-37 ◽  
Author(s):  
Xiaofeng Jiang ◽  
Jun Li ◽  
Hongsheng Xi
Keyword(s):  
Adaptive Control ◽  
Distributed Systems ◽  
Access Control ◽  
Large Scale ◽  
Control Mechanism

Security

2010 ◽  
pp. 194-216
Author(s):  
Valentin Cristea ◽  
Ciprian Dobre ◽  
Corina Stratan ◽  
Florin Pop
Keyword(s):  
Distributed Systems ◽  
Access Control ◽  
Key Management ◽  
Secure Communication ◽  
Large Scale ◽  
Internet Banking ◽  
Distributed Applications ◽  
Sensitive Information ◽  
Security Research ◽  
Security Models

Security in distributed systems is a combination of confidentiality, integrity and availability of their components. It mainly targets the communication channels between users and/or processes located in different computers, the access control of users / processes to resources and services, and the management of keys, users and user groups. Distributed systems are more vulnerable to security threats due to several characteristics such as their large scale, the distributed nature of the control, and the remote nature of the access. In addition, an increasing number of distributed applications (such as Internet banking) manipulate sensitive information and have special security requirements. After discussing important security concepts in the Background section, this chapter addresses several important problems that are at the aim of current research in the security of large scale distributed systems: security models (which represent the theoretical foundation for solving security problems), access control (more specific the access control in distributed multi-organizational platforms), secure communication (with emphasis on the secure group communication, which is a hot topic in security research today), security management (especially key management for collaborative environments), secure distributed architectures (which are the blueprints for designing and building security systems), and security environments / frameworks.

Research on SPKI/SDSI Cridencials and RT0 Cridencials

2011 ◽  
Vol 403-408 ◽  
pp. 2176-2179
Author(s):  
Xiu Hua Geng ◽  
Xiao Lei Zhang
Keyword(s):  
Access Control ◽  
Trust Management ◽  
Large Scale ◽  
Control Mechanism ◽  
Management Systems ◽  
Distributed Access Control ◽  
Large Scale Network ◽  
Scale Network ◽  
Access Control Mechanism

Trust management is a distributed access control mechanism for open, large-scale network. SPKI/SDSI and RT0 are typical trust management systems. This paper compares the different crendentials in those systems essentially, and the result shows that although RT0 crendentials are relatively simple, they are expressively eauivalent to SPKI/SDSI crendentials.

Efficient Update Control of Bloom Filter Replicas in Large Scale Distributed Systems

2010 ◽  
pp. 785-807 ◽  
Author(s):  
Yifeng Zhu ◽  
Hong Jiang
Keyword(s):  
Distributed Systems ◽  
Large Scale ◽  
Control Mechanism ◽  
False Negative ◽  
Bloom Filter ◽  
Analytical Models ◽  
Bloom Filters ◽  
Distributed Environment ◽  
Membership Query ◽  
Efficient Data

This chapter discusses the false rates of Bloom filters in a distributed environment. A Bloom filter (BF) is a space-efficient data structure to support probabilistic membership query. In distributed systems, a Bloom filter is often used to summarize local services or objects and this Bloom filter is replicated to remote hosts. This allows remote hosts to perform fast membership query without contacting the original host. However, when the services or objects are changed, the remote Bloom replica may become stale. This chapter analyzes the impact of staleness on the false positive and false negative for membership queries on a Bloom filter replica. An efficient update control mechanism is then proposed based on the analytical results to minimize the updating overhead. This chapter validates the analytical models and the update control mechanism through simulation experiments.

A Comprehensive Review of Access Control Mechanism Based on Attribute Based Encryption Scheme for Cloud Computing

2019 ◽  
Vol 11 (3) ◽  
pp. 33-52
Author(s):  
Lokesh B. Bhajantri ◽  
Tabassum N. Mujawar
Keyword(s):  
Cloud Computing ◽  
Access Control ◽  
Large Scale ◽  
Control Mechanism ◽  
Fine Grained ◽  
Prevailing Paradigm ◽  
Attribute Based Encryption ◽  
Encryption Schemes ◽  
Access Control Mechanism ◽  
A New Technique

Cloud computing is the most prevailing paradigm, which provides computing resources and services over the Internet. Due to immense development in services provided by cloud computing, the trend to share large-scale and confidential data on cloud has been increased. Though cloud computing provides many benefits, ensuring security of the data stored in cloud is the biggest challenge. The security concern about the data becomes main barrier for adoption of cloud. One of the important security aspects is fine grained access control mechanism. The most widely used and efficient access control scheme for cloud computing is Attribute Based Encryption (ABE). The Attribute Based Encryption (ABE) scheme provides a new technique for embedding access policies cryptographically into encryption process. The article presents an overview of various existing attribute-based encryption schemes and traditional access control models. Also, the comparison of existing ABE schemes for cloud computing, on basis of various criteria is presented in the article.

scholarly journals An analysis on the revoking mechanisms for JSON Web Tokens

2018 ◽  
Vol 14 (9) ◽  
pp. 155014771880153 ◽  
Author(s):  
László Viktor Jánoky ◽  
János Levendovszky ◽  
Péter Ekler
Keyword(s):  
Distributed Systems ◽  
Internet Of Things ◽  
Access Control ◽  
Large Scale ◽  
Low Complexity ◽  
Wide Spread ◽  
Significant Performance ◽  
User Access

JSON Web Tokens provide a scalable solution with significant performance benefits for user access control in decentralized, large-scale distributed systems. Such examples would entail cloud-based, micro-services styled systems or typical Internet of Things solutions. One of the obstacles still preventing the wide-spread use of JSON Web Token–based access control is the problem of invalidating the issued tokens upon clients leaving the system. Token invalidation presently takes a considerable processing overhead or a drastically increased architectural complexity. Solving this problem without losing the main benefits of JSON Web Tokens still remains an open challenge which will be addressed in the article. We are going to propose some solutions to implement low-complexity token revocations and compare their characteristics in different environments with the traditional solutions. The proposed solutions have the benefit of preserving the advantages of JSON Web Tokens, while also adhering to stronger security constraints and possessing a finely tuneable performance cost.

scholarly journals Ensuring Purpose Limitation in Large-Scale Infrastructures with Provenance-Enabled Access Control

Sensors ◽  
2021 ◽  
Vol 21 (9) ◽  
pp. 3041
Author(s):  
Shizra Sultan ◽  
Christian D. Jensen
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Control Mechanism ◽  
Personal Information ◽  
Fair Share ◽  
Data Usage ◽  
Personalized Services ◽  
Access Control Mechanism ◽  
Distributed Infrastructures

The amount of data generated in today’s world has a fair share of personal information about individuals that helps data owners and data processors in providing them with personalized services. Different legal and regulatory obligations apply to all data owners collecting personal information, specifying they use it only for the agreed-upon purposes and in a transparent way to preserve privacy. However, it is difficult to achieve this in large-scale and distributed infrastructures as data is continuously changing its form, such as through aggregation with other sources or the generation of new transformed resources, resulting often in the loss or misinterpretation of the collection purpose. In order to preserve the authorized collection purposes, we propose data is added as a part of immutable and append-only resource metadata (provenance), to be retrieved by an access control mechanism when required for data-usage verification. This not only ensures purpose limitation in large-scale infrastructures but also provides transparency for individuals and auditing authorities to track how personal information is used.

Sign in / Sign up

Export Citation Format

Share Document