scholarly journals BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for IoT

2018 ◽  
Author(s):  
Ronghua Xu ◽  
Yu Chen ◽  
Erik Blasch ◽  
Genshe Chen
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Smart Cities ◽  
Single Point ◽  
Raspberry Pi ◽  
Role Based Access Control ◽  
Privacy And Security ◽  
Smart Contract ◽  
Attribute Based Access Control ◽  
Role Based

While the Internet of Things (IoT) technology has been widely recognized as the essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today's AC is the centralized authorization server, which can be the performance bottleneck or the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable an effective protection for devices, services and information in large scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registering, propagating and revocating of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI node) and more powerful computing devices (i.e., laptops), and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.

scholarly journals BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT

Computers ◽  
2018 ◽  
Vol 7 (3) ◽  
pp. 39 ◽  
Author(s):  
Ronghua Xu ◽  
Yu Chen ◽  
Erik Blasch ◽  
Genshe Chen
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Smart Cities ◽  
Single Point ◽  
Raspberry Pi ◽  
Role Based Access Control ◽  
Privacy And Security ◽  
Smart Contract ◽  
Attribute Based Access Control ◽  
Role Based

While Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today’s AC is the centralized authorization server, which can cause a performance bottleneck or be the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices, services and information in large-scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI nodes) and more powerful computing devices (i.e., laptops) and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.

scholarly journals Object-Specific Role-Based Access Control

2019 ◽  
Vol 28 (01) ◽  
pp. 1950003 ◽  
Author(s):  
Nicolas Mundbrod ◽  
Manfred Reichert
Keyword(s):  
Information Systems ◽  
Access Control ◽  
Specific Role ◽  
Role Based Access Control ◽  
Proof Of Concept ◽  
Privacy And Security ◽  
Fine Grained ◽  
Specific Support ◽  
Attribute Based Access Control ◽  
Role Based

The proper management of privacy and security constraints in information systems in general and access control in particular constitutes a tremendous, but still prevalent challenge. Role-based access control (RBAC) and its variations can be considered as the widely adopted approach to realize authorization in information systems. However, RBAC lacks a proper object-specific support, which disallows establishing the fine-grained access control required in many domains. By comparison, attribute-based access control (ABAC) enables a fine-grained access control based on policies and rules evaluating attributes. As a drawback, ABAC lacks the abstraction of roles. Moreover, it is challenging to engineer and to audit the granted privileges encoded in rule-based policies. This paper presents the generic approach of object-specific role-based access control (ORAC). On one hand, ORAC enables information system engineers, administrators and users to utilize the well-known principle of roles. On the other hand, ORAC allows realizing the access to objects in a fine-grained way where required. The approach was systematically established according to well-elicited key requirements for fine-grained access control in information systems. For the purpose of evaluation, the approach was applied to real-world scenarios and implemented in a proof-of-concept prototype demonstrating its feasibility and applicability.

scholarly journals A Survey on Securing and Optimizing Health Care Bigdata

2018 ◽  
Vol 7 (4.10) ◽  
pp. 504
Author(s):  
K. Kavitha ◽  
D. Anuradha ◽  
P. Pandian
Keyword(s):  
Health Care ◽  
Big Data ◽  
Access Control ◽  
Mathematical Optimization ◽  
Optimization Techniques ◽  
Role Based Access Control ◽  
Attribute Based Access Control ◽  
Optimization And Simulation ◽  
Role Based ◽  
The Cost

Huge amount of health care data are available online to improve the overall performance of health care system. Since this huge health care Big-data is valuable and sensitive, it requires safety. In this paper we analyze numerous ways in which the health care Big-data can be protected. In recent days many augmented security algorithm that are suitable for Big-data have emerged like, El-Gamal, Triple-DES, and Homomorphic algorithms. Also authentication and access control can be implemented over Big-data using Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) schemes.Along with security to Big-data we try to evolve the ways in which the valuable Big-data can be optimized to improve the Big-data analysis. Mathematical optimization techniques such as simple and multi-purpose optimization and simulation are employed in Big-data to maximize the patient satisfaction and usage of doctor’s consulting facility. And also, to minimize the cost spent by patient and energy wasted.  

An Audit-Integrated ARBAC Model

2012 ◽  
Vol 263-266 ◽  
pp. 1600-1604
Author(s):  
Qiang Liu ◽  
Jian Hua Zhang
Keyword(s):  
Access Control ◽  
Decision Process ◽  
Large Scale ◽  
Control Model ◽  
Main Stream ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Distributed Application ◽  
Role Based ◽  
Set Up

Role-Based Access Control (RBAC) model is the main-stream access control model. When addressing large-scale and distributed application, the highest Security Administrator(SA) of RBAC model always try to transfer his management authority to his inferior SAs to decrease his workload. However, How to ensure that these inferior SAs perform their management authorities legally is a big problem. Although there are a technology framework of administrative RBAC model, named ARBAC97, the supervise mechanism and audit mechanism on the utilization of transferred authorities is incomplete in RBAC model. In this research, an audit-integrated ARBAC (au-ARBAC) model is presented. In the au-ARBAC model, a right and liability mechanism has been set up, an audit role is defined and auditing permission is assigned to this role. At the same time, we put forwards two types basic audit business: routine audit and accident audit. As to accident audit, a decision process for division of responsibility is designed to clarify the responsibility of wrongdoer SAs. The Au-ARBAC model can help to improve the Consciousness of authorization responsibility and to perform their management authorities responsibly and legally.

scholarly journals Hybrid Role and Attribute Based Access Control Applied in Information Systems

2021 ◽  
Vol 21 (3) ◽  
pp. 85-96
Author(s):  
Maria Penelova
Keyword(s):  
Information Systems ◽  
Access Control ◽  
Accounting Information ◽  
Role Based Access Control ◽  
Accounting Information System ◽  
Fine Grained ◽  
Proposed Model ◽  
Control Scheme ◽  
Attribute Based Access Control ◽  
Role Based

Abstract It this paper it is proposed a new access control model – Hybrid Role and Attribute Based Access Control (HRABAC). It is an extension of Role-Based Access Control (RBAC). HRABAC is designed for information systems and enterprise software and combines the advantages of RBAC and Attribute-Based Access Control (ABAC). HRABAC is easy configurable, fine-grained and supports role hierarchies. The proposed model HRABAC describes the access control scheme in Laravel package laravelroles/rolespermissions, which is developed by the author of the paper, as an answer to the requirements of practice of fine-grained and easy configurable access control solution. Laravel is chosen, because it is the most popular and the most widely used PHP framework. The package laravelroles/rolespermissions is developed on Laravel so that maximum number of programmers could use it. This package contains working and tested functionalities for managing users, roles and permissions, and it is applied in accounting information system.

scholarly journals An ECDSA Approach to Access Control in Knowledge Management Systems Using Blockchain

Information ◽  
2020 ◽  
Vol 11 (2) ◽  
pp. 111 ◽  
Author(s):  
Gabriel Nyame ◽  
Zhiguang Qin ◽  
Kwame Opuni-Boachie Obour Agyekum ◽  
Emmanuel Boateng Sifah
Keyword(s):  
Knowledge Management ◽  
Access Control ◽  
User Authentication ◽  
Knowledge Management System ◽  
System Model ◽  
Management Systems ◽  
Role Based Access Control ◽  
Blockchain Technology ◽  
Smart Contract ◽  
Role Based

Access control has become problematic in several organizations because of the difficulty in establishing security and preventing malicious users from mimicking roles. Moreover, there is no flexibility among users in the participation in their roles, and even controlling them. Several role-based access control (RBAC) mechanisms have been proposed to alleviate these problems, but the security has not been fully realized. In this work, however, we present an RBAC model based on blockchain technology to enhance user authentication before knowledge is accessed and utilized in a knowledge management system (KMS). Our blockchain-based system model and the smart contract ensure that transparency and knowledge resource immutability are achieved. We also present smart contract algorithms and discussions about the model. As an essential part of RBAC model applied to KMS environment, trust is ensured in the network. Evaluation results show that our system is efficient.

Sign in / Sign up

Export Citation Format

Share Document