scholarly journals Ethical Access Control in the Era of Data Breaches

2019 ◽  
Author(s):  
A. S. M. Kayes ◽  
Mohammad Jabed Morshed Chowdhury ◽  
Fatma Mohammed ◽  
Alex Ng ◽  
Paul Watters ◽  
...  
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Role Based Access Control ◽  
Sensitive Data ◽  
Data Breaches ◽  
The Social ◽  
Social Media Platforms ◽  
Decision Making Processes ◽  
Role Based ◽  
Future Policy

The worldwide interconnected objects, called Internet of Things (IoTs), have been increasingly growing in the last several years. Different social media platforms and devices are continuously generating data about individuals and facilitate the technological and the social convergence of their Internet-based data and services with globalized users. These social and device-related IoTs create rooms for data breaches as such platforms provide ability to collect private and sensitive data. We assert that data breaches are fundamentally failures of access control - most users are too busy or technically ill-equipped to understand access control policy expressions and decisions. We argue that this is symptomatic of globalised societies structured by the conditions of algorithmic modernity; an era in which our data is increasingly interdependent on, and enmeshed with, ever more complex systems and processes that are vulnerable to attack. Ethically managing data breaches is now too complex for current access control systems, such as Role-Based Access Control (RBAC) and Context-Aware Access Control (CAAC). These systems do not provide an explicit mechanism to engage in decision making processes, about who should have access to what data and when, that are involved in data breaches. We argue that a policy ontology will contribute towards the development of Ethical CAAC better suited to attributing accountability for data breaches in the context of algorithmic modernity. We interrogate our proposed Ethical CAAC as a theoretical construct with implications for future policy ontology models and data breach countermeasures. An experimental study on the performance of the proposed framework is carried out with respect to a more generic CAAC framework.

Access Control in Mobile and Ubiquitous Environments

2010 ◽  
pp. 1481-1497
Author(s):  
Laurent Gomez ◽  
Annett Laube ◽  
Alessandro Sorniotti
Keyword(s):  
Access Control ◽  
User Authentication ◽  
Control Policy ◽  
Wireless Sensor ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Mobile Environment ◽  
New Techniques ◽  
Role Based ◽  
Resource Constrained Devices

Access control is the process of granting permissions in accordance to an authorization policy. Mobile and ubiquitous environments challenge classical access control solutions like Role-Based Access Control. The use of context-information during policy definition and access control enforcement offers more adaptability and flexibility needed for these environments. When it comes to low-power devices, such as wireless sensor networks, access control enforcement is normally too heavy for such resource-constrained devices. Lightweight cryptography allows encrypting the data right from its production and the access is therefore intrinsically restricted. In addition, all access control mechanisms require an authenticated user. Traditionally, user authentication is performed by means of a combination of authentication factors, statically specified in the access control policy of the authorization service. Within ubiquitous and mobile environment, there is a clear need for a flexible user authentication using the available authentication factors. In this chapter, different new techniques to ensure access control are discussed and compared to the state-of-the-art.

Use of Purpose and Role Based Access Control Mechanisms to Protect Data Within RDBMS

2020 ◽  
Vol 8 (1) ◽  
pp. 82-91
Author(s):  
Suraj Krishna Patil ◽  
Sandipkumar Chandrakant Sagare ◽  
Alankar Shantaram Shelar
Keyword(s):  
Access Control ◽  
Privacy Preservation ◽  
Original Data ◽  
Sensitive Information ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Sensitive Data ◽  
Access To Resources ◽  
Key Factor ◽  
Role Based

Privacy is the key factor to handle personal and sensitive data, which in large chunks, is stored by database management systems (DBMS). It provides tools and mechanisms to access and analyze data within it. Privacy preservation converts original data into some unknown form, thus protecting personal and sensitive information. Different access control mechanisms such as discretionary access control, mandatory access control is used in DBMS. However, they hardly consider purpose and role-based access control in DBMS, which incorporates policy specification and enforcement. The role based access control (RBAC) regulates the access to resources based on the roles of individual users. Purpose based access control (PuBAC) regulates the access to resources based on purpose for which data can be accessed. It regulates execution of queries based on purpose. The PuRBAC system uses the policies of both, i.e. PuBAC and RBAC, to enforce within RDBMS.

scholarly journals ‘R-What?’ Development of a role-based access control policy-writing tool for e-Scientists

2005 ◽  
Vol 35 (9) ◽  
pp. 835-856 ◽  
Author(s):  
Sacha Brostoff ◽  
M. Angela Sasse ◽  
David Chadwick ◽  
James Cunningham ◽  
Uche Mbanaso ◽  
...  
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Role Based Access Control ◽  
Access Control Policy ◽  
Role Based

Access Control in Mobile and Ubiquitous Environments

2011 ◽  
pp. 278-294 ◽  
Author(s):  
Laurent Gomez ◽  
Annett Laube ◽  
Alessandro Sorniotti
Keyword(s):  
Access Control ◽  
User Authentication ◽  
Control Policy ◽  
Wireless Sensor ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Mobile Environment ◽  
Access Control Policy ◽  
New Techniques ◽  
Role Based

Access control is the process of granting permissions in accordance to an authorization policy. Mobile and ubiquitous environments challenge classical access control solutions like Role-Based Access Control. The use of context-information during policy definition and access control enforcement offers more adaptability and flexibility needed for these environments. When it comes to low-power devices, such as wireless sensor networks, access control enforcement is normally too heavy for such resourceconstrained devices. Lightweight cryptography allows encrypting the data right from its production and the access is therefore intrinsically restricted. In addition, all access control mechanisms require an authenticated user. Traditionally, user authentication is performed by means of a combination of authentication factors, statically specified in the access control policy of the authorization service. Within ubiquitous and mobile environment, there is a clear need for a flexible user authentication using the available authentication factors. In this chapter, different new techniques to ensure access control are discussed and compared to the state-of-the-art.

Research of Role's Creation-Based Access Control Policy

2013 ◽  
Vol 791-793 ◽  
pp. 1790-1793
Author(s):  
Jing Mei Li ◽  
Bao Quan Zhang ◽  
Yan Xia Wu
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Role Based Access Control ◽  
Access Control Policy ◽  
Application System ◽  
Access Control Policies ◽  
Access Control System ◽  
Role Based ◽  
Improved Design ◽  
Dynamic Proxy

Role-based access control policy has been widely applied to various access control system design. In order to improve the flexibility of authorization check design and convenience of management, this paper uses the principle of dynamic proxy design to optimize this process, also provide a method which is Spring AOP based of transaction management for program running. The role-create method proposed can configure the users authority flexible. The improved design concept can achieve the basic requirements if role-based access control policies, and improve the efficiency of project development and security of application system maximum.

Fuzzy Role Based Access Control Design using Fuzzy Ontology

2019 ◽  
Vol 10 (4) ◽  
pp. 118-136 ◽  
Author(s):  
Chandra Mouliswaran Subramanian ◽  
Aswani Kumar Cherukuri
Keyword(s):  
Access Control ◽  
Web Application ◽  
Control Policy ◽  
Role Based Access Control ◽  
Access Control Policy ◽  
Fuzzy Ontology ◽  
Related Information ◽  
Role Based ◽  
The Right ◽  
Representation Techniques

Fuzzy role-based access control (FRBAC) is essential for risk-based environments in many futuristic applications, even though role-based access control (RBAC) is the efficient and widely used access control model for enterprise applications. In FRBAC, authorization related information is vague. It brings the fuzziness in mapping among the components of FRBAC such as user, role and permission. Holding the fuzziness in FRBAC, it is challenging for the security engineer to verify the constraints and correctness of access control policy. On verifying the constraints and correctness of access control policy, knowledge representation techniques are much useful in practice. In this scenario, representing FRBAC using fuzzy ontology might be the right choice for semantic web application. The main objective of this article is to represent the access permissions of FRBAC using fuzzy ontology and verify whether the constraints of FRBAC are possible to get implemented in it or not.

Sign in / Sign up

Export Citation Format

Share Document