scholarly journals Access Control Role Evolution Mechanism for Open Computing Environment

Electronics ◽  
2020 ◽  
Vol 9 (3) ◽  
pp. 517
Author(s):  
Aodi Liu ◽  
Xuehui Du ◽  
Na Wang
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Current System ◽  
Data Sets ◽  
Role Based Access Control ◽  
Real World Data ◽  
Evolution Mechanism ◽  
Role Relationship ◽  
Computing Environments ◽  
Role Based

Data resources in open computing environments (including big data, internet of things and cloud computing) are characterized by large scale, wide source, and strong dynamics. Therefore, the user-permission relationship of open computing environments has a huge scale and will be dynamically adjusted over time, which enables effective permission management in the role based access control (RBAC) model to become a challenging problem. In this paper, we design an evolution mechanism of access control roles for open computing environments. The mechanism utilizes the existing user-permission relationship in the current system to mine the access control role and generate the user-role and role-permission relationship. When the user-permission relationship changes, the roles are constantly tuned and evolved to provide role support for access control of open computing environments. We propose a novel genetic-based role evolution algorithm that can effectively mine and optimize roles while preserving the core permissions of the system. In addition, a role relationship aggregation algorithm is proposed to realize the clustering of roles, which provides a supplementary reference for the security administrator to give the role real semantic information. Experimental evaluations in real-world data sets show that the proposed mechanism is effective and reliable.

An Audit-Integrated ARBAC Model

2012 ◽  
Vol 263-266 ◽  
pp. 1600-1604
Author(s):  
Qiang Liu ◽  
Jian Hua Zhang
Keyword(s):  
Access Control ◽  
Decision Process ◽  
Large Scale ◽  
Control Model ◽  
Main Stream ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Distributed Application ◽  
Role Based ◽  
Set Up

Role-Based Access Control (RBAC) model is the main-stream access control model. When addressing large-scale and distributed application, the highest Security Administrator(SA) of RBAC model always try to transfer his management authority to his inferior SAs to decrease his workload. However, How to ensure that these inferior SAs perform their management authorities legally is a big problem. Although there are a technology framework of administrative RBAC model, named ARBAC97, the supervise mechanism and audit mechanism on the utilization of transferred authorities is incomplete in RBAC model. In this research, an audit-integrated ARBAC (au-ARBAC) model is presented. In the au-ARBAC model, a right and liability mechanism has been set up, an audit role is defined and auditing permission is assigned to this role. At the same time, we put forwards two types basic audit business: routine audit and accident audit. As to accident audit, a decision process for division of responsibility is designed to clarify the responsibility of wrongdoer SAs. The Au-ARBAC model can help to improve the Consciousness of authorization responsibility and to perform their management authorities responsibly and legally.

scholarly journals Secure administration of cryptographic role-based access control for large-scale cloud storage systems

2014 ◽  
Vol 80 (8) ◽  
pp. 1518-1533 ◽  
Author(s):  
Lan Zhou ◽  
Vijay Varadharajan ◽  
Michael Hitchens
Keyword(s):  
Access Control ◽  
Cloud Storage ◽  
Large Scale ◽  
Storage Systems ◽  
Role Based Access Control ◽  
Role Based

Trusted P2P computing environments with role-based access control

2007 ◽  
Vol 1 (1) ◽  
pp. 27 ◽  
Author(s):  
J.S. Park ◽  
G. An ◽  
D. Chandra
Keyword(s):  
Access Control ◽  
Role Based Access Control ◽  
P2p Computing ◽  
Computing Environments ◽  
Role Based

Securing Event-Based Systems

2010 ◽  
pp. 119-139 ◽  
Author(s):  
Jean Bacon ◽  
David Eyers ◽  
Jatinder Singh
Keyword(s):  
Distributed Systems ◽  
Access Control ◽  
Environmental Monitoring ◽  
Large Scale ◽  
Role Based Access Control ◽  
Selective Encryption ◽  
Role Based ◽  
Point To Point ◽  
Event Based ◽  
Administrative Domains

The scalability properties of event-based communication paradigms make them suitable for building large-scale distributed systems. For effective management at the application level, such systems often comprise multiple administrative domains, although their underlying communication infrastructure can be shared. Examples of such systems include those required by government and public bodies for domains such as healthcare, police, transport and environmental monitoring. We investigate how to build security into these systems. We outline point-to-point and publish/subscribe event-based communication, and examine security implications in each. Publish/subscribe decouples communicating entities. This allows for efficient event dissemination, however it makes controlling data visibility more difficult. Some data is sensitive and must be protected for personal and legal reasons. Large pub/sub systems distribute events using intermediate broker nodes. Some brokers may not be fully trusted. We discuss how selective encryption can effect security without impacting on content-based routing, and the implications of federated multi-domain systems.We discuss the specification of policy using role-based access control, and demonstrate how to enforce the security of the communications API and the broker network.

scholarly journals BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT

Computers ◽  
2018 ◽  
Vol 7 (3) ◽  
pp. 39 ◽  
Author(s):  
Ronghua Xu ◽  
Yu Chen ◽  
Erik Blasch ◽  
Genshe Chen
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Smart Cities ◽  
Single Point ◽  
Raspberry Pi ◽  
Role Based Access Control ◽  
Privacy And Security ◽  
Smart Contract ◽  
Attribute Based Access Control ◽  
Role Based

While Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today’s AC is the centralized authorization server, which can cause a performance bottleneck or be the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices, services and information in large-scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI nodes) and more powerful computing devices (i.e., laptops) and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.

scholarly journals Trust Enhanced Role Based Access Control Using Genetic Algorithm

2018 ◽  
Vol 8 (6) ◽  
pp. 4724
Author(s):  
Saleh Mowla ◽  
Niharika Sinha ◽  
Raghavendra Ganiga ◽  
Nisha P. Shetty
Keyword(s):  
Genetic Algorithm ◽  
Access Control ◽  
Large Scale ◽  
Healthcare Organization ◽  
Small Scale ◽  
Role Based Access Control ◽  
Business Organizations ◽  
Hierarchical Nature ◽  
Role Based ◽  
Gain Access

<p>Improvements in technological innovations have become a boon for business organizations, firms, institutions, etc. System applications are being developed for organizations whether small-scale or large-scale. Taking into consideration the hierarchical nature of large organizations, security is an important factor which needs to be taken into account. For any healthcare organization, maintaining the confidentiality and integrity of the patients’ records is of utmost importance while ensuring that they are only available to the authorized personnel. The paper discusses the technique of Role-Based Access Control (RBAC) and its different aspects. The paper also suggests a trust enhanced model of RBAC implemented with selection and mutation only ‘Genetic Algorithm’. A practical scenario involving healthcare organization has also been considered. A model has been developed to consider the policies of different health departments and how it affects the permissions of a particular role. The purpose of the algorithm is to allocate tasks for every employee in an automated manner and ensures that they are not over-burdened with the work assigned. In addition, the trust records of the employees ensure that malicious users do not gain access to confidential patient data.</p>

scholarly journals BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for IoT

2018 ◽  
Author(s):  
Ronghua Xu ◽  
Yu Chen ◽  
Erik Blasch ◽  
Genshe Chen
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Smart Cities ◽  
Single Point ◽  
Raspberry Pi ◽  
Role Based Access Control ◽  
Privacy And Security ◽  
Smart Contract ◽  
Attribute Based Access Control ◽  
Role Based

While the Internet of Things (IoT) technology has been widely recognized as the essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today's AC is the centralized authorization server, which can be the performance bottleneck or the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable an effective protection for devices, services and information in large scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registering, propagating and revocating of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI node) and more powerful computing devices (i.e., laptops), and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.

Sign in / Sign up

Export Citation Format

Share Document