A JSON-Based Fast and Expressive Access Control Policy Framework

2019 ◽  
pp. 70-91
Author(s):  
Hao Jiang ◽  
Ahmed Bouabdallah
Keyword(s):  
Access Control ◽  
Rapid Development ◽  
Control Policy ◽  
Policy Framework ◽  
Shared Resources ◽  
Policy Language ◽  
Memory Space ◽  
Fine Grained ◽  
Attribute Based Access Control ◽  
Time Critical

Along with the rapid development of ICT technologies, new areas like Industry 4.0, IoT, and 5G have emerged and brought out the need for protecting shared resources and services under time-critical and energy-constrained scenarios with real-time policy-based access control. To achieve this, the policy language needs to be very expressive but lightweight and efficient. These challenges are investigated and a set of key requirements for such a policy language is identified. JACPoL is accordingly introduced as a descriptive, scalable, and expressive policy language in JSON. JACPoL by design provides a flexible and fine-grained ABAC style (attribute-based access control) while it can be easily tailored to express other access control models. The design and implementation of JACPoL are illustrated together with its evaluation in comparison with other existing policy languages. The result shows that JACPoL can be as expressive as existing ones but more simple, scalable, and efficient. The performance evaluation shows that JACPoL requires much less processing time and memory space than XACML.

scholarly journals Practical Multiauthority Attribute-Based Access Control for Edge-Cloud-Aided Internet of Things

2021 ◽  
Vol 2021 ◽  
pp. 1-22
Author(s):  
Kaiqing Huang ◽  
Xueli Wang ◽  
Zhiqiang Lin
Keyword(s):  
Internet Of Things ◽  
Access Control ◽  
Data Access ◽  
Edge Computing ◽  
Fine Grained ◽  
Technical Requirements ◽  
Data Access Control ◽  
Heavy Burden ◽  
Attribute Based Access Control ◽  
Access Privileges

With the assistance of edge computing which reduces the heavy burden of the cloud center server by using the network edge servers, the Internet of Things (IoTs) architectures enable low latency for real-time devices and applications. However, there still exist security challenges on data access control for the IoT. Multiauthority attribute-based encryption (MA-ABE) is a promising technique to achieve access control over encrypted data in cross-domain applications. Based on the characteristics and technical requirements of the IoT, we propose an efficient fine-grained revocable large universe multiauthority access control scheme. In the proposed scheme, the most expensive encryption operations have been executed in the user’s initialization phase by adding a reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Massive decryption operations are outsourced to the near-edge servers for reducing the computation overhead of decryption. An efficient revocation mechanism is designed to change users’ access privileges dynamically. Moreover, the scheme supports ciphertext verification. Only valid ciphertext can be stored and transmitted, which saves system resources. With the help of the chameleon hash function, the proposed scheme is proven CCA2-secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable in edge computing for the IoT.

scholarly journals Eksplorasi ABAC dan XACML untuk Design Access Control pada Resource Digital

2019 ◽  
Vol 6 (5) ◽  
pp. 535
Author(s):  
Fauzan Natsir ◽  
Imam Riadi ◽  
Yudi Prayudi
Keyword(s):  
Access Control ◽  
System Analysis ◽  
Policy Design ◽  
Control Policy ◽  
Control Model ◽  
Policy Statement ◽  
Access Control Policy ◽  
Access Control Model ◽  
Digital Resources ◽  
Attribute Based Access Control

<p class="Abstrak"><em>Resource digital </em>memerlukan sebuah mekanisme untuk mengatur<em> policy </em>terhadap kontrol untuk mendapatkan hak<em> </em>akes ke dalam suatu sistem. Akses kontrol lebih fleksibel dibanding dengan pendekatan otorisasi, autentikasi ataupun verifikasi yang sangat sederhana. Mekanisme <em>access control policy</em> dengan pendekatan atribut diyakini sebagai solusi adaptif yaitu ABAC (<em>Attribute Based Access Control</em>) dengan implementasi model XACML (<em>Extensible Access Control Modelling Language</em>). Desain <em>policy</em> ABAC ini disajikan dengan atribut-atribut dari salah satu studi kasus <em>resource digital</em> dengan sistem <em>e-Library</em>. <em>e-Library</em> merupakan salah satu resource digital dimana proses autentikasinya belum dimodelkan dengan atrubut subjek yang ada. Penelitian ini diawali dari identifikasi atribut dari <em>rule</em>, pemodelan ABAC<em> resource digital</em>, implementasi XACML, simulasi sistem dan analisis sistem. Hasil dari<em> </em>pengujian akses kontrol menggunakan <em>ALFA (Axiomatics Language for Authorization)</em> untuk pemberian kinerja akses kontrol terhadap <em>resource digital</em>. Hasil analisis dengan pendekatan ABAC dengan model XACML ini menyajikan suatu keamanan sistem dengan model akses kontrol berbasis atribut dari <em>policy statement</em> untuk menjadi solusi model akses kontrol yang dibuat sebelumnya dan mendukung model akses kontrol yang relevan untuk <em>resource digital</em></p><p class="Abstrak"><em><br /></em></p><p class="Abstrak"><strong><em>Abstract</em></strong></p><p class="Judul2"><em>Digital resources require a mechanism to regulate policy against controls to get access rights to a system. Access control is more flexible than the very simple approach of authorization, authentication or verification. The access control policy with the attribute approach is believed to be an adaptive solution, namely ABAC (Attribute Based Access Control) with the implementation of the XACML (Extensible Access Control Modeling Language) model. This ABAC policy design is presented with attributes from one of the digital resource case studies with the e-Library system. e-Library is one of the digital resources where the authentication process has not been modeled with the existing subject matter. This study begins with the identification of the attributes of the rule, digital ABAC resource modeling, XACML implementation, system simulation and system analysis. The results of testing access control using ALFA (Axiomatics Language for Authorization) to provide performance control access to digital resources. The results of the analysis using the ABAC approach with the XACML model present a system security with attribute-based access control models from policy statements to be a solution to the previously created access control model and support the access control model relevant for digital resources</em><em></em></p><p class="Abstrak"><strong><em><br /></em></strong></p>

scholarly journals Lightweight Fine-Grained Access Control for Wireless Body Area Networks

Sensors ◽  
2020 ◽  
Vol 20 (4) ◽  
pp. 1088 ◽  
Author(s):  
Mohammad Ali ◽  
Mohammad-Reza Sadeghi ◽  
Ximeng Liu
Keyword(s):  
Access Control ◽  
Wireless Body Area Network ◽  
Control Policy ◽  
Cloud Service ◽  
Communication Overhead ◽  
Area Network ◽  
Sensitive Information ◽  
Health Providers ◽  
Body Area ◽  
Fine Grained

Wireless Body Area Network (WBAN) is a highly promising technology enabling health providers to remotely monitor vital parameters of patients via tiny wearable and implantable sensors. In a WBAN, medical data is collected by several tiny sensors and usually transmitted to a server-side (e.g., a cloud service provider) for long-term storage and online/offline processing. However, as the health data includes several sensitive information, providing confidentiality and fine-grained access control is necessary to preserve the privacy of patients. In this paper, we design an attribute-based encryption (ABE) scheme with lightweight encryption and decryption mechanisms. Our scheme enables tiny sensors to encrypt the collected data under an access control policy by performing very few computational operations. Also, the computational overhead on the users in the decryption phase is lightweight, and most of the operations are performed by the cloud server. In comparison with some excellent ABE schemes, our encryption mechanism is more than 100 times faster, and the communication overhead in our scheme decreases significantly. We provide the security definition for the new primitive and prove its security in the standard model and under the hardness assumption of the decisional bilinear Diffie-Hellman (DBDH) problem.

scholarly journals Hybrid Role and Attribute Based Access Control Applied in Information Systems

2021 ◽  
Vol 21 (3) ◽  
pp. 85-96
Author(s):  
Maria Penelova
Keyword(s):  
Information Systems ◽  
Access Control ◽  
Accounting Information ◽  
Role Based Access Control ◽  
Accounting Information System ◽  
Fine Grained ◽  
Proposed Model ◽  
Control Scheme ◽  
Attribute Based Access Control ◽  
Role Based

Abstract It this paper it is proposed a new access control model – Hybrid Role and Attribute Based Access Control (HRABAC). It is an extension of Role-Based Access Control (RBAC). HRABAC is designed for information systems and enterprise software and combines the advantages of RBAC and Attribute-Based Access Control (ABAC). HRABAC is easy configurable, fine-grained and supports role hierarchies. The proposed model HRABAC describes the access control scheme in Laravel package laravelroles/rolespermissions, which is developed by the author of the paper, as an answer to the requirements of practice of fine-grained and easy configurable access control solution. Laravel is chosen, because it is the most popular and the most widely used PHP framework. The package laravelroles/rolespermissions is developed on Laravel so that maximum number of programmers could use it. This package contains working and tested functionalities for managing users, roles and permissions, and it is applied in accounting information system.

Research on Access Control Based on CP-ABE Algorithm and Cloud Computing

2014 ◽  
Vol 513-517 ◽  
pp. 2273-2276
Author(s):  
Shao Min Zhang ◽  
Jun Ran ◽  
Bao Yi Wang
Keyword(s):  
Cloud Computing ◽  
Access Control ◽  
Control Policy ◽  
Massive Data ◽  
Access Control Policy ◽  
Fine Grained ◽  
Network Bandwidth ◽  
Private Key ◽  
Attribute Based Encryption ◽  
Ciphertext Policy

Ciphertext-Policy Attribute-based encryption (CP-ABE) mechanism is an extension of attribute-based encryption which associates the ciphertext and user's private key with the attribute by taking the attribute as a public key. It makes the representation of the access control policy more flexible, thus greatly reduces the network bandwidth and processing overhead of sending node brought by fine-grained access control of data sharing. According to the principle of CP-ABE encryption mechanism for this mechanism, an improved cloud computing-based encryption algorithm was proposed in this paper to overcome the deficiencies of permission changing process under the massive data. Experimental results show that compared with traditional methods, the new mechanism significantly reduces time-consuming.

Attribute-Tree Based Hierarchical Hidden Credential Model

2012 ◽  
Vol 546-547 ◽  
pp. 604-611
Author(s):  
Wei Jin Ge ◽  
Xiao Hui Hu
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Tree Structure ◽  
Sensitive Information ◽  
Access Control Policy ◽  
Attribute Model ◽  
Identity Based ◽  
Attribute Based Access Control ◽  
Load Network ◽  
Access Policies

Hidden credentials are useful in situations where requests for service, credentials, access policies and resources are extremely sensitive. Current research related to hidden credentials has the shortage that the attribute model cannot provide the complex description. This paper presents a hierarchical hidden credential model which combines the attribute tree structure and the hierarchical identity-based encryption. Attribute tree structure is given that is used to organize sensitive information and the hierarchical hidden credential model is applied to carry and transport credentials, sensitive access control policy, and private resource and so on. This model expands the attribute from a simple atom one to an attribute tree. After the evaluation, it is proven that this model overcomes the shortcomings such as high-load network communication, too many credential exchanges which was caused by attribute-based access control policy. The usability and expansibility of hidden credentials were improved also.

Sign in / Sign up

Export Citation Format

Share Document