Semantic-Based Access Control for Data Resources in Open Grid Services Architecture

2014 ◽  
Vol 6 (2) ◽  
pp. 1-23 ◽  
Author(s):  
Vineela Muppavarapu ◽  
Soon M. Chung
Keyword(s):  
Control System ◽  
Access Control ◽  
Data Access ◽  
Grid Services ◽  
Control Policies ◽  
Ontology Language ◽  
Access Control Policies ◽  
Access Control System ◽  
Identity Based ◽  
Open Grid Services Architecture

This paper proposes a semantic-based access control system for the data resources in the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI). OGSA-DAI is a widely used middleware for integrating data resources in Grids. However, the identity-based access control in OGSA-DAI causes substantial overhead for the resource providers in virtual organizations (VOs), because the access control information of individual users has to be maintained by each resource provider. To solve these problems, the authors propose a semantic-based access control system using Shibboleth and ontology. Shibboleth, an attribute authorization service, is used to manage the user attributes, and the Web Ontology Language (OWL) is used to represent the ontology of the data resources and users. By using ontology, VOs can resolve the differences in their terminologies and specify access control policies based on concepts and user roles, instead of individual resources and user identities. As a result, the administration overhead of the resource providers is reduced considerably. In addition, the eXtensible Access Control Markup Language (XACML) is used to specify the access control policies uniformly across multiple VOs. The authors also developed an XACML policy administration tool that allows the administrators to create, update, and manage XACML policies. The performance analysis shows that our proposed system adds only a small overhead to the existing security mechanism of OGSA-DAI.

Semantic-Based Access Control for Data Resources in Open Grid Services Architecture - Data Access and Integration (OGSA-DAI)

2018 ◽  
pp. 1701-1725
Author(s):  
Vineela Muppavarapu ◽  
Soon M. Chung
Keyword(s):  
Control System ◽  
Access Control ◽  
Data Access ◽  
Grid Services ◽  
Control Policies ◽  
Ontology Language ◽  
Access Control Policies ◽  
Access Control System ◽  
Identity Based ◽  
Open Grid Services Architecture

This paper proposes a semantic-based access control system for the data resources in the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI). OGSA-DAI is a widely used middleware for integrating data resources in Grids. However, the identity-based access control in OGSA-DAI causes substantial overhead for the resource providers in virtual organizations (VOs), because the access control information of individual users has to be maintained by each resource provider. To solve these problems, the authors propose a semantic-based access control system using Shibboleth and ontology. Shibboleth, an attribute authorization service, is used to manage the user attributes, and the Web Ontology Language (OWL) is used to represent the ontology of the data resources and users. By using ontology, VOs can resolve the differences in their terminologies and specify access control policies based on concepts and user roles, instead of individual resources and user identities. As a result, the administration overhead of the resource providers is reduced considerably. In addition, the eXtensible Access Control Markup Language (XACML) is used to specify the access control policies uniformly across multiple VOs. The authors also developed an XACML policy administration tool that allows the administrators to create, update, and manage XACML policies. The performance analysis shows that our proposed system adds only a small overhead to the existing security mechanism of OGSA-DAI.

scholarly journals Modbus Access Control System Based on SSI over Hyperledger Fabric Blockchain

Sensors ◽  
2021 ◽  
Vol 21 (16) ◽  
pp. 5438
Author(s):  
Santiago Figueroa-Lorenzo ◽  
Javier Añorga Benito ◽  
Saioa Arrizabalaga
Keyword(s):  
Control System ◽  
Access Control ◽  
Ad Hoc ◽  
Single Point ◽  
Main Challenge ◽  
Authentication And Authorization ◽  
Access Control System ◽  
Identity Based

Security is the main challenge of the Modbus IIoT protocol. The systems designed to provide security involve solutions that manage identity based on a centralized approach by introducing a single point of failure and with an ad hoc model for an organization, which handicaps the solution scalability. Our manuscript proposes a solution based on self-sovereign identity over hyperledger fabric blockchain, promoting a decentralized identity from which both authentication and authorization are performed on-chain. The implementation of the system promotes not only Modbus security, but also aims to ensure the simplicity, compatibility and interoperability claimed by Modbus.

scholarly journals A Fine-Grained Data Access Control System in Wireless Sensor Network

2015 ◽  
Vol 4 (3) ◽  
pp. 276-287 ◽  
Author(s):  
Boniface K. Alese ◽  
Sylvester O. Olatunji ◽  
Oluwatoyin C. Agbonifo ◽  
Aderonke F. Thompson
Keyword(s):  
Control System ◽  
Wireless Sensor Network ◽  
Access Control ◽  
Sensor Network ◽  
Data Access ◽  
Wireless Sensor ◽  
Fine Grained ◽  
Data Access Control ◽  
Access Control System

scholarly journals PyRos: A State Channel-Based Access Control System for a Public Blockchain Network

2020 ◽  
Vol 2020 ◽  
pp. 1-13
Author(s):  
Siwan Noh ◽  
Sang Uk Shin ◽  
Kyung-Hyune Rhee
Keyword(s):  
Control System ◽  
Access Control ◽  
The State ◽  
Security Requirements ◽  
Decentralized System ◽  
Blockchain Technology ◽  
Access Control Policies ◽  
Previous State ◽  
Access Control System

Blockchain is a technology that enables the implementation of a decentralized system by replacing the role of the centralized entity with the consensus of participants in the system to solve the problem of subordination to the centralized entity. Blockchain technology is being considered for application in numerous fields; however, the scalability limitation of a public blockchain has led many researchers to consider private blockchains, which reduce the security of the system while improving scalability. A state channel represents a leading approach among several scalability solutions, intended to address public blockchain scalability challenges while ensuring the security of the blockchain network. Participants in the channel perform the process of updating the state of the channel outside the blockchain. This process can proceed very quickly because it does not require the consensus of the blockchain network, but still, like on-chain, it can guarantee features such as irreversibility. In this paper, we propose the PyRos protocol, an access control system that supports the trading and sharing of data between individuals on a public blockchain based on the state channel. As far as we know, the research using the off-chain state channel for access control has not been proposed yet, so PyRos is a new approach in this field. In PyRos, user-defined access control policies are stored off-chain, and policy updates are always rapid regardless of the performance of the blockchain network. Moreover, PyRos provides means to prevent malicious participants from arbitrarily using the channel’s previous state while resolving constraints due to scalability problems, along with privacy guarantees for the transaction content. To evaluate the efficiency and security of PyRos, we provide qualitative analysis of security requirements and analysis in terms of the performance of public blockchain platforms.

Sign in / Sign up

Export Citation Format

Share Document