XACML-Based Fine-Grained Security Policy for Distributed System

2011 ◽  
Vol 225-226 ◽  
pp. 848-851
Author(s):  
Ai Juan Zhang ◽  
Jing Xiang Gao ◽  
Cheng Ji
Keyword(s):  
Access Control ◽  
Software Development ◽  
Security Policy ◽  
Control Policy ◽  
Distributed Applications ◽  
Security Policies ◽  
Security Model ◽  
Access Control Policy ◽  
Fine Grained ◽  
Security Modeling

Distributed applications often require integrating security policies of collaborating parties. The integration must be able to support complex authorization specifications and the fine-grained resources access requirements that the various parties may have. But now security modeling is not considered as a vital part in software development. In this paper, it is proposed to integrate the design of access control policy into software development. In this paper, UML is used to model access control policy, and then a framework is designed to generate the security model result expressed in XACML and to verify the policy correct and complete.

Security Policy Conflict Detection for Distributed System

2011 ◽  
Vol 282-283 ◽  
pp. 173-176 ◽  
Author(s):  
Ai Juan Zhang ◽  
Cheng Ji ◽  
Jian Wang
Keyword(s):  
Access Control ◽  
Distributed System ◽  
Security Policy ◽  
Conflict Detection ◽  
Distributed Applications ◽  
Security Policies ◽  
Policy Document ◽  
Policy Conflict ◽  
Fine Grained ◽  
Policy Conflicts

Distributed applications require integrating security policies of collaborating parties, and the policies must be able to support complex authorization specifications and conflicts of policies must be able to be detected. In this paper, we introduce a policy for fine-grained access control which is able to support the specifications with sufficient policy constraints, and then we present a methodology based on semantics to detect whether there are policy conflicts and then produce the XACML policy document.

scholarly journals Trilattice-Based Access Control Models: How to Secure Current Computer Network

2018 ◽  
Vol 210 ◽  
pp. 04053
Author(s):  
Mikhail M. Kucherov ◽  
Nina A. Bogulskaya
Keyword(s):  
Access Control ◽  
Security Policy ◽  
Computer Network ◽  
Query Language ◽  
Control Policy ◽  
Social Consequences ◽  
Deductive Database ◽  
Access Control Policy ◽  
Database Theory ◽  
Physical Infrastructure

Designing security, from the hardware level, is essential to ensure the integrity of the intelligent cyber-physical infrastructure that is the Industrial Internet of Things (IIoT). If intelligent cyber-physical infrastructure fails to do the right things because it is insecure and vulnerable, then there will be negative social consequences [1]. Security is, in a sense, the access control to IIoT systems, which increasingly relies on the ability to compose different policies. Therefore, the advantage in any framework for compiling policies is that it is intuitive, formal, expressive, application-independent, as well as expandable to create domain-specific instances. Recently, such a scheme was proposed based on Belnap logic FOUR2 [2]. Four values of the Belnap bilattice have been interpreted as grant, deny, conflict, or unspecified with respect to access-control policy. Belnap’s four-valued logic has found a variety of applications in various fields, such as deductive database theory, distributed logic programming, and other areas. However, it turns out that the truth order in FOUR2 is a truth-and-falsity order at the same time [3]. The smallest lattice, where the orders of truth and falsity are independent of each other, which is especially important for security policy, is that of Shramko-Wansing’s SIXTEEN3. This generalization is well-motivated and leads from the bilattice FOUR2 with an information and a truth-and-falsity ordering to another algebraic structure, namely the trilattice SIXTEEN3 with an information ordering together with a truth ordering and a (distinct) falsity ordering.Based onSIXTEEN3 and new Boolean predicates to control access [4], we define an expressive access-control policy language, having composition statements based on the statements of Schramko-Wansing’s logic. Natural orderings on politics are obtained by independent lifting the orders of truth and falsity of trilattice, which results in a query language in which conflict freedom analysis can be developed. The reduction of formal verification of queries to that on predicates over access requests enables to carry out policy analysis. We evaluate our approach through examples of control access model policy.

Research on Access Control Based on CP-ABE Algorithm and Cloud Computing

2014 ◽  
Vol 513-517 ◽  
pp. 2273-2276
Author(s):  
Shao Min Zhang ◽  
Jun Ran ◽  
Bao Yi Wang
Keyword(s):  
Cloud Computing ◽  
Access Control ◽  
Control Policy ◽  
Massive Data ◽  
Access Control Policy ◽  
Fine Grained ◽  
Network Bandwidth ◽  
Private Key ◽  
Attribute Based Encryption ◽  
Ciphertext Policy

Ciphertext-Policy Attribute-based encryption (CP-ABE) mechanism is an extension of attribute-based encryption which associates the ciphertext and user's private key with the attribute by taking the attribute as a public key. It makes the representation of the access control policy more flexible, thus greatly reduces the network bandwidth and processing overhead of sending node brought by fine-grained access control of data sharing. According to the principle of CP-ABE encryption mechanism for this mechanism, an improved cloud computing-based encryption algorithm was proposed in this paper to overcome the deficiencies of permission changing process under the massive data. Experimental results show that compared with traditional methods, the new mechanism significantly reduces time-consuming.

scholarly journals Attribute - Semantic Based Access Control Policy Model for IoT

2019 ◽  
Vol 9 (1S4) ◽  
pp. 560-564
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Sensitive Information ◽  
Access Control Policy ◽  
Trust Value ◽  
Policy Model ◽  
Fine Grained ◽  
Iot Devices ◽  
New Policies ◽  
High Level

Internet of Things (IoT) devices under cloud assistance is deployed in different distributed environment. It collects sensed data and outsources the data to remote server and user for sharing. As IoT is used in important fields like healthcare, business and research, the sensed data are sensitive information which needs to be protected. Encryption is usual technique to protect data from adversaries. A fine grained access control is essential for heterogeneous device involved social network. The existing access control policies were defined for predefined identity and role which needs to be changed in dynamic situations. Moreover, all the necessary policies cannot be defined in advance and new policies were demanded for new situational context. To solve these issues, this work design a model which calculate final trust value based on semantic information dynamically referring to ontology. a access control policy is also designed on semantic role of the device. The semantic technology is used for high level reasoning of the context situation

scholarly journals Fine Grained Access Control Policy with Advanced Encryption Standard in the Cloud Computing

2018 ◽  
Vol 7 (4.6) ◽  
pp. 1
Author(s):  
Krishna Keerthi Chennam ◽  
Lakshmi Mudda
Keyword(s):  
Access Control ◽  
Data Base ◽  
Control Policy ◽  
Third Party ◽  
Advanced Encryption Standard ◽  
Access Control Policy ◽  
Cloud Data ◽  
Storage Devices ◽  
Fine Grained ◽  
Attribute Based Encryption

The Data Base as a Service is a great example where the database engine and storage devices are in cloud data. This scheme allows customers to outsource data and store in cloud database on pay per user, scalable and flexible. But data confidentiality is in high risk when data is outsourced and stored in third party database. A trusted third party server must be maintaining the third party data base. There is a possibility of malicious administrator who can leaks the data which is stored in third party database. The best method is to encrypt the data and store in third party database but alone encryption is not sufficient. Even authorization is another problem that who can access the data. For data security and authorized of users, the fine grained access control policy Cipher text policy Attribute Based encryption (CP-ABE) is used to give access to authorized users only and the best symmetric encryption Advanced Encryption Standard(AES) is applied on data before outsourcing the data in cloud. 

scholarly journals A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

2010 ◽  
Vol 61 (1) ◽  
pp. 20-28 ◽  
Author(s):  
Ahmed Hassan ◽  
Waleed Bahgat
Keyword(s):  
Network Security ◽  
Access Control ◽  
Security Policy ◽  
Security Policies ◽  
Second Phase ◽  
Security Model ◽  
Intermediate Model ◽  
Low Level ◽  
Proposed Model ◽  
High Level

A Framework for Translating a High Level Security Policy into Low Level Security MechanismsSecurity policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

Sign in / Sign up

Export Citation Format

Share Document