Permission-Based Separation of Duty in Dynamic Role-Based Access Control Model

Aftab, Muhammad Umar; Qin, Zhiguang; Hundera, Negalign Wake; Oluwasanmi, Ariyo; Zakria,; Son, Ngo Tung; Dinh, Tran Van

doi:10.3390/sym11050669

Cited by 20 publications

(18 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to this work, the administrator starts creating attributed objects and actions with COI. There is no need to create the permissions one by one as well as by creating different containers, as the previous models do [18], [22], [56]. The system automatically creates the permissions by merging newly created actions with objects and creates all the possible permissions itself.…”

Section: Methodsmentioning

confidence: 99%

“…Even some of the authors proposed to create multiple permissions by creating different containers. In our opinion, those solutions are increasing the administrative load instead of decreasing [22], [56]. But the proposed model just initiates the permission creation process and the system will create all the possible permissions at once.…”

Section: E Conflict Of Interest In Hybrid Access Controlmentioning

confidence: 99%

See 1 more Smart Citation

A Hybrid Access Control Model With Dynamic COI for Secure Localization of Satellite and IoT-Based Vehicles

et al. 2020

Self Cite

View full text Add to dashboard Cite

Secure localization of vehicles is gaining the attention of researchers from both academia and industry especially due to the emergence of internet of things (IoT). The modern vehicles are usually equipped with circuitries that gives connectivity with other vehicles and with cellular networks such as 4G/Fifth generation cellar network (5G). The challenge of secure localization and positioning is magnified further with the invention of technologies such as autonomous or driverless vehicles based on IoT, satellite, and 5G. Some satellite and IoT based localization techniques exploit machine learning, semantic segmentation, and access control mechanism. Access control provides access grant and secure information sharing mechanism to authorized users and restricts unauthorized users, which is necessary regarding security and privacy of government or military vehicles. Previously, static conflict of interest (COI) based access control was used for security proposes. However, static COI based access control creates excesses and administrative overload that creates latency in execution, which is the least tolerable factor in modern IoT or 5G control vehicles. Therefore, in this paper, a hybrid access control (HAC) model is proposed that implements the dynamic COI in the HAC model on the level of roles. The proposed model is enhanced by modifying the role-based access control (RBAC) model by inserting new attributes of the RBAC entities. The HAC model deals with COI on the level of roles in an efficient manner as compared to previously proposed models. Moreover, this model features significant improvement in terms of dynamic behavior, decreased administrative load, and security especially for vehicular localization. Furthermore, the mathematical modeling of the proposed model is implemented with an example scenario to validate the concept. INDEX TERMS Access control, hybrid access control, secure vehicle localization, machine learning, neural networks, Internet of Things.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: E Conflict Of Interest In Hybrid Access Controlmentioning

confidence: 99%

A Hybrid Access Control Model With Dynamic COI for Secure Localization of Satellite and IoT-Based Vehicles

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…ABAC first establishes the attribute set and describes the access control policy, and then responds to the access control request and updates the access control policy during execution [12]. RBAC guarantees flexible control and management of objects through a dual authority mapping mechanism, and provides inter-domain role mapping and constraint verification methods in cross-entity access control of CPS [15], [16]. When constructing attribute set and permission mapping, usually use role engineering or attribute engineering topdown or bottom-up method to mine roles or attributes to further authorize users.…”

Section: W(e[i])mentioning

confidence: 99%

“…The separation of duty (SOD) policies is a typical policy used to ensure safety [19]. It prevent a set of users less than a certain threshold from being fully authorized to perform sensitive tasks [15], [16], [20]. Excessive pursuit of system safety may lead to unavailability of the system.…”

Section: W(e[i])mentioning

confidence: 99%

An Improved Genetic Algorithm for Safety and Availability Checking in Cyber-Physical Systems

et al. 2021

View full text Add to dashboard Cite

Cross-IoT infrastructure access frequently occurs when performing tasks in a distributed computing infrastructure of a cyber-physical system (CPS). The access control technology that ensure secure access cross-IoT infrastructure usually automatically establish relationships between user-attribute/rolepermission. How to efficiently determine whether an automatic authorization access control state satisfies the safety and availability requirements of a system is a huge challenge. Existing work often focuses on a single aspect of safety or availability, while ignoring the differences between permissions and the differences between users. In this paper, we first propose a fine-grained personalization policy that takes into account the specificity of permissions/users and describes the safety, availability and efficiency requirements of an access control system in CPS. Second, we define a Personalization Policy Checking (PPC) Problem to determine whether a given personalization policy is satisfied in an access control state. We give the computational complexity of the PPC problem in different subcases, and show that it is NP-complete in general. Third, we design a binary genetic search algorithm, whose improvements mainly include continuous update and selection of the best chromosomes in the population for iteration, and exploring and determining the optimal crossover and mutation probabilities, thereby improving the convergence efficiency of the algorithm. Finally, simulation results show the effectiveness of our proposed algorithm, which is especially fit for the case that the computational overhead is even more important than the accuracy in a large-scale CPS system.

show abstract

“…The access control models can be divided into 5 categories: the discretionary access control (DAC) [5], the mandatory access control (MAC) [6], the role-based access control (RBAC) [7][8][9], the attribute-based access control (ABAC) [10], the policy-based access control (PBAC) [11,12]. Various data security algorithms are used to improve the security of the access control model.…”

Section: Introductionmentioning

confidence: 99%

Big data security access control algorithm based on memory index acceleration in WSNs

Peng

Zhou

Meng

et al. 2020

J Wireless Com Network

View full text Add to dashboard Cite

The access control is used to ensure these data security when WSN (wireless sensor network) with a large number of base stations transmits huge amount of data to a data center server. Meanwhile big data systems are used to efficiently store, manage, and use data from large-scale WSNs. In big data systems for WSNs, the traditional access control technology will greatly affect the system performance. This paper first analyzes the data processing flow of the traditional access control strategy in big data systems, analyzes its time complexity, and explores how it affects system performance. Then, we propose the big data security access control algorithm based on memory index acceleration in WSNs which has better performance over the traditional ones. In our experiments, under the same test environment and security strategy, the performance has been greatly improved with the proposed algorithm.

show abstract

Permission-Based Separation of Duty in Dynamic Role-Based Access Control Model

Cited by 20 publications

References 37 publications

A Hybrid Access Control Model With Dynamic COI for Secure Localization of Satellite and IoT-Based Vehicles

A Hybrid Access Control Model With Dynamic COI for Secure Localization of Satellite and IoT-Based Vehicles

An Improved Genetic Algorithm for Safety and Availability Checking in Cyber-Physical Systems

Big data security access control algorithm based on memory index acceleration in WSNs

Contact Info

Product

Resources

About