Catalogue Search | MBRL
Are you sure you want to remove the book from the shelf?
{{itemTitle}}
407,199
result(s) for
"Access control"
Sort by:
A Survey of Context-Aware Access Control Mechanisms for Cloud and Fog Networks: Taxonomy and Open Research Issues
Over the last few decades, the proliferation of the Internet of Things (IoT) has produced an overwhelming flow of data and services, which has shifted the access control paradigm from a fixed desktop environment to dynamic cloud environments. Fog computing is associated with a new access control paradigm to reduce the overhead costs by moving the execution of application logic from the centre of the cloud data sources to the periphery of the IoT-oriented sensor networks. Indeed, accessing information and data resources from a variety of IoT sources has been plagued with inherent problems such as data heterogeneity, privacy, security and computational overheads. This paper presents an extensive survey of security, privacy and access control research, while highlighting several specific concerns in a wide range of contextual conditions (e.g., spatial, temporal and environmental contexts) which are gaining a lot of momentum in the area of industrial sensor and cloud networks. We present different taxonomies, such as contextual conditions and authorization models, based on the key issues in this area and discuss the existing context-sensitive access control approaches to tackle the aforementioned issues. With the aim of reducing administrative and computational overheads in the IoT sensor networks, we propose a new generation of Fog-Based Context-Aware Access Control (FB-CAAC) framework, combining the benefits of the cloud, IoT and context-aware computing; and ensuring proper access control and security at the edge of the end-devices. Our goal is not only to control context-sensitive access to data resources in the cloud, but also to move the execution of an application logic from the cloud-level to an intermediary-level where necessary, through adding computational nodes at the edge of the IoT sensor network. A discussion of some open research issues pertaining to context-sensitive access control to data resources is provided, including several real-world case studies. We conclude the paper with an in-depth analysis of the research challenges that have not been adequately addressed in the literature and highlight directions for future work that has not been well aligned with currently available research.
Journal Article
BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT
While Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today’s AC is the centralized authorization server, which can cause a performance bottleneck or be the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices, services and information in large-scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI nodes) and more powerful computing devices (i.e., laptops) and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.
Journal Article
A flexible fine-grained dynamic access control approach for cloud computing environment
As a pioneering surge of ICT technologies, offering computing resources on-demand, the exceptional evolution of Cloud computing has not gone unnoticed by the IT world. At the same time, security stands as a most prior concern for this new progressive computing capability of on-demand services over the Internet. Hence, access control substantiates one of the fundamental conditions to fortify the information and Cloud system against illegitimate access among all the security requirements of Cloud computing. Although diverse access control models have been proposed and implemented for the Cloud computing paradigm, the models may fail to accomplish the dynamic and scalable requirements of the Cloud system adequately. Therefore, we propose a dynamic authorization system for a Cloud computing environment that employs the concept of role, task, and trustworthiness of the user. In this paper, a framework has been proposed that offers characteristics of both passive and active access control along with the trusted computing, thereby, blending the model into a more fine-grained and dynamic for the Cloud computing environment. Subsequently, the implementation of the propounded scheme is reported to provide the proof-of-concept. Additionally, the evaluation and use case scenario of the propounded system has been carried out to proclaim its effectiveness over other conventional models.
Journal Article
Network security : private communication in a public world
The classic guide to cryptography and network security -- now fully updated! \"Alice and Bob are back!\" Widely regarded as the most comprehensive yet comprehensible guide to network security and cryptography, the previous editions of Network Security received critical acclaim for lucid and witty explanations of the inner workings of cryptography and network security protocols. In this edition, the authors have significantly updated and revised the previous content, and added new topics that have become important. This book explains sophisticated concepts in a friendly and intuitive manner. For protocol standards, it explains the various constraints and committee decisions that led to the current designs. For cryptographic algorithms, it explains the intuition behind the designs, as well as the types of attacks the algorithms are designed to avoid. It explains implementation techniques that can cause vulnerabilities even if the cryptography itself is sound. Homework problems deepen your understanding of concepts and technologies, and an updated glossary demystifies the field's jargon. Network Security, Third Edition will appeal to a wide range of professionals, from those who design and evaluate security systems to system administrators and programmers who want a better understanding of this important field. It can also be used as a textbook at the graduate or advanced undergraduate level. Coverage includes * Network security protocol and cryptography basics * Design considerations and techniques for secret key and hash algorithms (AES, DES, SHA-1, SHA-2, SHA-3) * First-generation public key algorithms (RSA, Diffie-Hellman, ECC) * How quantum computers work, and why they threaten the first-generation public key algorithms * Quantum computers: how they work, and why they threaten the first-generation public key algorithms * Multi-factor authentication of people * Real-time communication (SSL/TLS, SSH, IPsec) * New applications (electronic money, blockchains) * New cryptographic techniques (homomorphic encryption, secure multiparty computation) - back of cover.
Book
Enhancing Healthcare Security: A Unified RBAC and ABAC Risk-Aware Access Control Approach
Healthcare systems are increasingly vulnerable to security threats due to their reliance on digital platforms. Traditional access control models like Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) have limitations in mitigating evolving risks in these systems. Despite their unique features, these models face limitations in mitigating evolving risks in healthcare systems. Traditional models are primarily oriented towards allocating permissions according to predetermined roles or policies, which results in challenges in effectively adapting to the dynamic complexities of modern healthcare ecosystems. Therefore, this paper proposes a novel risk-aware RBAC and ABAC access control model to enhance the flexibility, adaptability and security issues associated with healthcare systems. The proposed model integrates RBAC for role-based categorization, ABAC for fine-grained control based on user attributes and environmental factors, and Risk-Based Access Control (RiBAC) for dynamic risk assessment. The proposed model dynamically adjusts access permissions based on risk values, ensuring accurate and adaptable access control decisions. The experimental results demonstrate the feasibility and effectiveness of the proposed model in granting access to authorized users while denying access to unauthorized users. Through a series of 43 experiments that simulate various scenarios of access control operations in the healthcare system, the proposed model demonstrates significant improvement in the accuracy, precision, and recall of access control decisions compared to traditional models. The proposed model’s ability to dynamically assess risk and adjust access permissions based on contextual factors significantly enhances its ability to mitigate threats and protect sensitive medical data.
Journal Article
Distributed attribute-based access control system using permissioned blockchain
Auditing provides essential security control in computer systems by keeping track of all access attempts, including both legitimate and illegal access attempts. This phase can be useful in the context of audits, where eventual misbehaving parties can be held accountable. Blockchain technology can provide the trusted auditability required for access control systems. In this paper, we propose a distributed Attribute-Based Access Control (ABAC) system based on blockchain to provide trusted auditing of access attempts. Besides auditability, our system presents a level of transparency that both access requesters and resource owners can benefit from it. We present a system architecture with an implementation based on Hyperledger Fabric, achieving high efficiency and low computational overhead. The proposed solution is validated through a use case of independent digital libraries. Detailed performance analysis of our implementation is presented, taking into account different consensus mechanisms and databases. The experimental evaluation shows that our presented system can effectively handle a transaction throughput of 270 transactions per second, with an average latency of 0.54 seconds per transaction.
Journal Article