A conditional role-involved purpose-based access control model

This paper presents a role-involved conditional purpose-based access control (RCPBAC) model, where a purpose is defined as the intension of data accesses or usages. RCPBAC allows users using some data for certain purpose with conditions. The structure of RCPBAC model is defined and investigated. An algorithm is developed to achieve the compliance computation between access purposes (related to data access) and intended purposes (related to data objects) and is illustrated with role-based access control (RBAC) to support RCPBAC. According to this model, more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers' data. It extends traditional access control models to a further coverage of privacy preserving in data mining environment as RBAC is one of the most popular approach towards access control to achieve database security and available in database management systems. The structure helps enterprises to circulate clear privacy promise, to collect and manage user preferences and consent

Performance and divisional trust and purpose-based access control for privacy preservation

Privacy has been recognized to be a critical requirement in computing environments. To keep the privacy safe from inappropriate use, one of the most popular methods that can be used is the access control. Currently, many augmentation of access control models has been developed to improve the effectiveness in preserving the privacy. However, there are still issues that need improvements. In current Purpose-Based Access Control (PBAC) Models, all authorized users in the domain are allowed to access the personal information especially sensitive attributes equally. It may cause the risk of privacy disclosure by ‘limited-authorized’ user, i.e., legitimate user but untrusted and unauthorized to access certain personal information with sensitive attributes. In this study a finer-grained access control called performance and divisional trust and purpose-based access control is proposed to prevent limited-authorized user access to the privacy. Based on organizational structure (functional departmentalization) current PBAC Models permit authorized user in the functional level to access the personal information. This model can be set at the next level after the functional level, i.e., the divisional level to access it. Subsequently, a comprehensive policy is proposed to permit user to access sensitive attributes based on two trust metrics namely user experience and behaviour. To evaluate the trustworthiness of the authorized user, a quantification method is proposed to measure those metrics. Based on the results, this model may significantly permit or prohibit access to personal information or with sensitive attributes. Besides, the issue of privacy disclosure by limited-authorized user to access certain privacy is resolved

Adaptive algorithms for improving the throughput in an indoor mobile s-aloha ds-cdma system

This paper presents a novel Adaptive DSCDMA Slotted-ALOHA packet random access scheme with transmitter-based spreading codes for mobiles. It is aimed at improving the throughput and message delay delivery when traffic load values below the saturation point of the conventional DS-CDMA Slotted-ALOHA system are sensed in the channel. For this purpose, one Mobile and two Base Station assisted algorithms are envisaged to control the change of the transmission rate according to the traffic load. These algorithms revealed that the optimum behavior, obtained using a Markov Chain model, may be almost reached at a low complexity cost.Peer ReviewedPostprint (published version

Taking stock of open access : progress and issues

Purpose - Aims at providing a broad overview of some of the issues emerging from the growth in open access publishing, with specific reference to the use of repositories and open access journals. Design/methodology/approach - A paper largely based on specific experience with institutional repositories and the internationally run E-library and information science (LIS) archive. Findings - The open access initiative is dramatically transforming the process of scholarly communication bringing great benefits to the academic world with an, as yet, uncertain outcome for commercial publishers. Practical implications - Outlines the benefits of the open access movement with reference to repositories and open access journals to authors and readers alike and gives some food for thought on potential barriers to the complete permeation of the open access model, such as copyright restrictions and version control issues. Some illustrative examples of country-specific initiatives and the international E-LIS venture are given. Originality/value - An attempt to introduce general theories and practical implications of the open access movement to those largely unfamiliar with the movement

An automated model-based test oracle for access control systems

In the context of XACML-based access control systems, an intensive testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. Unfortunately, it requires a huge effort for manual inspection of results: thus automated verdict derivation is a key aspect for improving the cost-effectiveness of testing. To this purpose, we introduce XACMET, a novel approach for automated model-based oracle definition. XACMET defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation. The expected verdict of a specific request execution can thus be automatically derived by executing the corresponding path in such graph. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach.Comment: 7 page

Access Control Within MQTT-based IoT environments

IoT applications, which allow devices, companies, and users to join the IoT ecosystems, are growing in popularity since they increase our lifestyle quality day by day. However, due to the personal nature of the managed data, numerous IoT applications represent a potential threat to user privacy and data confidentiality. Insufficient security protection mechanisms in IoT applications can cause unauthorized users to access data. To solve this security issue, the access control systems, which guarantee only authorized entities to access the resources, are proposed in academic and industrial environments. The main purpose of access control systems is to determine who can access specific resources under which circumstances via the access control policies. An access control model encapsulates the defined set of access control policies. Access control models have been proposed also for IoT environments to protect resources from unauthorized users. Among the existing solutions, the proposals which are based on Attribute-Based Access Control (ABAC) model, have been widely adopted in the last years. In the ABAC model, authorizations are determined by evaluating attributes associated with the subject, object, and environmental properties. ABAC model provides outstanding flexibility and supports fine-grained, context-based access control policies. These characteristics perfectly fit the IoT environments. In this thesis, we employ ABAC to regulate the reception and the publishing of messages exchanged within MQTT-based IoT environments. MQTT is a standard application layer protocol that enables the communication of IoT devices. Even though the current access control systems tailored for IoT environments in the literature handle data sharing among the IoT devices by employing various access control models and mechanisms to address the challenges that have been faced in IoT environments, surprisingly two research challenges have still not been sufficiently examined. The first challenge that we want to address in this thesis is to regulate data sharing among interconnected IoT environments. In interconnected IoT environments, data exchange is carried out by devices connected to different environments. The majority of proposed access control frameworks in the literature aimed at regulating the access to data generated and exchanged within a single IoT environment by adopting centralized enforcement mechanisms. However, currently, most of the IoT applications rely on IoT devices and services distributed in multiple IoT environments to satisfy users’ demands and improve their functionalities. The second challenge that we want to address in this thesis is to regulate data sharing within an IoT environment under ordinary and emergency situations. Recent emergencies, such as the COVID-19 pandemic, have shown that proper emergency management should provide data sharing during an emergency situation to monitor and possibly mitigate the effect of the emergency situation. IoT technologies provide valid support to the development of efficient data sharing and analysis services and appear well suited for building emergency management applications. Additionally, IoT has magnified the possibility of acquiring data from different sensors and employing these data to detect and manage emergencies. An emergency management application in an IoT environment should be complemented with a proper access control approach to control data sharing against unauthorized access. In this thesis, we do a step to address two open research challenges related to data protection in IoT environments which are briefly introduced above. To address these challenges, we propose two access control frameworks rely on ABAC model: the first one regulates data sharing among interconnected MQTT-based IoT environments, whereas the second one regulates data sharing within MQTT-based IoT environment during ordinary and emergency situations.IoT applications, which allow devices, companies, and users to join the IoT ecosystems, are growing in popularity since they increase our lifestyle quality day by day. However, due to the personal nature of the managed data, numerous IoT applications represent a potential threat to user privacy and data confidentiality. Insufficient security protection mechanisms in IoT applications can cause unauthorized users to access data. To solve this security issue, the access control systems, which guarantee only authorized entities to access the resources, are proposed in academic and industrial environments. The main purpose of access control systems is to determine who can access specific resources under which circumstances via the access control policies. An access control model encapsulates the defined set of access control policies. Access control models have been proposed also for IoT environments to protect resources from unauthorized users. Among the existing solutions, the proposals which are based on Attribute-Based Access Control (ABAC) model, have been widely adopted in the last years. In the ABAC model, authorizations are determined by evaluating attributes associated with the subject, object, and environmental properties. ABAC model provides outstanding flexibility and supports fine-grained, context-based access control policies. These characteristics perfectly fit the IoT environments. In this thesis, we employ ABAC to regulate the reception and the publishing of messages exchanged within MQTT-based IoT environments. MQTT is a standard application layer protocol that enables the communication of IoT devices. Even though the current access control systems tailored for IoT environments in the literature handle data sharing among the IoT devices by employing various access control models and mechanisms to address the challenges that have been faced in IoT environments, surprisingly two research challenges have still not been sufficiently examined. The first challenge that we want to address in this thesis is to regulate data sharing among interconnected IoT environments. In interconnected IoT environments, data exchange is carried out by devices connected to different environments. The majority of proposed access control frameworks in the literature aimed at regulating the access to data generated and exchanged within a single IoT environment by adopting centralized enforcement mechanisms. However, currently, most of the IoT applications rely on IoT devices and services distributed in multiple IoT environments to satisfy users’ demands and improve their functionalities. The second challenge that we want to address in this thesis is to regulate data sharing within an IoT environment under ordinary and emergency situations. Recent emergencies, such as the COVID-19 pandemic, have shown that proper emergency management should provide data sharing during an emergency situation to monitor and possibly mitigate the effect of the emergency situation. IoT technologies provide valid support to the development of efficient data sharing and analysis services and appear well suited for building emergency management applications. Additionally, IoT has magnified the possibility of acquiring data from different sensors and employing these data to detect and manage emergencies. An emergency management application in an IoT environment should be complemented with a proper access control approach to control data sharing against unauthorized access. In this thesis, we do a step to address two open research challenges related to data protection in IoT environments which are briefly introduced above. To address these challenges, we propose two access control frameworks rely on ABAC model: the first one regulates data sharing among interconnected MQTT-based IoT environments, whereas the second one regulates data sharing within MQTT-based IoT environment during ordinary and emergency situations

Context-based access control for ridesharing service

The paper describes a context-based access control model for a ridesharing service. Ridesharing is a shared use of a car by the driver and one or more passengers for a joint trip. The service is based on the smart space concept. For this purpose the Smart-M3 platform is used. Currently the Smart-M3 platform doesn't have an appropriate access control mechanism meeting the following requirements: supporting a flexible, descriptive and well-defined policy language and taking into consideration the context information. Therefore, the usage of the context-based access control model has been proposed. This model is built as a combination of the role-based and attribute-based access control models. It uses roles, which are assigned dynamically based on the user's context, and meets the requirements to the access control in the smart space. An analysis of information transfer through the ridesharing service modules is used for defining the user's context. The model has been implemented within an access control broker, which controls the access to the smart space resources

Context-based confidentiality analysis in dynamic Industry 4.0 scenarios

In Industry 4.0 environments highly dynamic and flexible access control strategies are needed. State of the art strategies are often not included in the modelling process but must be considered afterwards. This makes it very difficult to analyse the security properties of a system. In the framework of the Trust 4.0 project the confidentiality analysis tries to solve this problem using a context-based approach. Thus, there is a security model named context metamodel. Another important problem is that the transformation of an instance of a security model to a wide-spread access control standard is often not possible. This is also the case for the context metamodel. Moreover, another transformation which is very interesting to consider is one to an ensemble based component system which is also presented in the Trust 4.0 project. This thesis introduces an extension to the beforementioned context metamodel in order to add more extensibility to it. Furthermore, the thesis deals with the creation of a concept and an implementation of the transformations mentioned above. For that purpose, at first, the transformation to the attribute-based access control standard XACML is considered. Thereafter, the transformation from XACML to an ensemble based component system is covered. The evaluation indicated that the model can be used for use cases in Industry 4.0 scenarios. Moreover, it also indicated the transformations produce adequately accurate access policies. Furthermore, the scalability evaluation indicated linear runtime behaviour of the implementations of both transformations for respectively higher number of input contexts or XACML rules