3PAC: Enforcing Access Policies for Web Services

Web services fail to deliver on the promise of ubiquitous deployment and seamless interoperability due to the lack of a uniform, standards-based approach to all aspects of security. In particular, the enforcement of access policies in a service oriented architecture is not addressed adequately. We present a novel approach to the distribution and enforcement of credentials-based access policies for Web services (3PAC) which scales well and can be implemented in existing deployments

Benefits of Location-Based Access Control:A Literature Study

Location-based access control (LBAC) has been suggested as a means to improve IT security. By 'grounding' users and systems to a particular location, \ud attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been investigated thoroughly. To this end, we perform a structured literature review, and examine the goals that LBAC can potentially fulfill, \ud the specific LBAC systems that realize these goals and the context on which LBAC depends. Our paper has four main contributions:\ud first we propose a theoretical framework for LBAC evaluation, based on goals, systems and context. Second, we formulate and apply criteria for evaluating the usefulness of an LBAC system. Third, we identify four usage scenarios for LBAC: open areas and systems, hospitals, enterprises, and finally data centers and military facilities. Fourth, we propose directions for future research:\ud (i) assessing the tradeoffs between location-based, physical and logical access control, (ii) improving the transparency of LBAC decision making, and \ud (iii) formulating design criteria for facilities and working environments for optimal LBAC usage

Trust-aware RBAC

Published version of a chapter in the book: Computer Network Security. Also available from the publisher at: http://dx.doi.org/10.1007/978-3-642-33704-8_9In this paper we propose a trust-aware enhancement of RBAC (TA-RBAC) that takes trustworthiness of users into consideration explicitly before granting access. We assume that each role in the framework is associated with an expression that describe trustworthiness of subjects required to be able to activate the role, and each subject (user) has assigned trustworthiness level in the system. By adding trustworthiness constraints to roles we enhance system, for example, with more flexible ability to delegate roles, to control reading/updating of objects by denying such operations to those subjects that violate trustworthiness requirements

Trusted reasoning-role-based access control for cloud computing environment

Cloud computing has become the new standard in the fast-growing industry of information technology. This poses new challenges to the existing access control models, as the new computing paradigm is highly-distributed and multi-tenancy. The existing access control models are not strong enough due to unavailability of strong multiple relationships between user and resources. In addition, monitoring activities of users to protect the cloud resources is weak. In these contexts, malicious user must be identified for the protection of sensitive data and to limit the access of the user to the resources. This research developed an enhanced access control model for cloud computing, namely Trusted Reasoning-Role-Based Access Control for Cloud Computing Environment (TR2BAC) model. The model consists of four components. The first component is a dimensional domain for strong multiple relations between resources and user management, whereas the second component is reason-based access mechanism to limit users access based on defined reasoning principle. The third component is the trust module that identifies trusted/malicious users, and the fourth component ensures secure data access that classifies and labels the data according to the level of its sensitivity. The resources are then secured accordingly. Simulation results revealed that the performance of the proposed model improved in comparison to the existing state of the art techniques in terms of throughput by 25% and Permission Grants results by 35%. In terms of user authorization, the access time improved by 95% of the total access time which is about 7.5 seconds. In conclusion, this research has developed an enhanced access control model for cloud computing environment that can be used to protect the privacy of users as well as cloud resources from inside and outside attacks

An Access Control Model for NoSQL Databases

Current development platforms are web scale, unlike recent platforms which were just network scale. There has been a rapid evolution in computing paradigm that has created the need for data storage as agile and scalable as the applications they support. Relational databases with their joins and locks influence performance in web scale systems negatively. Thus, various types of non-relational databases have emerged in recent years, commonly referred to as NoSQL databases. To fulfill the gaps created by their relational counter-part, they trade consistency and security for performance and scalability. With NoSQL databases being adopted by an increasing number of organizations, the provision of security for them has become a growing concern. This research presents a context based abstract model by extending traditional role based access control for access control in NoSQL databases. The said model evaluates and executes security policies which contain versatile access conditions against the dynamic nature of data. The goal is to devise a mechanism for a forward looking, assertive yet flexible security feature to regulate access to data in the database system that is devoid of rigid structures and consistency, namely a document based database such as MongoDB

Расширенная ролевая модель безопасности для веб-приложений, основанная на иерархии путей

Web applications security is a complex problem with several aspects. One aspect is access control according to specified security policy. Access control is accomplished by security model restrictions. This research is dedicated to developing security access control model for web applications. This work describes path-based RBAC model, which improves RBAC and allows flexible access control using request path (URI). Authors created guidelines to apply model’s elements for real-world web applications. Developing web applications with model described allows reducing security risksОбеспечение безопасности веб-приложений – комплексная проблема, имеющая несколько аспектов. Одним из аспектов является разграничение доступа в соответствии с заданной политикой безопасности. Разграничение доступа осуществляется путем применения ограничений, накладываемых моделью безопасности. Данная работа посвящена разработке модели безопасности для разграничения доступа в веб-приложениях. В работе описана основанная на иерархии путей ролевая модель безопасности, которая улучшает базовую модель RBAC и обеспечивает гибкое разграничение доступа на основе пути запроса (URI). Разработаны рекомендации по применению модели для веб-приложений. Разработка веб-приложений с применением описанной модели позволяет снизить риски, связанные с безопасность