A Logic Programming approach for Access Control over RDF

The Resource Description Framework (RDF) is an interoperable data representation format suitable for interchange and integration of data, especially in Open Data contexts. However, RDF is also becoming increasingly attractive in scenarios involving sensitive data, where data protection is a major concern. At its core, RDF does not support any form of access control and current proposals for extending RDF with access control do not fit well with the RDF representation model. Considering an enterprise scenario, we present a modelling that caters for access control over the stored RDF data in an intuitive and transparent manner. For this paper we rely on Annotated RDF, which introduces concepts from Annotated Logic Programming into RDF. Based on this model of the access control annotation domain, we propose a mechanism to manage permissions via application-specific logic rules. Furthermore, we illustrate how our Annotated Query Language (AnQL) provides a secure way to query this access control annotated RDF data

A Customizable Conflict Resolution and Attribute-Based Access Control Framework for Multi-Robot Systems

As multi-robot systems continue to advance and become integral to various applications, managing conflicts and ensuring secure access control are critical challenges that need to be addressed. Access control is essential in multi-robot systems to ensure secure and authorized interactions among robots, protect sensitive data, and prevent unauthorized access to resources. This paper presents a novel framework for customizable conflict resolution and attribute-based access control in multi-robot systems for ROS 2 leveraging the Hyperledger Fabric blockchain. We introduce an attribute-based access control (ABAC) Fabric-ROS 2 bridge to enable secure communication and control between users and robots. By defining conflict resolution policies based on task priorities, robot capabilities, and user-defined constraints, our framework offers a flexible way to resolve conflicts. Additionally, it incorporates attribute-based access control, granting access rights based on user and robot attributes. ABAC offers a modular approach to control access compared to existing access control approaches in ROS 2, such as SROS2. Through this framework, multi-robot systems can be managed efficiently, securely, and adaptably, ensuring controlled access to resources and managing conflicts. Our experimental evaluation shows that our framework marginally improves latency and throughput over exiting Fabric and ROS 2 integration solutions. At higher network load, it is the only solution to operate reliably without a diverging transaction commitment latency. We also demonstrate how conflicts arising from simultaneous control or a robot by two users are resolved in real-time and motion distortion is effectively eliminated

Role-Based Access Control for the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI)

Grid has emerged recently as an integration infrastructure for the sharing and coordinated use of diverse resources in dynamic, distributed virtual organizations (VOs). A Data Grid is an architecture for the access, exchange, and sharing of data in the Grid environment. In this dissertation, role-based access control (RBAC) systems for heterogeneous data resources in Data Grid systems are proposed. The Open Grid Services Architecture - Data Access and Integration (OGSA-DAI) is a widely used framework for the integration of heterogeneous data resources in Grid systems. However, in the OGSA-DAI system, access control causes substantial administration overhead for resource providers in VOs because each of them has to manage the authorization information for individual Grid users. Its identity-based access control mechanisms are severely inefficient and too complicated to manage because the direct mapping between users and privileges is transitory. To solve this problem, (1) the Community Authorization Service (CAS), provided by the Globus toolkit, and (2) the Shibboleth, an attribute authorization service, are used to support RBAC in the OGSA-DAI system. The Globus Toolkit is widely used software for building Grid systems. Access control policies need to be specified and managed across multiple VOs. For this purpose, the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML) is used; and for distributed administration of those policies, the Object, Metadata and Artifacts Registry (OMAR) is used. OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories. The RBAC systems allow quick and easy deployments, privacy protection, and the centralized and distributed management of privileges. They support scalable, interoperable and fine-grain access control services; dynamic delegation of rights; and user-role assignments. They also reduce the administration overheads for resource providers because they need to maintain only the mapping information from VO roles to local database roles. Resource providers maintain the ultimate authority over their resources. Moreover, unnecessary mapping and connections can be avoided by denying invalid requests at the VO level. Performance analysis shows that our RBAC systems add only a small overhead to the existing security infrastructure of OGSA-DAI

Fine-Grained Access Control Within NoSQL Document-Oriented Datastores

The recent years have seen the birth of several NoSQL datastores, which are getting more and more popularity for their ability to handle high volumes of heterogeneous and unstructured data in a very efficient way. In several cases, NoSQL databases proved to outclass in terms of performance, scalability, and ease of use relational database management systems, meeting the requirements of a variety of today ICT applications. However, recent surveys reveal that, despite their undoubted popularity, NoSQL datastores suffer from some weaknesses, among which the lack of effective support for data protection appears among the most serious ones. Proper data protection mechanisms are therefore required to fill this void. In this work, we start to address this issue by focusing on access control and discussing the definition of a fine-grained access control framework for document-oriented NoSQL datastores. More precisely, we first focus on issues and challenges related to the definition of such a framework, considering theoretical, implementation, and integration aspects. Then, we discuss the reasons for which state-of-the-art fine-grained access control solutions proposed for relational database management systems cannot be used within the NoSQL scenario. We then introduce possible strategies to address the identified issues, which are at the basis of the framework development. Finally, we shortly report the outcome of an experience where the proposed framework has been used to enhance the data protection features of a popular NoSQL database

Preserving Privacy in Cyber-physical-social systems: An Anonymity and Access Control Approach

With the significant development of mobile commerce, the integration of physical, social, and cyber worlds is increasingly common. The term Cyber Physical Social Systems is used to capture technology’s human-centric role. With the revolutionization of CPSS, privacy protections become a major concern for both customers and enterprises. Although data generalization by obfuscation and anonymity can provide protection for an individual’s privacy, overgeneralization may lead to less-valuable data. In this paper, we contrive generalization boundary techniques (k-anonymity) to maximize data usability while minimizing disclosure with a privacy access control mechanism. This paper proposes a combination of purpose-based access control models with an anonymity technique in distributed computing environments for privacy preserving policies and mechanisms that demonstrate policy conflicting problems. This combined approach will provide protections for individual personal information and make data sharable to authorized party with proper purposes. Here, we have examined data with k-anonymity to create a specific level of obfuscation that maintains the usefulness of data and used a heuristic approach to a privacy access control framework in which the privacy requirement is to satisfy the k-anonymity. The extensive experiments on both real-world and synthetic data sets show that the proposed privacy aware access control model with k- anonymity is practical and effective. It will generate an anonymized data set in accordance with the privacy clearance of a certain request and allow users access at different privacy levels, fulfilling some set of obligations and addressing privacy and utility requirements, flexible access control, and improved data availability, while guaranteeing a certain level of privacy.Ope

A MODEL OF A DISTRIBUTED INFORMATION SYSTEM BASED ON THE Z39.50 PROTOCOL

Based on the analysis of typical scenarios of information servers, the tasks that should be solved when organizing an access control system for distributed information resources are formulated. The possibilities of the Z39.50 technologies as the most suitable for building such a system are considered. Within the framework of this technology, three access control models are discussed, which differ in the degree of integration of information server functions with the Z39.50 technologies.The creation and support of distributed information systems and electronic libraries that integrate heterogeneous information resources and operate in various software and hardware environments requires special approaches to managing these systems. If the resources or data themselves can be managed locally, even for distributed information systems, then the task of managing access to distributed resources cannot be solved within the framework of local administration. The justification of the last thesis can be seen when considering typical scenarios of the information server, which we will describe belo

A layered operational model for describing inter-tool communication in tool integration frameworks

Integration frameworks for building software engineering environments provide at least data, control and presentation integration facilities, together with integration devices which afford access to these facilities by the tools which populate the framework. Typically, an integration device is a specially developed language, or extension to an existing language, in which the integration programmer specifies the desired interactions between the tools comprising the software engineering environment. Surprisingly little effort has been applied to assessing the expressiveness of integration languages, even though the power of such a language limits the level of integration a tool can achieve within the environment. Our work seeks to provide an approach to both assessing and comparing the expressiveness of the integration devices of a range of commercial and research products. The paper presents a layered operational model, based on information structures; this model has been developed for describing the semantics of the inter-tool communication features of integration devices in a precise manner, and in a manner which will facilitate such assessment and comparison

Deep Learning meets Blockchain for Automated and Secure Access Control

Access control is a critical component of computer security, governing access to system resources. However, designing policies and roles in traditional access control can be challenging and difficult to maintain in dynamic and complex systems, which is particularly problematic for organizations with numerous resources. Furthermore, traditional methods suffer from issues such as third-party involvement, inefficiency, and privacy gaps, making transparent and dynamic access control an ongoing research problem. Moreover detecting malicious activities and identifying users who are not behaving appropriately can present notable difficulties. To address these challenges, we propose DLACB, a Deep Learning Based Access Control Using Blockchain, as a solution to decentralized access control. DLACB uses blockchain to provide transparency, traceability, and reliability in various domains such as medicine, finance, and government while taking advantage of deep learning to not rely on predefined policies and eventually automate access control. With the integration of blockchain and deep learning for access control, DLACB can provide a general framework applicable to various domains, enabling transparent and reliable logging of all transactions. As all data is recorded on the blockchain, we have the capability to identify malicious activities. We store a list of malicious activities in the storage system and employ a verification algorithm to cross-reference it with the blockchain. We conduct measurements and comparisons of the smart contract processing time for the deployed access control system in contrast to traditional access control methods, determining the time overhead involved. The processing time of DLBAC demonstrates remarkable stability when exposed to increased request volumes.Comment: arXiv admin note: text overlap with arXiv:2303.1475

Developing Strategic Capability through Business Intelligence Applications: A case study from the German Healthcare Insurance Industry

Wynn, M. and Brinkmann, D., (2018), in Yeoh, W. and Miah, S. (eds) Business Intelligence in Organisational Settings, IGI-Global. Company performance can be measured at all levels across an organisation, and in the German healthcare industry, Business Intelligence systems play a crucial role in achieving this. For one major health insurance company (discussed here as an alias - AK Healthcare), the deployment of Business Intelligence applications has supported sustained growth in turnover and market share in the past five years. In this article, these tools are classified within an appropriate conceptual framework which encompasses the organisation’s information infrastructure and associated processes. Different components of the framework are identified and examples are given - systems infrastructure, data provision/access control, the BI tools and technologies, report generation, and information users. The use and integration of Business Intelligence tools in the strategy development process is then analyzed, and the key functions and features of these tools for strategic capability development are discussed. Research findings encompass system access, report characteristics, and end-users capabilities

Towards a Semantic Grid Computing Platform for Disaster Management in Built Environment

Current disaster management procedures rely primarily on heuristics which result in their strategies being very cautious and sub-optimum in terms of saving life, minimising damage and returning the building to its normal function. Also effective disaster management demands decentralized, dynamic, flexible, short term and across domain resource sharing, which is not well supported by existing distributing computing infrastructres. The paper proposes a conceptual framework for emergency management in the built environment, using Semantic Grid as an integrating platform for different technologies. The framework supports a distributed network of specialists in built environment, including structural engineers, building technologists, decision analysts etc. It brings together the necessary technology threads, including the Semantic Web (to provide a framework for shared definitions of terms, resources and relationships), Web Services (to provide dynamic discovery and integration) and Grid Computing (for enhanced computational power, high speed access, collaboration and security control) to support rapid formation of virtual teams for disaster management. The proposed framework also make an extensive use of modelling and simulation (both numerical and using visualisations), data mining (to find resources in legacy data sets) and visualisation. It also include a variety of hardware instruments with access to real time data. Furthermore the whole framework is centred on collaborative working by the virtual team. Although focus of this paper is on disaster management, many aspects of the discussed Grid and Visualisation technologies will be useful for any other forms of collaboration. Conclusions are drawn about the possible future impact on the built environment