888,351 research outputs found
A Logic Programming approach for Access Control over RDF
The Resource Description Framework (RDF) is an interoperable data representation format suitable for interchange and integration of data, especially in Open Data contexts. However, RDF is also becoming increasingly attractive in scenarios involving sensitive data, where data protection is a major concern. At its core, RDF does not support any form of access control and current proposals for extending RDF with access control do not fit well with the RDF representation model. Considering an enterprise scenario, we present a modelling that caters for access control over the stored RDF data in an intuitive and transparent manner. For this paper we rely on Annotated RDF, which introduces concepts from Annotated Logic Programming into
RDF. Based on this model of the access control annotation domain, we propose a mechanism to manage permissions via application-specific logic rules. Furthermore, we illustrate how our Annotated Query Language (AnQL) provides a secure way to query this access control annotated RDF data
A Customizable Conflict Resolution and Attribute-Based Access Control Framework for Multi-Robot Systems
As multi-robot systems continue to advance and become integral to various
applications, managing conflicts and ensuring secure access control are
critical challenges that need to be addressed. Access control is essential in
multi-robot systems to ensure secure and authorized interactions among robots,
protect sensitive data, and prevent unauthorized access to resources. This
paper presents a novel framework for customizable conflict resolution and
attribute-based access control in multi-robot systems for ROS 2 leveraging the
Hyperledger Fabric blockchain. We introduce an attribute-based access control
(ABAC) Fabric-ROS 2 bridge to enable secure communication and control between
users and robots. By defining conflict resolution policies based on task
priorities, robot capabilities, and user-defined constraints, our framework
offers a flexible way to resolve conflicts. Additionally, it incorporates
attribute-based access control, granting access rights based on user and robot
attributes. ABAC offers a modular approach to control access compared to
existing access control approaches in ROS 2, such as SROS2. Through this
framework, multi-robot systems can be managed efficiently, securely, and
adaptably, ensuring controlled access to resources and managing conflicts. Our
experimental evaluation shows that our framework marginally improves latency
and throughput over exiting Fabric and ROS 2 integration solutions. At higher
network load, it is the only solution to operate reliably without a diverging
transaction commitment latency. We also demonstrate how conflicts arising from
simultaneous control or a robot by two users are resolved in real-time and
motion distortion is effectively eliminated
Role-Based Access Control for the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI)
Grid has emerged recently as an integration infrastructure for the sharing and coordinated use of diverse resources in dynamic, distributed virtual organizations (VOs). A Data Grid is an architecture for the access, exchange, and sharing of data in the Grid environment. In this dissertation, role-based access control (RBAC) systems for heterogeneous data resources in Data Grid systems are proposed. The Open Grid Services Architecture - Data Access and Integration (OGSA-DAI) is a widely used framework for the integration of heterogeneous data resources in Grid systems.
However, in the OGSA-DAI system, access control causes substantial administration overhead for resource providers in VOs because each of them has to manage the authorization information for individual Grid users. Its identity-based access control mechanisms are severely inefficient and too complicated to manage because the direct mapping between users and privileges is transitory. To solve this problem, (1) the Community Authorization Service (CAS), provided by the Globus toolkit, and (2) the Shibboleth, an attribute authorization service, are used to support RBAC in the OGSA-DAI system. The Globus Toolkit is widely used software for building Grid systems.
Access control policies need to be specified and managed across multiple VOs. For this purpose, the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML) is used; and for distributed administration of those policies, the Object, Metadata and Artifacts Registry (OMAR) is used. OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories.
The RBAC systems allow quick and easy deployments, privacy protection, and the centralized and distributed management of privileges. They support scalable, interoperable and fine-grain access control services; dynamic delegation of rights; and user-role assignments. They also reduce the administration overheads for resource providers because they need to maintain only the mapping information from VO roles to local database roles. Resource providers maintain the ultimate authority over their resources. Moreover, unnecessary mapping and connections can be avoided by denying invalid requests at the VO level. Performance analysis shows that our RBAC systems add only a small overhead to the existing security infrastructure of OGSA-DAI
Fine-Grained Access Control Within NoSQL Document-Oriented Datastores
The recent years have seen the birth of several NoSQL datastores, which are getting more and more popularity for their ability to handle high volumes of heterogeneous and unstructured data in a very efficient way. In several cases, NoSQL databases proved to outclass in terms of performance, scalability, and ease of use relational database management systems, meeting the requirements of a variety of today ICT applications. However, recent surveys reveal that, despite their undoubted popularity, NoSQL datastores suffer from some weaknesses, among which the lack of effective support for data protection appears among the most serious ones. Proper data protection mechanisms are therefore required to fill this void. In this work, we start to address this issue by focusing on access control and discussing the definition of a fine-grained access control framework for document-oriented NoSQL datastores. More precisely, we first focus on issues and challenges related to the definition of such a framework, considering theoretical, implementation, and integration aspects. Then, we discuss the reasons for which state-of-the-art fine-grained access control solutions proposed for relational database management systems cannot be used within the NoSQL scenario. We then introduce possible strategies to address the identified issues, which are at the basis of the framework development. Finally, we shortly report the outcome of an experience where the proposed framework has been used to enhance the data protection features of a popular NoSQL database
Preserving Privacy in Cyber-physical-social systems: An Anonymity and Access Control Approach
With the significant development of mobile commerce, the integration of physical, social, and cyber worlds is increasingly common.
The term Cyber Physical Social Systems is used to capture technology’s human-centric role. With the revolutionization of CPSS,
privacy protections become a major concern for both customers
and enterprises. Although data generalization by obfuscation and
anonymity can provide protection for an individual’s privacy, overgeneralization may lead to less-valuable data. In this paper, we
contrive generalization boundary techniques (k-anonymity) to maximize data usability while minimizing disclosure with a privacy
access control mechanism. This paper proposes a combination of
purpose-based access control models with an anonymity technique
in distributed computing environments for privacy preserving policies and mechanisms that demonstrate policy conflicting problems.
This combined approach will provide protections for individual personal information and make data sharable to authorized party with
proper purposes. Here, we have examined data with k-anonymity
to create a specific level of obfuscation that maintains the usefulness of data and used a heuristic approach to a privacy access
control framework in which the privacy requirement is to satisfy
the k-anonymity. The extensive experiments on both real-world
and synthetic data sets show that the proposed privacy aware access
control model with k- anonymity is practical and effective. It will
generate an anonymized data set in accordance with the privacy
clearance of a certain request and allow users access at different
privacy levels, fulfilling some set of obligations and addressing privacy and utility requirements, flexible access control, and improved
data availability, while guaranteeing a certain level of privacy.Ope
A MODEL OF A DISTRIBUTED INFORMATION SYSTEM BASED ON THE Z39.50 PROTOCOL
Based on the analysis of typical scenarios of information servers, the tasks that should be solved when organizing an access control system for distributed information resources are formulated. The possibilities of the Z39.50 technologies as the most suitable for building such a system are considered. Within the framework of this technology, three access control models are discussed, which differ in the degree of integration of information server functions with the Z39.50 technologies.The creation and support of distributed information systems and electronic libraries that integrate heterogeneous information resources and operate in various software and hardware environments requires special approaches to managing these systems. If the resources or data themselves can be managed locally, even for distributed information systems, then the task of managing access to distributed resources cannot be solved within the framework of local administration. The justification of the last thesis can be seen when considering typical scenarios of the information server, which we will describe belo
A layered operational model for describing inter-tool communication in tool integration frameworks
Integration frameworks for building software engineering environments provide at least data, control and presentation integration facilities, together with integration devices which afford access to these facilities by the tools which populate the framework. Typically, an integration device is a specially developed language, or extension to an existing language, in which the integration programmer specifies the desired interactions between the tools comprising the software engineering environment. Surprisingly little effort has been applied to assessing the expressiveness of integration languages, even though the power of such a language limits the level of integration a tool can achieve within the environment. Our work seeks to provide an approach to both assessing and comparing the expressiveness of the integration devices of a range of commercial and research products. The paper presents a layered operational model, based on information structures; this model has been developed for describing the semantics of the inter-tool communication features of integration devices in a precise manner, and in a manner which will facilitate such assessment and comparison
Deep Learning meets Blockchain for Automated and Secure Access Control
Access control is a critical component of computer security, governing access
to system resources. However, designing policies and roles in traditional
access control can be challenging and difficult to maintain in dynamic and
complex systems, which is particularly problematic for organizations with
numerous resources. Furthermore, traditional methods suffer from issues such as
third-party involvement, inefficiency, and privacy gaps, making transparent and
dynamic access control an ongoing research problem. Moreover detecting
malicious activities and identifying users who are not behaving appropriately
can present notable difficulties. To address these challenges, we propose
DLACB, a Deep Learning Based Access Control Using Blockchain, as a solution to
decentralized access control. DLACB uses blockchain to provide transparency,
traceability, and reliability in various domains such as medicine, finance, and
government while taking advantage of deep learning to not rely on predefined
policies and eventually automate access control. With the integration of
blockchain and deep learning for access control, DLACB can provide a general
framework applicable to various domains, enabling transparent and reliable
logging of all transactions. As all data is recorded on the blockchain, we have
the capability to identify malicious activities. We store a list of malicious
activities in the storage system and employ a verification algorithm to
cross-reference it with the blockchain. We conduct measurements and comparisons
of the smart contract processing time for the deployed access control system in
contrast to traditional access control methods, determining the time overhead
involved. The processing time of DLBAC demonstrates remarkable stability when
exposed to increased request volumes.Comment: arXiv admin note: text overlap with arXiv:2303.1475
Developing Strategic Capability through Business Intelligence Applications: A case study from the German Healthcare Insurance Industry
Wynn, M. and Brinkmann, D., (2018), in Yeoh, W. and Miah, S. (eds) Business Intelligence in Organisational Settings, IGI-Global.
Company performance can be measured at all levels across an organisation, and in the German healthcare industry, Business Intelligence systems play a crucial role in achieving this. For one major health insurance company (discussed here as an alias - AK Healthcare), the deployment of Business Intelligence applications has supported sustained growth in turnover and market share in the past five years. In this article, these tools are classified within an appropriate conceptual framework which encompasses the organisation’s information infrastructure and associated processes. Different components of the framework are identified and examples are given - systems infrastructure, data provision/access control, the BI tools and technologies, report generation, and information users. The use and integration of Business Intelligence tools in the strategy development process is then analyzed, and the key functions and features of these tools for strategic capability development are discussed. Research findings encompass system access, report characteristics, and end-users capabilities
Towards a Semantic Grid Computing Platform for Disaster Management in Built Environment
Current disaster management procedures rely primarily on heuristics which result in their strategies being very cautious and sub-optimum in terms of saving life, minimising damage and returning the building to its normal function. Also effective disaster management demands decentralized, dynamic, flexible, short term and across domain resource sharing, which is not well supported by existing distributing computing infrastructres. The paper proposes a conceptual framework for emergency management in the built environment, using Semantic Grid as an integrating platform for different technologies. The framework supports a distributed network of specialists in built environment, including structural engineers, building technologists, decision analysts etc. It brings together the necessary technology threads, including the Semantic Web (to provide a framework for shared definitions of terms, resources and relationships), Web Services (to provide dynamic discovery and integration) and Grid Computing (for enhanced computational power, high speed access, collaboration and security control) to support rapid formation of virtual teams for disaster management. The proposed framework also make an extensive use of modelling and simulation (both numerical and using visualisations), data mining (to find resources in legacy data sets) and visualisation. It also include a variety of hardware instruments with access to real time data. Furthermore the whole framework is centred on collaborative working by the virtual team. Although focus of this paper is on disaster management, many aspects of the discussed Grid and Visualisation technologies will be useful for any other forms of collaboration. Conclusions are drawn about the possible future impact on the built environment
- …