Implementation of Formal Semantics and the Potential of Non-Classical Logic Systems for the Enhancement of Access Control Models: A Literature Review

This literature review discovers an implementation of formal logic systems in cyber security by enhancing access control models. We explore the characteristics of the existing access control theories, their limitations and how classical logic is used therein. We then delve into the possibility of utilising non-classical logic systems for improving the models. In particular, we explore how classical logic can be used to describe and prove the correctness of role-based access control and attribute-based access control models.Comment: 10 page

A COLLABORATIVE MODEL FOR VIRTUAL ENTERPRISE

Collaborative process characteristics have three dimensions: actors, activities and action’s logic. The aim of this paper is to present a virtual portal’s model that helps managing consortiums. Our model based on dynamic e-collaboration and it has a modular structure, multilayer approach. System’s functionality of virtual enterprise is collaborative model is concern on users’ login, based on role and access control, searching and providing distributed resources, accessibility, metadata management and improved information’s management. Our proposal for developing solution offers a functional architecture of a virtual enterprise using dynamic e-collaboration and shared space.dynamic e-collaboration, multilayer solution, modular approach

TRADE-OFF ANALYSIS OF RELATIONAL DATABASE STORAGE FOR PRIVACY PURPOSES

In business organizations, person-specific data are collected as part of service re­ quirements from customers or data providers. To maintain the privacy of these per­ sonal data from intra-organizational or external unauthorized access, an Role-based access control (RBAC) extension with privacy purposes has been introduced. Re­ search on role-based access control and privacy has been conducted. Despite all this research, not much investigation into efficient ways to store person-specific data with privacy labels has been conducted. To the best of our knowledge, there is no such re­ search to analyze the characteristics and impact of different storage patterns on RBAC with privacy purposes. In this thesis, we propose some storage schemes for extended RBAC with privacy purpose in a relational database environment. Moreover, we ana­ lyze the performance characteristics and impact of different SQL operations according to different storage schemes for the extension of RBAC with privacy purposes

Toward Effective Access Control Using Attributes and Pseudoroles

Sharing of information is fundamental to modern computing environments across many application domains. Such information sharing, however, raises security and privacy concerns that require effective access control to prevent unauthorized access and ensure compliance with various laws and regulations. Current approaches such as Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC) and their variants are inadequate. Although it provides simple administration of access control and user revocation and permission review, RBAC demands complex initial role engineering and makes access control static. ABAC, on the other hand, simplifies initial security setup and enables flexible access control, but increases the complexity of managing privileges, user revocation and user permissions review. These limitations of RBAC and ABAC have thus motivated research into the development of newer models that use attributes and policies while preserving RBAC\u27s advantages. This dissertation explores the role of attributes---characteristics of entities in the system---in achieving effective access control. The first contribution of this dissertation is the design and development of a secure access system using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). The second contribution is the design and validation of a two-step access control approach, the BiLayer Access Control (BLAC) model. The first layer in BLAC checks whether subjects making access requests have the right BLAC pseudoroles---a pseudorole is a predefined subset of a subject\u27s static attributes. If requesting subjects hold the right pseudoroles, the second layer checks rule(s) within associated BLAC policies for further constraints on access. BLAC thus makes use of attributes effectively while preserving RBAC\u27s advantages. The dissertation\u27s third contribution is the design and definition of an evaluation framework for time complexity analysis, and uses this framework to compare BLAC model with RBAC and ABAC. The fourth contribution is the design and construction of a generic access control threat model, and applying it to assess the effectiveness of BLAC, RBAC and ABAC in mitigating insider threats

Health Information System Role-Based Access Control Current Security Trends and Challenges

Objective. This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. Method. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. Results. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Conclusion. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.Sao Paulo Federal University (Unifesp) sponsorshipUniv Fed Sao Paulo, Hlth Informat Dept, Sao Paulo, SP, BrazilUniv Fed Sao Paulo, Hlth Informat Dept, Sao Paulo, SP, BrazilWeb of Scienc

A framework of secure KMS with RBAC implementation

Knowledge Management System (KMS) is a tool to support knowledge management (KM) and nowadays it has been a priority to the organizations as to protect the organization intellectual assets. The evolution of internet has brought KMS becomes more powerful while it can serve users in collaborative system. However, though the excitement of expanding KMS capabilities, security issue is critical due to the access and sharing knowledge which from distributed locations. Mostly the issues are regard to the restriction of the access permission to knowledge. Therefore, there is a need to construct a security model towards secure KMS, for managing access restriction in order to avoid unauthorized access as well as to protect knowledge throughout KM activities. Thus, this paper review the characteristics of collaborative KMS in order to ensure that Role Based Access Control (RBAC) is competent to perform as a security model for KMS and at the same time maintain the advantages of such collaborative system. Consequently, the model of Role Based Access Control- Knowledge Management System (RBAC-KMS) has been formulated which concerning three elements; RBAC, KMS and Information Security (IS). Moreover, the quality dimension model also has been constructed which can be the metrics for quality measurement of RBAC-KMS

Tracking and data relay satellite fault isolation and correction using PACES: Power and attitude control expert system

The Power and Attitude Control Expert System (PACES) is an object oriented and rule based expert system which provides spacecraft engineers with assistance in isolating and correcting problems within the Power and Attitude Control Subsystems of the Tracking and Data Relay Satellites (TDRS). PACES is designed to act in a consultant role. It will not interface to telemetry data, thus preserving full operator control over spacecraft operations. The spacecraft engineer will input requested information. This information will include telemetry data, action being performed, problem characteristics, spectral characteristics, and judgments of spacecraft functioning. Questions are answered either by clicking on appropriate responses (for text), or entering numeric values. A context sensitive help facility allows access to additional information when the user has difficulty understanding a question or deciding on an answer. The major functionality of PACES is to act as a knowledge rich system which includes block diagrams, text, and graphics, linked using hypermedia techniques. This allows easy movement among pieces of the knowledge. Considerable documentation of the spacecraft Power and Attitude Control Subsystems is embedded within PACES. The development phase of TDRSS expert system technology is intended to provide NASA with the necessary expertise and capability to define requirements, evaluate proposals, and monitor the development progress of a highly competent expert system for NASA's Tracking and Data Relay Satellite Program

Geometric driving of two-level quantum systems

We investigate a class of cyclic evolutions for %the cyclic evolution of driven two-level quantum systems (effective spin-1/2) with a particular focus on the geometric characteristics of the driving and their specific imprints on the quantum dynamics. By introducing the concept of geometric field curvature for any field trajectory in the parameter space we are able to unveil underlying patterns in the overall quantum behavior: the knowledge of the field curvature provides a non-standard and fresh access to the interrelation between field and spin trajectories, and the corresponding quantum phases acquired in non-adiabatic cyclic evolutions. In this context, we single out setups in which the driving field curvature can be employed to demonstrate a pure geometric control of the quantum phases. Furthermore, the driving field curvature can be naturally exploited to introduce the geometrical torque and derive a general expression for the total quantum phase acquired in a cycle. Remarkably, such relation allows to access the mechanisms controlling the changeover of the quantum phase across a topological transition and to disentangle the role of the spin and field topological windings. As for implementations, we discuss a series of physical systems and platforms to demonstrate how the geometric control of the quantum phases can be realized for pendular field drivings. This includes setups based on superconducting islands coupled to a Josephson junction and inversion asymmetric nanochannels with suitably tailored geometric shapes.Comment: 13 pages, 5 figure

Indeterminacy-aware prediction model for authentication in IoT.

The Internet of Things (IoT) has opened a new chapter in data access. It has brought obvious opportunities as well as major security and privacy challenges. Access control is one of the challenges in IoT. This holds true as the existing, conventional access control paradigms do not fit into IoT, thus access control requires more investigation and remains an open issue. IoT has a number of inherent characteristics, including scalability, heterogeneity and dynamism, which hinder access control. While most of the impact of these characteristics have been well studied in the literature, we highlighted “indeterminacy” in authentication as a neglected research issue. This work stresses that an indeterminacy-resilient model for IoT authentication is missing from the literature. According to our findings, indeterminacy consists of at least two facets: “uncertainty” and “ambiguity”. As a result, various relevant theories were studied in this work. Our proposed framework is based on well-known machine learning models and Attribute-Based Access Control (ABAC). To implement and evaluate our framework, we first generate datasets, in which the location of the users is a main dataset attribute, with the aim to analyse the role of user mobility in the performance of the prediction models. Next, multiple classification algorithms were used with our datasets in order to build our best-fit prediction models. Our results suggest that our prediction models are able to determine the class of the authentication requests while considering both the uncertainty and ambiguity in the IoT system