501 research outputs found
A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications
Cloud computing is significantly reshaping the computing industry built
around core concepts such as virtualization, processing power, connectivity and
elasticity to store and share IT resources via a broad network. It has emerged
as the key technology that unleashes the potency of Big Data, Internet of
Things, Mobile and Web Applications, and other related technologies, but it
also comes with its challenges - such as governance, security, and privacy.
This paper is focused on the security and privacy challenges of cloud computing
with specific reference to user authentication and access management for cloud
SaaS applications. The suggested model uses a framework that harnesses the
stateless and secure nature of JWT for client authentication and session
management. Furthermore, authorized access to protected cloud SaaS resources
have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component
and a Policy Activity Monitor (PAM) component have been introduced. In
addition, other subcomponents such as a Policy Validation Unit (PVU) and a
Policy Proxy DB (PPDB) have also been established for optimized service
delivery. A theoretical analysis of the proposed model portrays a system that
is secure, lightweight and highly scalable for improved cloud resource security
and management.Comment: 6 Page
A SEMANTIC BASED POLICY MANAGEMENT FRAMEWORK FOR CLOUD COMPUTING ENVIRONMENTS
Cloud computing paradigm has gained tremendous momentum and generated intensive interest.
Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption.
In this dissertation, we mainly focus on issues related to policy management and access control in the cloud.
Currently, users have to use diverse access control mechanisms to protect their data when stored on the cloud service providers (CSPs).
Access control policies may be specified in different policy languages and heterogeneity of access policies pose significant problems.An ideal policy management system should be able to work with all data regardless of where they are stored.
Semantic Web technologies when used for policy management, can help address the crucial issues of interoperability of heterogeneous CSPs.
In this dissertation, we propose a semantic based policy management framework for cloud computing environments which consists of two main components, namely policy management and specification component and policy evolution component.
In the policy management and specification component, we first introduce policy management as a service (PMaaS), a cloud based policy management framework that give cloud users a unified control point for specifying authorization policies, regardless of where the data is stored. Then, we present semantic based policy management framework which enables users to specify access control policies using semantic web technologies and helps address heterogeneity issues of cloud computing environments.
We also model temporal constraints and restrictions in GTRBAC using OWL and show how ontologies can be used to specify temporal constraints.
We present a proof of concept implementation of the proposed framework and provide some performance evaluation.
In the policy evolution component, we propose to use role mining techniques to deal with policy evolution issues and present StateMiner, a heuristic algorithm to find an RBAC state as close as possible to both the deployed RBAC state and the optimal state. We also implement the proposed algorithm and perform some experiments to demonstrate its effectiveness
Blockchain-based Access Control for Secure Smart Industry Management Systems
Smart manufacturing systems involve a large number of interconnected devices
resulting in massive data generation. Cloud computing technology has recently
gained increasing attention in smart manufacturing systems for facilitating
cost-effective service provisioning and massive data management. In a
cloud-based manufacturing system, ensuring authorized access to the data is
crucial. A cloud platform is operated under a single authority. Hence, a cloud
platform is prone to a single point of failure and vulnerable to adversaries.
An internal or external adversary can easily modify users' access to allow
unauthorized users to access the data. This paper proposes a role-based access
control to prevent modification attacks by leveraging blockchain and smart
contracts in a cloud-based smart manufacturing system. The role-based access
control is developed to determine users' roles and rights in smart contracts.
The smart contracts are then deployed to the private blockchain network. We
evaluate our solution by utilizing Ethereum private blockchain network to
deploy the smart contract. The experimental results demonstrate the feasibility
and evaluation of the proposed framework's performance
Blockchain for IoT Access Control: Recent Trends and Future Research Directions
With the rapid development of wireless sensor networks, smart devices, and
traditional information and communication technologies, there is tremendous
growth in the use of Internet of Things (IoT) applications and services in our
everyday life. IoT systems deal with high volumes of data. This data can be
particularly sensitive, as it may include health, financial, location, and
other highly personal information. Fine-grained security management in IoT
demands effective access control. Several proposals discuss access control for
the IoT, however, a limited focus is given to the emerging blockchain-based
solutions for IoT access control. In this paper, we review the recent trends
and critical needs for blockchain-based solutions for IoT access control. We
identify several important aspects of blockchain, including decentralised
control, secure storage and sharing information in a trustless manner, for IoT
access control including their benefits and limitations. Finally, we note some
future research directions on how to converge blockchain in IoT access control
efficiently and effectively
ForensiBlock: A Provenance-Driven Blockchain Framework for Data Forensics and Auditability
Maintaining accurate provenance records is paramount in digital forensics, as
they underpin evidence credibility and integrity, addressing essential aspects
like accountability and reproducibility. Blockchains have several properties
that can address these requirements. Previous systems utilized public
blockchains, i.e., treated blockchain as a black box, and benefiting from the
immutability property. However, the blockchain was accessible to everyone,
giving rise to security concerns and moreover, efficient extraction of
provenance faces challenges due to the enormous scale and complexity of digital
data. This necessitates a tailored blockchain design for digital forensics. Our
solution, Forensiblock has a novel design that automates investigation steps,
ensures secure data access, traces data origins, preserves records, and
expedites provenance extraction. Forensiblock incorporates Role-Based Access
Control with Staged Authorization (RBAC-SA) and a distributed Merkle root for
case tracking. These features support authorized resource access with an
efficient retrieval of provenance records. Particularly, comparing two methods
for extracting provenance records off chain storage retrieval with Merkle root
verification and a brute-force search the offchain method is significantly
better, especially as the blockchain size and number of cases increase. We also
found that our distributed Merkle root creation slightly increases smart
contract processing time but significantly improves history access. Overall, we
show that Forensiblock offers secure, efficient, and reliable handling of
digital forensic dataComment: This work has been submitted to the IEEE for possible publication.
Copyright may be transferred without notice, after which this version may no
longer be accessibl
Deep Learning meets Blockchain for Automated and Secure Access Control
Access control is a critical component of computer security, governing access
to system resources. However, designing policies and roles in traditional
access control can be challenging and difficult to maintain in dynamic and
complex systems, which is particularly problematic for organizations with
numerous resources. Furthermore, traditional methods suffer from issues such as
third-party involvement, inefficiency, and privacy gaps, making transparent and
dynamic access control an ongoing research problem. Moreover detecting
malicious activities and identifying users who are not behaving appropriately
can present notable difficulties. To address these challenges, we propose
DLACB, a Deep Learning Based Access Control Using Blockchain, as a solution to
decentralized access control. DLACB uses blockchain to provide transparency,
traceability, and reliability in various domains such as medicine, finance, and
government while taking advantage of deep learning to not rely on predefined
policies and eventually automate access control. With the integration of
blockchain and deep learning for access control, DLACB can provide a general
framework applicable to various domains, enabling transparent and reliable
logging of all transactions. As all data is recorded on the blockchain, we have
the capability to identify malicious activities. We store a list of malicious
activities in the storage system and employ a verification algorithm to
cross-reference it with the blockchain. We conduct measurements and comparisons
of the smart contract processing time for the deployed access control system in
contrast to traditional access control methods, determining the time overhead
involved. The processing time of DLBAC demonstrates remarkable stability when
exposed to increased request volumes.Comment: arXiv admin note: text overlap with arXiv:2303.1475
- …