Canonical Completeness in Lattice-Based Languages for Attribute-Based Access Control

The study of canonically complete attribute-based access control (ABAC) languages is relatively new. A canonically complete language is useful as it is functionally complete and provides a "normal form" for policies. However, previous work on canonically complete ABAC languages requires that the set of authorization decisions is totally ordered, which does not accurately reflect the intuition behind the use of the allow, deny and not-applicable decisions in access control. A number of recent ABAC languages use a fourth value and the set of authorization decisions is partially ordered. In this paper, we show how canonical completeness in multi-valued logics can be extended to the case where the set of truth values forms a lattice. This enables us to investigate the canonical completeness of logics having a partially ordered set of truth values, such as Belnap logic, and show that ABAC languages based on Belnap logic, such as PBel, are not canonically complete. We then construct a canonically complete four-valued logic using connections between the generators of the symmetric group (defined over the set of decisions) and unary operators in a canonically suitable logic. Finally, we propose a new authorization language $\text{PTaCL}_{\sf 4}^{\leqslant}$, an extension of PTaCL, which incorporates a lattice-ordered decision set and is canonically complete. We then discuss how the advantages of $\text{PTaCL}_{\sf 4}^{\leqslant}$ can be leveraged within the framework of XACML

From Conventional to State-of-the-Art IoT Access Control Models

open access articleThe advent in Online Social Networks (OSN) and Internet of Things (IoT) has created a new world of collaboration and communication between people and devices. The domain of internet of things uses billions of devices (ranging from tiny sensors to macro scale devices) that continuously produce and exchange huge amounts of data with people and applications. Similarly, more than a billion people are connected through social networking sites to collaborate and share their knowledge. The applications of IoT such as smart health, smart city, social networking, video surveillance and vehicular communication are quickly evolving people’s daily lives. These applications provide accurate, information-rich and personalized services to the users. However, providing personalized information comes at the cost of accessing private information of users such as their location, social relationship details, health information and daily activities. When the information is accessible online, there is always a chance that it can be used maliciously by unauthorized entities. Therefore, an effective access control mechanism must be employed to ensure the security and privacy of entities using OSN and IoT services. Access control refers to a process which can restrict user’s access to data and resources. It enforces access rules to grant authorized users an access to resources and prevent others. This survey examines the increasing literature on access control for traditional models in general, and for OSN and IoT in specific. Challenges and problems related to access control mechanisms are explored to facilitate the adoption of access control solutions in OSN and IoT scenarios. The survey provides a review of the requirements for access control enforcement, discusses several security issues in access control, and elaborates underlying principles and limitations of famous access control models. We evaluate the feasibility of current access control models for OSN and IoT and provide the future development direction of access control for the sam

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

Towards Automatic Repair of XACML Policies

In a complex information system, controlling the access to resources is challenging. As a new generation of access control techniques, Attribute-Based Access Control (ABAC) can provide more flexible and fine-grained access control than Role-Based-Access Control (RBAC). XACML (eXtensible Access Control Markup Language) is an industrial standard for specifying ABAC policies. XACML policies tend to be complex because of the great variety of attribute types for fine-grained access control. This means that XACML policies are prone to errors and difficult to debug. This paper presents a first attempt at automating the debugging process of XACML policies. Two techniques are used for this purpose: fault localization and mutation-based policy repair. Fault localization produces an ordered list of suspicious policy elements by correlating the test results and the test coverage information. Mutation-based policy repair searches for potential fixes by mutating suspicious policy elements with predefined mutation operators. Empirical studies show that the proposed approach is able to repair various faulty XACML policies with one or two seeded faults. Among the scoring methods for fault localization that are studied in the experiment, Naish2 and CBI-Inc are the most efficient

Towards assessing information privacy in microblogging online social networks. The IPAM framework

Les xarxes socials en línia incorporen diferents formes de comunicació interactiva com serveis de microblogs, compartició de fitxers multimèdia o xarxes de contactes professionals. En els últims anys han augmentat els escàndols públics en relació amb pràctiques qüestionables de la indústria de les xarxes socials pel que fa a la privacitat. Així, doncs, cal una avaluació efectiva i eficient del nivell de privacitat en les xarxes socials en línia. El focus de la present tesi és la construcció d'un esquema (IPAM) per a identificar i avaluar el nivell de privacitat proporcionat per les xarxes socials en línia, en particular per als serveis de microblogs. L'objectiu d'IPAM és ajudar els usuaris a identificar els riscos relacionats amb les seves dades. L'esquema també permet comparar el nivell de protecció de la privacitat entre diferents sistemes analitzats, de manera que pugui ser també utilitzat per proveïdors de servei i desenvolupadors per a provar i avaluar els seus sistemes i si les tècniques de privacitat usades són eficaces i suficients.Las redes sociales en línea incorporan diferentes formas de comunicación interactiva como servicios de microblogueo, compartición de ficheros multimedia o redes de contactos profesionales. En los últimos años han aumentado los escándalos públicos relacionados con prácticas cuestionables de la industria de las redes sociales en relación con la privacidad. Así pues, es necesaria una evaluación efectiva y eficiente del nivel de privacidad en las redes sociales en línea. El foco de la presente tesis es la construcción de un esquema (IPAM) para identificar y evaluar el nivel de privacidad proporcionado por las redes sociales en línea, en particular para los servicios de microblogueo. El objetivo de IPAM es ayudar a los usuarios a identificar los riesgos relacionados con sus datos. El esquema también permite comparar el nivel de protección de la privacidad entre diferentes sistemas analizados, de modo que pueda ser también utilizado por proveedores de servicio y desarrolladores para probar y evaluar sus sistemas y si las técnicas de privacidad usadas son eficaces y suficientes.Online social networks (OSNs) incorporate different forms of interactive communication, including microblogging services, multimedia sharing and business networking, among others. In recent years there has been an increase in the number of privacy-related public scandals involving questionable data handling practices in OSNs. This situation calls for an effective and efficient evaluation of the privacy level provided by such services. In this thesis, we take initial steps towards developing an information privacy assessment framework (IPAM framework) to compute privacy scores for online social networks in general, and microblogging OSNs in particular. The aim of the proposed framework is to help users identify personal data-related risks and how their privacy is protected when using one OSN or another. The IPAM framework also allows for a comparison between different systems' privacy protection level. This gives system providers, not only an idea of how they are positioned in the market vis-à-vis their competitors, but also recommendations on how to enhance their services