Access control technologies for Big Data management systems: literature review and future trends

Abstract Data security and privacy issues are magnified by the volume, the variety, and the velocity of Big Data and by the lack, up to now, of a reference data model and related data manipulation languages. In this paper, we focus on one of the key data security services, that is, access control, by highlighting the differences with traditional data management systems and describing a set of requirements that any access control solution for Big Data platforms may fulfill. We then describe the state of the art and discuss open research issues

Towards Better Understanding of User Authorization Query Problem via Multi-variable Complexity Analysis

User authorization queries in the context of role-based access control have attracted considerable interest in the last 15 years. Such queries are used to determine whether it is possible to allocate a set of roles to a user that enables the user to complete a task, in the sense that all the permissions required to complete the task are assigned to the roles in that set. Answering such a query, in general, must take into account a number of factors, including, but not limited to, the roles to which the user is assigned and constraints on the sets of roles that can be activated. Answering such a query is known to be NP-hard. The presence of multiple parameters and the need to find efficient and exact solutions to the problem suggest that a multi-variate approach will enable us to better understand the complexity of the user authorization query problem (UAQ). In this paper, we establish a number of complexity results for UAQ. Specifically, we show the problem remains hard even when quite restrictive conditions are imposed on the structure of the problem. Our FPT results show that we have to use either a parameter with potentially quite large values or quite a restricted version of UAQ. Moreover, our second FPT algorithm is complex and requires sophisticated, state-of-the-art techniques. In short, our results show that it is unlikely that all variants of UAQ that arise in practice can be solved reasonably quickly in general.Comment: Accepted for publication in ACM Transactions on Privacy and Security (TOPS

Solving the Workflow Satisfiability Problem using General Purpose Solvers

The workflow satisfiability problem (WSP) is a well-studied problem in access control seeking allocation of authorised users to every step of the workflow, subject to workflow specification constraints. It was noticed that the number $k$ of steps is typically small compared to the number of users in the real-world instances of WSP; therefore $k$ is considered as the parameter in WSP parametrised complexity research. While WSP in general was shown to be W[1]-hard, WSP restricted to a special case of user-independent (UI) constraints is fixed-parameter tractable (FPT). However, restriction to the UI constraints might be impractical. To efficiently handle non-UI constraints, we introduce the notion of branching factor of a constraint. As long as the branching factors of the constraints are relatively small and the number of non-UI constraints is reasonable, WSP can be solved in FPT time. Extending the results from Karapetyan et al. (2019), we demonstrate that general-purpose solvers are capable of achieving FPT-like performance on WSP with arbitrary constraints when used with appropriate formulations. This enables one to tackle most of practical WSP instances. While important on its own, we hope that this result will also motivate researchers to look for FPT-aware formulations of other FPT problems.Comment: Associated data: http://doi.org/10.17639/nott.711

Valued Authorization Policy Existence Problem:Theory and Experiments

Recent work has shown that many problems of satisfiability and resiliency in workflows may be viewed as special cases of the authorization policy existence problem (APEP), which returns an authorization policy if one exists and 'No' otherwise. However, in many practical settings it would be more useful to obtain a 'least bad' policy than just a 'No', where 'least bad' is characterized by some numerical value indicating the extent to which the policy violates the base authorization relation and constraints. Accordingly, we introduce the Valued APEP, which returns an authorization policy of minimum weight, where the (non-negative) weight is determined by the constraints violated by the returned solution. We then establish a number of results concerning the parameterized complexity of Valued APEP. We prove that the problem is fixed-parameter tractable (FPT) if the set of constraints satisfies two restrictions, but is intractable if only one of these restrictions holds. (Most constraints known to be of practical use satisfy both restrictions.) We also introduce a new type of resiliency for workflow satisfiability problem, show how it can be addressed using Valued APEP and use this to build a set of benchmark instances for Valued APEP. Following a set of computational experiments with two mixed integer programming (MIP) formulations, we demonstrate that the Valued APEP formulation based on the user profile concept has FPT-like running time and usually significantly outperforms a naive formulation.Comment: 32 pages, 5 figures. Preliminary version appeared in SACMAT 2021 (https://doi.org/10.1145/3450569.3463571). Some of the theoretical results (algorithms) have been improved. Computational experiments have been added to this versio

Enhancing IoT Data Dependability through a Blockchain Mirror Model

The Internet of Things (IoT) is a remarkable data producer and these data may be used to prevent or detect security vulnerabilities and increase productivity by the adoption of statistical and Artificial Intelligence (AI) techniques. However, these desirable benefits are gained if data from IoT networks are dependablethis is where blockchain comes into play. In fact, through blockchain, critical IoT data may be trusted, i.e., considered valid for any subsequent processing. A simple formal model named the Mirror Model is proposed to connect IoT data organized in traditional models to assets of trust in a blockchain. The Mirror Model sets some formal conditions to produce trusted data that remain trusted over time. A possible practical implementation of an application programming interface (API) is proposed, which keeps the data and the trust model in synch. Finally, it is noted that the Mirror Model enforces a top-down approach from reality to implementation instead of going the opposite way as it is now the practice when referring to blockchain and the IoT

Access control and quality attributes of open data: Applications and techniques

Open Datasets provide one of the most popular ways to acquire insight and information about individuals, organizations and multiple streams of knowledge. Exploring Open Datasets by applying comprehensive and rigorous techniques for data processing can provide the ground for innovation and value for everyone if the data are handled in a legal and controlled way. In our study, we propose an argumentation and abductive reasoning approach for data processing which is based on the data quality background. Explicitly, we draw on the literature of data management and quality for the attributes of the data, and we extend this background through the development of our techniques. Our aim is to provide herein a brief overview of the data quality aspects, as well as indicative applications and examples of our approach. Our overall objective is to bring serious intent and propose a structured way for access control and processing of open data with a focus on the data quality aspects

Multi-Stakeholder Consensus Decision-Making Framework Based on Trust and Risk

Indiana University-Purdue University Indianapolis (IUPUI)This thesis combines human and machine intelligence for consensus decision-making, and it contains four interrelated research areas. Before presenting the four research areas, this thesis presents a literature review on decision-making using two criteria: trust and risk. The analysis involves studying the individual and the multi-stakeholder decision-making. Also, it explores the relationship between trust and risk to provide insight on how to apply them when making any decision. This thesis presents a grouping procedure of the existing trust-based multi-stakeholder decision-making schemes by considering the group decision-making process and models. In the first research area, this thesis presents the foundation of building multi-stakeholder consensus decision-making (MSCDM). This thesis describes trust-based multi-stakeholder decision-making for water allocation to help the participants select a solution that comes from the best model. Several criteria are involved when deciding on a solution such as trust, damage, and benefit. This thesis considers Jain's fairness index as an indicator of reaching balance or equality for the stakeholder's needs. The preferred scenario is when having a high trust, low damages and high benefits. The worst scenario involves having low trust, high damage, and low benefit. The model is dynamic by adapting to the changes over time. The decision to select is the solution that is fair for almost everyone. In the second research area, this thesis presents a MSCDM, which is a generic framework that coordinates the decision-making rounds among stakeholders based on their influence toward each other, as represented by the trust relationship among them. This thesis describes the MSCDM framework that helps to find a decision the stakeholders can agree upon. Reaching a consensus decision might require several rounds where stakeholders negotiate by rating each other. This thesis presents the results of implementing MSCDM and evaluates the effect of trust on the consensus achievement and the reduction in the number of rounds needed to reach the final decision. This thesis presents Rating Convergence in the implemented MSCDM framework, and such convergence is a result of changes in the stakeholders' rating behavior in each round. This thesis evaluates the effect of trust on the rating changes by measuring the distance of the choices made by the stakeholders. Trust is useful in decreasing the distances. In the third research area, this thesis presents Rating Convergence in the implemented MSCDM framework, and such convergence is a result of changes in stakeholders' rating behavior in each round. This thesis evaluates the effect of trust on the rating changes by measuring the perturbation in the rating matrix. Trust is useful in increasing the rating matrix perturbation. Such perturbation helps to decrease the number of rounds. Therefore, trust helps to increase the speed of agreeing upon the same decision through the influence. In the fourth research area, this thesis presents Rating Aggregation operators in the implemented MSCDM framework. This thesis addresses the need for aggregating the stakeholders' ratings while they negotiate on the round of decisions to compute the consensus achievement. This thesis presents four aggregation operators: weighted sum (WS), weighted product (WP), weighted product similarity measure (WPSM), and weighted exponent similarity measure (WESM). This thesis studies the performance of those aggregation operators in terms of consensus achievement and the number of rounds needed. The consensus threshold controls the performance of these operators. The contribution of this thesis lays the foundation for developing a framework for MSCDM that facilitates reaching the consensus decision by accounting for the stakeholders' influences toward one another. Trust represents the influence