Dependencies and Separation of Duty Constraints in GTRBAC

A Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC’s language constructs allow one to specify various temporal constraints on role, user-role assignments and role-permission assignments. In this paper, we identify various time-constrained cardinality, control flow dependency and separation of duty constraints (SoDs). Such constraints allow specification of dynamically changing access control requirements that are typical in today’s large systems. In addition to allowing specification of time, the constraints introduced here also allow expressing access control policies at a finer granularity. The inclusion of control flow dependency constraints allows defining much stricter dependency requirements that are typical in workflow types of applications

Blockchain based auditable access control for distributed business processes

The use of blockchain technology has been proposed to provide auditable access control for individual resources. However, when all resources are owned by a single organization, such expensive solutions may not be needed. In this work we focus on distributed applications such as business processes and distributed workflows. These applications are often composed of multiple resources/services that are subject to the security and access control policies of different organizational domains. Here, blockchains can provide an attractive decentralized solution to provide auditability. However, the underlying access control policies may be overlapping in terms of the component conditions/rules, and simply using existing solutions would result in repeated evaluation of user’s authorization separately for each resource, leading to significant overhead in terms of cost and computation time over the blockchain. To address this challenge, we propose an approach that formulates a constraint optimization problem to generate an optimal composite access control policy. This policy is in compliance with all the local access control policies and minimizes the policy evaluation cost over the blockchain. The developed smart contract(s) can then be deployed to the blockchain, and used for access control enforcement. We also discuss how the access control enforcement can be audited using a game-theoretic approach to minimize cost. We have implemented the initial prototype of our approach using Ethereum as the underlying blockchain and experimentally validated the effectiveness and efficiency of our approach

Potential Assessment and Economic Analysis of Concentrated Solar Power against Solar Photovoltaic Technology

Competition between concentrated solar power and solar photovoltaic has been the subject of frequent debate in recent years based on their cost of fabrication, efficiency, storage, levelized cost of energy, reliability, and complexity of respective technologies. Taking Pakistan as a testbed, a study was conducted to determine which technology is economical in a particular location and climate. The study assesses the meteorological, orographic, and spatial factors that impact the performance and cost of both renewable energy systems. A SWOT analysis, followed by technoeconomic analyses, was conducted to determine suitable sites for setting up solar power plants in Pakistan. A detailed assessment of siting factors for solar power plants was conducted to shortlist the most suitable sites. Based on the results, economic analysis was performed to install 100 MW photovoltaic and parabolic trough power plants at selected locations. The levelized cost of energy for the 100 MW parabolic trough is 10.8 cents/kWh and 12 cents/kWh in best-case scenarios, i.e., for locations of Toba and Quetta, respectively, whereas the LCOEs of 100 MW photovoltaic systems stand comparatively low at 7.36 cents/kWh, 7.21 cents/kWh, 7.01 cents/kWh, 6.82 cents/kWh, 6.02 cents/kWh, and 5.95 cents/kWh in Multan, Bahawalpur, Rahim Yar Khan, Hyderabad, Quetta, and Toba, respectively. The results favor choosing solar PV plants over solar CSP plants in terms of finances in the selected regions. The findings will assist financiers and policymakers in creating better policies in terms of long-term goals.publishedVersio

Access control management and security in multi-domain collaborative environments

With the increase in information and data accessibility, there is a growing concern for security and privacy of data. In large corporate Intranets, the insider attack is a major security problem. Numerous studies have shown that unauthorized accesses, in particular by insiders, pose a major security threat for distributed enterprise environments. This problem is highly magnified in a multi-domain environment that spans multiple enterprises collaborating to meet their business requirements. The challenge is in developing new or extending existing security models for efficient security management and administration in multi-domain environments that allow extensive interoperation among individuals or systems belonging to different security domains. In this dissertation, we have addressed the issue of secure interoperation from policy management perspective. In particular, we have developed a policy-based framework that allows secure information and resource sharing in multi-domain environments supporting both tightly-coupled and loosely-coupled collaborations. The level of coupling in such environments is characterized by the degree of interoperation, the level of trust among domains, and the security, autonomy, and privacy requirements of the collaborating domains. The proposed framework provides efficient solutions and strategies for ensuring secure interoperation in both tightly-coupled and loosely-coupled multi-domain environments. This framework is designed for distributed systems that employ role based access control (RBAC) policies, and therefore addresses the secure interoperability requirements of emerging distributed application systems

Data and Applications Security and Privacy XXVII: 27th Annual IFIP WG 11.3 Conference, DBSec 2013, Newark, NJ, USA, July 15-17, 2013

International audienceBook Front Matter of LNCS 796

Data and Applications Security and Privacy XXVII27th Annual IFIP WG 11.3 Conference, DBSec 2013, Newark, NJ, USA, July 15-17, 2013. Proceedings /

XIV, 305 p. 71 illus.online resource