nach oben

Cluster Computing

Erschienen in:

24.02.2018

Management of access privileges for dynamic access control

verfasst von: Nafei Zhu, Fangbo Cai, Jingsha He, Yixuan Zhang, Wenxin Li, Zhao Li

Erschienen in: Cluster Computing | Sonderheft 4/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Access control is an important security mechanism for the protection of sensitive information and critical system resources. While it has been well-known that traditional access control models (TACMs), such as DAC, MAC, RBAC, etc., are not well suited for open networks due to the lack of dynamism in the management of access privileges, pro-active or dynamic access control models (PACMs) developed in recent years generally suffer from performance problems due to complex evaluation performed prior to access authorization. In game theory based dynamic access control models, which are one type of dynamic models, each access is modeled as a game that is played between the accessing subject and the accessed or protected object and the result of the play serves as the basis for making the authorization decision. Thus, delay is unavoidably introduced into the authorization process due to such pre-access evaluation. To overcome the shortcomings of TACMs and PACMs simultaneously, in this paper, we propose a new access control model called ISAC that, unlike all present access control models, is used not as a mechanism for access authorization but one for dynamic management of access privileges upon the completion of each access with the result being an updated set of access privileges for the accessing subject and used for updating the corresponding access control list for the subject. Access authorization will still be performed in the same way as that in the traditional access control models. Thus, ISAC offers the advantages of both traditional access control models in performance and pro-active access control models in dynamism. We will apply incomplete information static game to the development of ISAC in which we will show that there exists at least one Bayesian Nash equilibrium for the game play, which is the theoretical foundation for ISAC. We will also describe a framework design and an example implementation to illustrate the application of ISAC to access control. At last, we will present some experimental results to show that while maintaining the effectiveness of dynamic access control through the management of access privileges, ISAC can achieve the performance of traditional access control models.

Vorheriger Artikel Research on speech separation technology based on deep learning

Nächster Artikel RETRACTED ARTICLE: Research on agricultural products supply chain inspection system based on internet of things

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Lampson, B.W.: Protection. Proceeding of the 5th Princeton Symposium on Information Sciences and Systems, Princeton, NJ, pp. 437–443 (1971)

Snyder, L.: Formal models of capability-based protection systems. IEEE Trans. Comput. 30, 172–181 (1981)CrossRef

Bell, D.E., LaPadula, L.: Secure computer systems: a mathematical model. In: Mitre Corporation, Bedford, MA, vol. 4, pp. 229–263 (1973)

Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Trans. Comput. 29(2), 38–47 (1996)

Ferraiolo, D., Kuhn, D.: Role-based access control. In: Proceeding of the NIST-NSA National (USA) Computer Security Conference, Baltimore, pp. 554–563 (1992)

Corradi, A., Montanari, R., Tibaldi, D.: Context-based access control management in ubiquitous environments. In: Proceeding of the 3rd IEEE International Symposium on Network Computing and Applications, Boston, pp. 253–260 (2004)

Rubart, J.: Context-based access control. Proceeding of the 2005 Symposia on Metainformatics, Esbjerg, pp. 145–156 (2005)

Yao, H., Hu, H., Lu, Z., Li, R.: Dynamic role and context-based access control for grid applications. In: Proceeding of the IEEE Region 10 Conference, Melbourne, pp. 1619–1625 (2005)

Betarte, G., Gatto, A., Martinez, R., Zipitria, F.: ACTkit: a framework for the definition and enforcement of role, content and context-based access control policies. IEEE Latin Am. Trans. 10(3), 1742–1751 (2012)CrossRef

10.

Shebaro, B., Oluwatimi, O., Bertino, E.: Context-based access control systems for mobile devices. IEEE Trans. Depend. Secure Comput. 12(2), 150–163 (2015)CrossRef

11.

Covington, M.J., Sastry, M.R.: A contextual attribute-based access control model. In: Proceedings of the 2006 International Conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part II, Montpellier, pp. 1996–2006 (2006)

12.

Wang, B., Wang, L.: Design of attribute-based access control model for power information systems. Dianli Xitong Zidonghua 31(7), 81–84 (2007)

13.

Kolter, J., Schillinger, R., Pernul, G.: A privacy-enhanced attribute-based access control system. In: Proceeding of the 21st Annual Conference on Data and Applications Security, Redondo, pp. 129–143 (2007)

14.

Yeh, L., Chen, Y., Huang, J.: ABACS: an attribute-based access control system for emergency services over vehicular ad hoc networks. IEEE J. Sel. Areas Commun. 29(3), 630–643 (2011)CrossRef

15.

Xie, X., Ma, H., Li, J., Chen, X.: An efficient ciphertext-policy attribute-based access control towards revocation in cloud computing. J. Univ. Comput. Sci. 19(16), 2349–2367 (2013)

16.

Hu, V., Kuhn, D., Ferraiolo, D.: Attribute-based access control. Computer 48(2), 85–88 (2015)CrossRef

17.

Ma, S., He, J., Shuai, X.: Application of fuzzy comprehensive evaluation method in trust quantification. Int. J. Comput. Intell. Syst. 4(5), 768–776 (2011)CrossRef

18.

Ma, S., He, J., Gao, F.: An access control model based on multi-factors trust. J. Netw. 7(1), 173–178 (2012)

19.

Duan, J., Gao, D., Foh, C., Zhang, H.: TC-BAC: a trust and centrality degree based access control model in wireless sensor networks. Ad Hoc Netw. 11(8), 2675–2692 (2013)CrossRef

20.

Taylor, J.M., Sharif, H.R.: Security challenges and methods for protecting critical infrastructure cyber-physical systems. In: Proceeding of the 2017 International Conference on Selected Topics in Mobile and Wireless Networking, Avignon, pp. 1–6 (2017)

21.

Fudenberg, D., Tirole, J.: Game Theory. MIT Press, Cambridge (1991)MATH

22.

Nash, J.: Equilibrium points in N-person games. Proc. Natl. Acad. Sci. U.S. Am. 36(1), 48–49 (1950)MathSciNetCrossRef

23.

Robert, D.: Game Theory for Applied Economists. Priceton University Press, Priceton (1992)

24.

Chang, S.Y., Hu, Y.C.: SecureMAC: securing wireless medium access control against insider denial-of-service attacks. IEEE Trans. Mob. Comput. 16(12), 3527–3540 (2017)CrossRef

25.

Jang, H., Yun, S.-Y., Shin, J., Yi, Y.: Game theoretic perspective of optimal CSMA. IEEE Trans. Wirel. Commun. 17(1), 194–209 (2018)CrossRef

26.

Shahrokhzadeh, B., Dehghan, M.: A distributed game-theoretic approach for target coverage in visual sensor networks. IEEE Sens. J. 17(22), 7542–7552 (2017)CrossRef

27.

Hao, X., Wang, M., Hou, S., Gong, Q., Liu, B.: Distributed topology control and channel allocation algorithm for energy efficiency in wireless sensor network: from a game perspective. Wirel. Personal Commun. 80(4), 1557–1577 (2015)CrossRef

28.

Zhao, X., Zhang, X., Guo, H., Liu, Q.: The inter-cluster routing algorithm in wireless sensor network based on the game theory. In: Proceeding of the 4th International Conference on Digital Manufacturing and Automation, Qindao, pp. 1477–1480 (2013)

29.

Maani, E., Chen, Z., Katsaggelos, A.: A game theoretic approach to video streaming over peer-to-peer networks. Signal Process. 27(5), 545–554 (2012)

30.

Koutsopoulos, I., Tassiulas, L., Gkatzikis, L.: Client-server games and their equilibria in peer-to-peer networks. Comput. Netw. 67(12), 201–218 (2014)CrossRef

31.

Narang, P., Hota, C.: Game-theoretic strategies for IDS deployment in peer-to-peer networks. Inform. Syst. Front. 17(5), 1017–1028 (2015)CrossRef

32.

Anggorojati, B., Prasad, N., Prasad, R.: An intrusion detection game in access control system for the M2M local cloud platform. In: Proceeding of the 19th Asia-Pacific Conference on Communications, Bali, pp. 345–350 (2013)

33.

Wong, W., Lee, W., Wei, H.: Base on game theory model to improve trust access control in cloud file-sharing system. In: Proceeding of the 10th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Kitakyushu, 702–705 (2014)

34.

Liu, H., Li, X., Xu, M., Mo, R., Ma, J.: A fair data access control towards rational users in cloud storage. Inf. Sci. 418, 258–271 (2017)CrossRef

35.

Palomar E., Alcaide A., Molina E., Zhang Y.: Coalitional games for the management of anonymous access in online social networks. In: Proceeding of the 11th Annual International Conference on Privacy, Security and Trust, Tarragona, pp. 1–10 (2013)

36.

Liu, E., Liu, Z., Shao, F., Zhang, Z.: A game-theoretical approach to multimedia social networks security. Sci. World J. 1, 1–9 (2014)

37.

Zhang, S., Cai, W., Li, Y.: A game theory-based social network access control method. J. Northwest. Polytech. Univ. 29(4), 652–657 (2011). (in Chinese)

38.

Zhang, Y., He, J., Zhao, B., Huang, Z., Liu, R.: Towards more pro-active access control in computer systems and networks. Comput. Secur. 49, 132–146 (2015)CrossRef

39.

Zhang, Y., He, J., Zhao, B., Liu, R.: Application of game theory for dynamic access control in security systems. Int. J. High Perform. Comput. Netw. 9(5/6), 451–461 (2016)CrossRef

40.

Harsanyi, J.C.: Games with incomplete information played by “Bayesian” players. Manage. Sci. 14(3), 159–182 (1967)MathSciNetCrossRef

Titel: Management of access privileges for dynamic access control
verfasst von: Nafei Zhu
Fangbo Cai
Jingsha He
Yixuan Zhang
Wenxin Li
Zhao Li
Publikationsdatum: 24.02.2018
Verlag: Springer US
Erschienen in: Cluster Computing / Ausgabe Sonderheft 4/2019
Print ISSN: 1386-7857
Elektronische ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-018-2018-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Sonderheft 4/2019

Energy minimization in wireless sensor networks by incorporating unequal clusters in multi-sector environment

Error-rate analysis of MIMO MC-IDMA system for frequency-selective channels

A novel energy efficient and scalable hybrid-mac protocol for massive M2M networks

Composite braking AMT shift strategy for extended-range heavy commercial electric vehicle based on LHMM/ANFIS braking intention identification

Sensor fault localization with accumulated residual contribution rate for bridge SHM

Mutual information of massive MIMO systems on block Rayleigh-faded channels