Yan Li,Huiping Sun,Zhong Chen,Jinqiang Ren,Haining Luo

DOI: https://doi.org/10.1109/SecTech.2008.50

2008-01-01

Abstract:With the development of grid technology, sensitive files and data protection become difficult tasks multi-domains. Traditional access control mechanisms are not suitable to such distributed environment. Several models and mechanisms utilize trust to assist access control decision. But few explicitly consider trust and risk as two separate factors which affect interactions between peers. In this paper, we present a novel mechanism which considers both trust and risk as two vital parameters to assist access control decision. In addition, a novel model of trust evaluation is proposed to represent the confidence in the peer. And to appease people’s anxiety about loss, a new model of risk assessment is also presented to indicate impacts on resources. At the end of this paper, simulation results will indicate that our mechanism is able to secure local system more efficiently and reliably.

HL Hu,D Chen,CQ Huang

DOI: https://doi.org/10.1007/11428862_31

2005-01-01

Abstract:The open and anonymous of grid make the task of controlling access to sharing information more difficult, which cannot be addressed by traditional access control methods. In this paper, we identify access control requirements in such environments and propose a trust based access control framework for grid resource sharing. The framework is an integrated solution involving aspects of trust and recommendation models, based the discretionary access control (DAC), and are applied to grid resource-sharing systems. In this paper, we integrate technology of web services into idea of trust for describing resources.

XL Li,ZW Xu,XW Liu,N Yang

DOI: https://doi.org/10.1109/wi.2003.1241240

2003-01-01

Abstract:It is a challenge to integrate and share resources securely across multiple autonomous administrative domains environment. We introduce the community-based model of vega enterprise information grid and its operation mechanism. The individuals and/or institutes forming different communities can not only implement diverse policies and autonomous management of resource sharing without any impact on the other communities, but also achieve a globally shared goal. Based on the model, the access control technique, including framework and uniform formalizing, is presented in detail. The static or dynamic role binding is used for entitling user's request for accessing resources within or across communities, which ensures a globally unified view for user. A prototype describes how these techniques are useful in building an enterprise information grid. The evaluation and future continuing works are presented in the conclusion.

Wenjuan Li,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1109/iceie.2010.5559829

2010-01-01

Abstract:Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.

Xiyuan Chen,Yang OUYang,Miaoliang Zhu,Yan He

DOI: https://doi.org/10.1109/ICYCS.2008.407

2008-01-01

Abstract:The emerging grid infrastructure presents many challenging security issues that demand new access approach due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. In order to protect the secure sharing and coordinated use of diverse resources in distributed "virtual organizations", fine-grained access control in grid computing is therefore very necessary and important. In this paper, a semantic-aware access conrtol(SAAC) extending the RBAC with the semantic specification is proposed. Supplying semantic specification by the implementation of semantic inference engine (SIE), the administration for the applicability of users' role memberships to particular permissions is much more easy and precise. The enforcement of the SAAC model for grid application is presented. An experimental evaluation of its overheads is also described.

Wenjuan Li,Lingdi Ping

DOI: https://doi.org/10.1007/978-3-642-10665-1_7

2009-01-01

Abstract:Trust is one of the most important means to improve security and enable interoperability of current heterogeneous independent cloud platforms. This paper first analyzed several trust models used in large and distributed environment and then introduced a novel cloud trust model to solve security issues in cross-clouds environment in which cloud customer can choose different providers' services and resources in heterogeneous domains can cooperate. The model is domain-based. It divides one cloud provider's resource nodes into the same domain and sets trust agent. It distinguishes two different roles cloud customer and cloud server and designs different strategies for them. In our model, trust recommendation is treated as one type of cloud services just like computation or storage. The model achieves both identity authentication and behavior authentication. The results of emulation experiments show that the proposed model can efficiently and safely construct trust relationship in cross-clouds environment.

Ming Zhao,Jinqiang Ren,Huiping Sun,Suming Li,Zhong Chen

DOI: https://doi.org/10.1109/icycs.2008.226

2008-01-01

Abstract:In ubiquitous computing environment, resources become invisible, heterogeneous and anywhere. Traditional access control mechanism could not handle such dynamic and complex environment. In our proposed work, we view access control mechanism as a non-cooperative game. Thus, a game theoretic model for access control has been proposed to assist such mechanism. Different from traditional one, which depended on complex policies for decision-making, our model uses game theory to evaluate all possible results and select the most expected one as final decision. In the end, a practical example has been presented and its result shows that our access control model is more suitable for nowadays dynamic access control environment.

Fangwei Li,Yongchuan Tang,Jiang Zhu

DOI: https://doi.org/10.4304/jnw.8.8.1845-1851

2013-01-01

Abstract:In order to improve the resource utilization in asymmetric wireless networks, a novel dynamic resource access algorithm was presented. As the asymmetry of information and the locality of users' actions in distributed wireless networks, the resource access problem was expressed as a simple graphical game model. Let the graphic topology indicate the internal game structure of the realistic environment. Then the Nash equilibrium was got by minimizing the individual regret instead of the system regret. The proposed algorithm realized efficient resource access through exchanging the active information and regret in the competitive community. Theoretical analysis and simulation results show that the algorithm can converge to a suitable pure strategy Nash equilibrium point quickly with less amount of calculation, avoids conflict effectively, and improves the system capacity and power utilization especially in the condition of insufficient resources

Lu Chen,Qing Zhou,Gaofeng Huang,Liqiang Zhang

DOI: https://doi.org/10.1109/CIS.2014.47

2014-01-01

Abstract:Resource sharing is one of the main applications of network. How to establish a trust relationship between resources requestor and provider, and enforce authority is the key issue of efficient resource sharing. Existing models and methods are mostly focus on identity, recommendation and other information, but lack of the considering of resource requestor's conduct and environment of computing. And once authorized, it will not be able to track and control user behavior dynamically. It may cause more risks when sharing resources. Aiming to resolve the above problems, a trust-role based context aware access control model is proposed relying on the measurement and verification of the \"trust credentials and evidences\" which embody the context information of user behavior and platform environment to achieve the security, dependable and dynamic access control for resource sharing.

Binyong Li,Fan Yang,Shaowei Zhang

DOI: https://doi.org/10.3390/math12162541

IF: 2.4

2024-08-19

Mathematics

Abstract:Traditional access control systems exhibit limitations in providing flexible authorization and fine-grained access in the face of increasingly complex and dynamic access scenarios. This paper proposes a context-aware risk access control model to address these challenges. By developing a multi-level contextual risk indicator system, the model comprehensively considers real-time contextual information associated with access requests, dynamically evaluates the risk level of these requests, and compares the outcomes with predefined risk policies to facilitate access decisions. This approach enhances the dynamism and flexibility of access control. To improve the accuracy and reliability of risk assessments, we propose a combination weighting method grounded in game theory. This method reconciles subjective biases and the limitations of objective data by integrating both subjective and objective weighting techniques, thus optimizing the determination process for risk factor weights. Furthermore, smart contracts are introduced to monitor user behavior during access sessions, thereby preventing malicious attacks and the leakage of sensitive information. Finally, the model's performance and authorization granularity are assessed through empirical experiments. The results indicate that the model effectively addresses the requirements of dynamic and fine-grained access scenarios, improving the system's adaptability to risk fluctuations while safeguarding sensitive information.

mathematics

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/icc.2011.5963329

2011-01-01

Communications

Abstract:The rapid development of applications running on global information infrastructure poses the problem of securing information sharing among domain collaborations. Existing access control models are defective in dynamic authorization based on user's trustworthiness and do not take full advantages of the infrastructure in implementing access control system. In this work, we propose a trust and role based access control model and the corresponding framework in infrastructure-centric environment. With the extension to RBAC model, trust level requirements, which dictate that the roles in the privilege context must be activated by the trustworthy user, can be specified. The comprehensive trust model, which calculates the user's trust level in multiple trust contexts based on behavior histories, is proposed. Moreover, by taking advantages of the infrastructure services, our scheme is flexible and scalable in that system administrators are free to choose custom scoring functions while the infrastructure trust evaluation services are relieved of the heavy burdens of history record maintenance and trust level update.

Fujun Feng,Chuang Lin,Dongsheng Peng,Junshan Li

DOI: https://doi.org/10.1109/HPCC.2008.37

2008-01-01

Abstract:In order to overcome the limitations in traditional access control models such as identity-based access control and meet the access requirements in distributed systems, we propose a Trust and Context based Access Control model called TCAC, it extends the traditional RBAC (role based access control) model with the notion of trust and context. Role assignment in TCAC is based on the trustworthiness and context information of users. The TCAC model is flexible, scalable, and well suitable for the dynamic and distributed systems. Then we provide a trust evaluation mechanism based on the local and global reputation to compute the trust value of a user in distributed system, which can avoid malicious nodes behave correctly in order to get the highest possible trust value. Finally an implementation framework of the access control system based on TCAC is described.

Xu Jing,Zhengnan Liu,Shuqin Li,Bin Qiao,Gexu Tan

DOI: https://doi.org/10.1007/s13198-015-0411-1

2015-12-22

International Journal of System Assurance Engineering and Management

Abstract:In traditional role-based access control (RBAC) model, the permission is bound with identity statically, without being dynamically adjusted by user behavior. Cloud users distribute widely and constitute complex and have legitimate identity whose behavior may be incredible, but any attack is achieved through malicious behavior. The cloud-user behavior assessment based dynamic access control model was proposed by introducing user behavior risk value, user trust degree and other factors into RBAC. First, the times of threat behavior was introduced into the information security risk equation to improve the accuracy of user behavior risk value. Then, both the times of threat behavior and the uneven interval of risk threshold were introduced the trust model based on behavior risk evolution to improve the accuracy of user trust degree. Finally, the dynamic authorization was achieved by mapping trust level and permissions. By the simulation experiment in a small campus cloud system, it can be shown that the change of user behavior risk value and user trust degree is more rational under different times and frequencies of threat behavior, and dynamic authorization is flexible by mapping the risk level and the user permissions.

Pingping LIU,Linying YAN

DOI: https://doi.org/10.3969/j.issn.1672-9722.2016.02.025

2016-01-01

Abstract:To guarantee the data security in cloud computing ,the role‐based access control model and trust‐based access control model are combined in this paper ,and a hybrid model based on "trust‐role" is proposed .The model introduces the calculation of the trust value on the base of role‐based access control ,so that it is required for verification of the trust value and obtain access to data .It is proved this model can effectively solve the legitimate access to data in the cloud ,and protect the security problem of data in cloud computing .

Xinxin Fan,Ling Liu,Rui Zhang,Quanliang Jing,Jingping Bi

DOI: https://doi.org/10.48550/arXiv.1909.11355

2019-09-25

Abstract:Decentralized trust management is used as a referral benchmark for assisting decision making by human or intelligence machines in open collaborative systems. During any given period of time, each participant may only interact with a few of other participants. Simply relying on direct trust may frequently resort to random team formation. Thus, trust aggregation becomes critical. It can leverage decentralized trust management to learn about indirect trust of every participant based on past transaction experiences. This paper presents alternative designs of decentralized trust management and their efficiency and robustness from three perspectives. First, we study the risk factors and adverse effects of six common threat models. Second, we review the representative trust aggregation models and trust metrics. Third, we present an in-depth analysis and comparison of these reference trust aggregation methods with respect to effectiveness and robustness. We show our comparative study results through formal analysis and experimental evaluation. This comprehensive study advances the understanding of adverse effects of present and future threats and the robustness of different trust metrics. It may also serve as a guideline for research and development of next generation trust aggregation algorithms and services in the anticipation of risk factors and mischievous threats.

Social and Information Networks,Cryptography and Security

Zhu Chang-sheng,Gao Ying-ying,Lei Qian,Wang Qing-rong

DOI: https://doi.org/10.1109/CINC.2010.5643720

2010-01-01

Abstract:Fuzzy set has become the focus method of trust model. Based on the exisdng research, this trust model give a description of the trust with fuzzy set theory, and trust assessment is separated two aspects which are subjective trust assessment and objective environment impact. In order to adapt to the dynamic of credibility, we use close function which from fuzzy set and distributed storage method in trust update model. Simulation experiment results show that this model is effective and rational. ©2010 IEEE.

Fujun Feng,Chuang Lin,Junshan Li

DOI: https://doi.org/10.1109/NSWCTC.2009.405

2009-01-01

Abstract:Trustworthy network is the inevitable trend in the development of high trusted computing and Internet. It is beyond the traditional information security including confidentiality, integrity and availability, but on the survivability and controllability. Trustworthiness of users on identity and behaviors is very important for trustworthy network, which can be realized by access control technology. Firstly, we discuss the security requirements of access control in trustworthy network. Then we propose a Trust and Context based Access Control (TCAC) model, and describe the core, hierarchical and constrained TCAC in detail. Finally, a trust evaluation mechanism is presented.

LIN Chuang,FENG Fu-Jun,LI Jun-Shan

2007-01-01

Abstract:Access control is an important technology for system security, and its mechanism is different for different networks. This paper first introduces the characteristics and applications of three traditional access control policies which are DAC (discretionary access control), MAC (mandatory access control) and RBAC (role-based access control), introduces the UCON (usage control) model, and then analyzes access control technology and current researches in Grid, P2P and wireless environment respectively. In addition, this paper proposes that trustworthy networks as the developing goal of the next generation Internet require using trust-based the access control model to assure security. This paper investigates on the trust and reputation model in detail, and finally gives the prospects of access control.

LIN Chuang,FENG Fu-Jun,LI Jun-Shan

DOI: https://doi.org/10.1360/jos180955

2007-01-01

Abstract:Access control is an important technology for system security, and its mechanism is different for different networks. This paper first introduces the characteristics and applications of three traditional access control policies which are DAC (discretionary access control), MAC (mandatory access control) and RBAC (role-based access control), introduces the UCON (usage control) model, and then analyzes access control technology and current researches in Grid, P2P and wireless environment respectively. In addition, this paper proposes that trustworthy networks as the developing goal of the next generation Internet require using trust-based the access control model to assure security. This paper investigates on the trust and reputation model in detail, and finally gives the prospects of access control.

Jeffrey Pawlick,Juntao Chen,Quanyan Zhu

DOI: https://doi.org/10.48550/arXiv.1805.00403

2018-11-15

Abstract:The cloud-enabled Internet of controlled things (IoCT) envisions a network of sensors, controllers, and actuators connected through a local cloud in order to intelligently control physical devices. Because cloud services are vulnerable to advanced persistent threats (APTs), each device in the IoCT must strategically decide whether to trust cloud services that may be compromised. In this paper, we present iSTRICT, an interdependent strategic trust mechanism for the cloud-enabled IoCT. iSTRICT is composed of three interdependent layers. In the cloud layer, iSTRICT uses FlipIt games to conceptualize APTs. In the communication layer, it captures the interaction between devices and the cloud using signaling games. In the physical layer, iSTRICT uses optimal control to quantify the utilities in the higher level games. Best response dynamics link the three layers in an overall "game-of-games," for which the outcome is captured by a concept called Gestalt Nash equilibrium (GNE). We prove the existence of a GNE under a set of natural assumptions and develop an adaptive algorithm to iteratively compute the equilibrium. Finally, we apply iSTRICT to trust management for autonomous vehicles that rely on measurements from remote sources. We show that strategic trust in the communication layer achieves a worst-case probability of compromise for any attack and defense costs in the cyber layer.

Cryptography and Security