Xu Jing,Zhengnan Liu,Shuqin Li,Bin Qiao,Gexu Tan

DOI: https://doi.org/10.1007/s13198-015-0411-1

2015-12-22

International Journal of System Assurance Engineering and Management

Abstract:In traditional role-based access control (RBAC) model, the permission is bound with identity statically, without being dynamically adjusted by user behavior. Cloud users distribute widely and constitute complex and have legitimate identity whose behavior may be incredible, but any attack is achieved through malicious behavior. The cloud-user behavior assessment based dynamic access control model was proposed by introducing user behavior risk value, user trust degree and other factors into RBAC. First, the times of threat behavior was introduced into the information security risk equation to improve the accuracy of user behavior risk value. Then, both the times of threat behavior and the uneven interval of risk threshold were introduced the trust model based on behavior risk evolution to improve the accuracy of user trust degree. Finally, the dynamic authorization was achieved by mapping trust level and permissions. By the simulation experiment in a small campus cloud system, it can be shown that the change of user behavior risk value and user trust degree is more rational under different times and frequencies of threat behavior, and dynamic authorization is flexible by mapping the risk level and the user permissions.

Mang Su,Anmin Fu,Yan Yu,Guozhen Shi

DOI: https://doi.org/10.1109/trustcom.2016.0299

2016-01-01

Abstract:More and more people prefer to obtain information from cloud. Different users tend to access different resources they interested at anytime across different networks by a variety of equipments. As same as the traditional management of file, the lifecycle theory is still suitable the electronic data in cloud computing. Firstly, we analyze the motivation of access control in cloud, and summarize the security requirements for the data management in the whole lifecycle. Second, we propose a resource-centric dynamic adaptive access control model (RCDA), which is extended from the action-based access control (ABAC). RCDA is able to describe other access control models through the way of customization. Furthermore, we give the scheme for implementation of RCDA. Finally, we make the comparisons between the RCDA and other existing models, and the results indicate that RCDA is able to satisfy the security requirements for the whole lifecycle of data by adaptively adjusting the access control policies.

Rong Jiang,Shanshan Han,Yimin Yu,Weiping Ding

DOI: https://doi.org/10.1016/j.ins.2022.11.102

IF: 8.1

2022-11-25

Information Sciences

Abstract:Access control has been widely adopted by distributed platforms, and its effectiveness is of great importance to the quality of services provided by such platforms. However, traditional access control is difficult to apply to scenarios where authorization changes frequently and to extremely large-scale datasets with limited resources. This paper proposes an access control model based on spectral clustering (SC) and risk (SC-RBAC), which is more suitable for big data medical scenarios. Based on user history access data, an improved SC algorithm is used to cluster doctor users. Then, the user classification is introduced as a parameter into the information entropy to improve the accuracy of quantifying the user's access behavior risk. Finally, based on the accurate risk value of access behavior, we assign access rights to users through the access control function constructed in the paper. Experimental results show that in three different situations, the model proposed in this paper can distinguish the two types of doctors well, the accuracy of the model can reach more than 90%, and it outperforms other access control models.

computer science, information systems

Yuding WANG,Jiahai YANG

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2017.26.059

2017-01-01

Abstract:The key cloud computing characteristics,such as data openness,elasticity,and sharing,complicate data access control.Traditional access control models cannot provide flexible,dynamic access control to large numbers of users with massive data files.This paper presents a data access control model based on the data's role and attribute for cloud computing.An attribute element is assigned to the data to provide role-based access control so that users can be assigned roles based on their own attributes and the tenant's attributes and current status,and can access data with different attributes.The paper illustrates the design of this model and the work processes and provides a theoretical security analysis.The results show that the model can provide dynamic,safe,fine grained access control for users accessing data in a cloud environment.

Binyong Li,Fan Yang,Shaowei Zhang

DOI: https://doi.org/10.3390/math12162541

IF: 2.4

2024-08-19

Mathematics

Abstract:Traditional access control systems exhibit limitations in providing flexible authorization and fine-grained access in the face of increasingly complex and dynamic access scenarios. This paper proposes a context-aware risk access control model to address these challenges. By developing a multi-level contextual risk indicator system, the model comprehensively considers real-time contextual information associated with access requests, dynamically evaluates the risk level of these requests, and compares the outcomes with predefined risk policies to facilitate access decisions. This approach enhances the dynamism and flexibility of access control. To improve the accuracy and reliability of risk assessments, we propose a combination weighting method grounded in game theory. This method reconciles subjective biases and the limitations of objective data by integrating both subjective and objective weighting techniques, thus optimizing the determination process for risk factor weights. Furthermore, smart contracts are introduced to monitor user behavior during access sessions, thereby preventing malicious attacks and the leakage of sensitive information. Finally, the model's performance and authorization granularity are assessed through empirical experiments. The results indicate that the model effectively addresses the requirements of dynamic and fine-grained access scenarios, improving the system's adaptability to risk fluctuations while safeguarding sensitive information.

mathematics

Xin Yang,Abla Smahi,Hui Li,Huayu Zhang,Shuo-Yen Robert Li

DOI: https://doi.org/10.3390/app12189230

2022-01-01

Abstract:Cloud computing provides blockchain a flexible and cost-effective service by on-demand resource sharing, which also introduces additional security risks. Adaptive Cyber Defense (ACD) provides a solution that continuously changes the attack surface according to the cloud environments. The dynamic characteristics of ACDs give defenders a tactical advantage against threats. However, when assessing the effectiveness of ACDs, the structure of traditional security evaluation methods becomes unstable, especially when combining multiple ACD techniques. Therefore, there is still a lack of standard methods to quantitatively evaluate the effectiveness of ACDs. In this paper, we conducted a thorough evaluation with a hierarchical model named SPM. The proposed model is made up of three layers integrating Stochastic Reward net (SRN), Poisson process, and Martingale theory incorporated in the Markov chain. SPM provides two main advantages: (1) it allows explicit quantification of the security with a straightforward computation; (2) it helps obtain the effectiveness metrics of interest. Moreover, the hierarchical architecture of SPM allows each layer to be used independently to evaluate the effectiveness of each adopted ACD method. The simulation results show that SPM is efficient in evaluating various ACDs and the synergy effect of their combination, which thus helps improve the system configuration accordingly.

Tamara Ranković,Miloš Simić,Milan Stojkov,Goran Sladić

DOI: https://doi.org/10.1007/978-3-031-50755-7_41

2024-10-27

Abstract:Proliferation of systems that generate enormous amounts of data and operate in real time has led researchers to rethink the current organization of the cloud. Many proposed solutions consist of a number of small data centers in the vicinity of data sources. That creates a highly complex environment, where strict access control is essential. Recommended access control models frequently belong to the Attribute-Based Access Control (ABAC) family. Flexibility and dynamic nature of these models come at the cost of high policy management complexity. In this paper, we explore whether the administrative overhead can be lowered with resource hierarchies. We propose an ABAC model that incorporates user and object hierarchies. We develop a policy engine that supports the model and present a distributed cloud use case. Findings in this paper suggest that resource hierarchies simplify the administration of ABAC models, which is a necessary step towards their further inclusion in real-world systems.

Cryptography and Security

Yu-liang Shi,Yu Chen,Zhong-min Zhou,Li-zhen Cui

DOI: https://doi.org/10.1007/s11265-016-1161-2

2016-01-01

Abstract:Nowadays big data security plays a major issue in cloud computing. Chunk-confusion-based privacy protection mechanism (CCPPM) protects the privacy of the tenants in plaintext. But both multi-tenant applications’ data and tenants’ privacy requirements are dynamically changing, which will have a great effect on the underlying storage model of cloud data. Moreover, the tenants’ business processing will change the data distribution and destroy the distribution balance of privacy data, which makes the data stored in the cloud face the risk of leakage of privacy. Therefore, the paper proposed a privacy protection evaluation mechanism for dynamic data based on CCPPM. The paper firstly introduces three kinds of the privacy leakages due to unbalanced data under the CCPPM, and analyzes two methods used for attacking. Aiming at the privacy leakages and the attack methods, we proposed a dynamic data processing algorithm to record the tenants’ operation sequence and set up the corresponding evaluation formula. Next, we evaluated the effect of privacy protection from two aspects of simple attack and background-knowledge-based attack, and used the data distribution similarity privacy preserving dynamic evaluation algorithm presented in this paper to obtain the measurement results of privacy leakages. Finally, according to the evaluation results, the defense strategies are given to prevent data privacy leakages. The experimental evaluation proves that rationality of dynamic the evaluation mechanism proposed in this paper has better feasibility and practicality for big data privacy protection.

Satvik Jain,Arun Balaji Buduru,Anshuman Chhabra

DOI: https://doi.org/10.48550/arXiv.1810.11937

2018-10-29

Abstract:Cloud infrastructures are being increasingly utilized in critical infrastructures such as banking/finance, transportation and utility management. Sophistication and resources used in recent security breaches including those on critical infrastructures show that attackers are no longer limited by monetary/computational constraints. In fact, they may be aided by entities with large financial and human resources. Hence there is urgent need to develop predictive approaches for cyber defense to strengthen cloud infrastructures specifically utilized by critical infrastructures. Extensive research has been done in the past on applying techniques such as Game Theory, Machine Learning and Bayesian Networks among others for the predictive defense of critical infrastructures. However a major drawback of these approaches is that they do not incorporate probabilistic human behavior which limits their predictive ability. In this paper, a stochastic approach is proposed to predict less secure states in critical cloud systems which might lead to potential security breaches. These less-secure states are deemed as `risky' states in our approach. Markov Decision Process (MDP) is used to accurately incorporate user behavior(s) as well as operational behavior of the cloud infrastructure through a set of features. The developed reward/cost mechanism is then used to select appropriate `actions' to identify risky states at future time steps by learning an optimal policy. Experimental results show that the proposed framework performs well in identifying future `risky' states. Through this work we demonstrate the effectiveness of using probabilistic modeling (MDP) to predictively secure critical cloud infrastructures.

Artificial Intelligence

Yu-Ding WANG,Jia-Hai YANG,Cong XU,Xiao LING,Yang YANG

DOI: https://doi.org/10.13328/j.cnki.jos.004820

2015-01-01

Abstract:With the intensive and large scale development of cloud computing, security becomes one of the most important problems. As an important part of security domain, access control technique is used to limit users' capability and scope to access data and ensure the information resources not to be used and accessed illegally. This paper focuses on the state-of-the-art research of access control technology in cloud computing environment. First, it briefly introduces access control theory, and discusses the access control framework in cloud computing environment. Then, it thoroughly surveys the access control problems in cloud computing environment from three aspects including cloud access control model, cloud access control based on ABE (attribute-based encryption) cryptosystem, and multi-tenant and virtualization access control in cloud. In addition, it probes the best current practices of access control technologies within the major cloud service providers and open source cloud platforms. Finally, it summarizes the problems in the current research and prospects the development of future research.

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/INFCOM.2010.5462174

2010-01-01

Abstract:Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine-grained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.

Xuetao Pu,Rong Jiang,Zhiming Song,Zhihong Liang,Liang Yang

DOI: https://doi.org/10.3389/fpubh.2024.1358184

IF: 5.2

2024-03-29

Frontiers in Public Health

Abstract:The rapid development of the Hospital Information System has significantly enhanced the convenience of medical research and the management of medical information. However, the internal misuse and privacy leakage of medical big data are critical issues that need to be addressed in the process of medical research and information management. Access control serves as a method to prevent data misuse and privacy leakage. Nevertheless, traditional access control methods, limited by their single usage scenario and susceptibility to single point failures, fail to adapt to the polymorphic, real-time, and sensitive characteristics of medical big data scenarios. This paper proposes a smart contracts and risk-based access control model (SCR-BAC). This model integrates smart contracts with traditional risk-based access control and deploys risk-based access control policies in the form of smart contracts into the blockchain, thereby ensuring the protection of medical data. The model categorizes risk into historical and current risk, quantifies the historical risk based on the time decay factor and the doctor's historical behavior, and updates the doctor's composite risk value in real time. The access control policy, based on the comprehensive risk, is deployed into the blockchain in the form of a smart contract. The distributed nature of the blockchain is utilized to automatically enforce access control, thereby resolving the issue of single point failures. Simulation experiments demonstrate that the access control model proposed in this paper effectively curbs the access behavior of malicious doctors to a certain extent and imposes a limiting effect on the internal abuse and privacy leakage of medical big data.

public, environmental & occupational health

Mingyue Shi,Rong Jiang,Xiaohan Hu,Jingwei Shang

DOI: https://doi.org/10.1007/s10729-019-09490-4

2019-07-23

Health Care Management Science

Abstract:With the rapid development of modern information technology, the health care industry is entering a critical stage of intelligence. Faced with the growing health care big data, information security issues are becoming more and more prominent in the management of smart health care, especially the problem of patient privacy leakage is the most serious. Therefore, strengthening the information management of intelligent health care in the era of big data is an important part of the long-term sustainable development of hospitals. This paper first identified the key indicators affecting the privacy disclosure of big data in health management, and then established the risk access control model based on the fuzzy theory, which was used for the management of big data in intelligent medical treatment, and solves the problem of inaccurate experimental results due to the lack of real data when dealing with actual problems. Finally, the model is compared with the results calculated by the fuzzy tool set in Matlab. The results verify that the model is effective in assessing the current safety risks and predicting the range of different risk factors, and the prediction accuracy can reach more than 90%.

health policy & services

Meikang Qiu,Han Qiu,Hui Zhao,Meiqin Liu,Bhavani Thuraisingham

DOI: https://doi.org/10.1109/SmartBlock52591.2020.00010

2020-01-01

Abstract:With the rapid development of cloud technology and the huge amount of big data generation, outsourcing data storage to a cloud service provider is an efficient solution. The challenges on the trustworthiness of cloud providers are urgent to be solved due to many security and privacy violation incidents in recent years. Some enhanced data protection methods such as All-Or-Nothing Transformation (AONT) are proposed to provide additional protection on data security. However, the key management and access revocation operations will become a difficult task and the key manager will be vulnerable. In this paper, we propose to use the scalable consortium blockchain system to solve the key management for the AON-based data protection and outsourcing in the multi-clouds scenario. We propose a model that can provide secure data sharing through untrusted clouds with the key management provided by the consortium blockchain system as a service. We also provide practical case studies for using the novel AON data approaches to protect data security and tamper-proofing on key management.

Yufu Wang,Mingwei Zhu,Jiaqiang Yuan,Guanghui Wang,Hong Zhou

2024-04-15

Abstract:Cloud computing (cloud computing) is a kind of distributed computing, referring to the network "cloud" will be a huge data calculation and processing program into countless small programs, and then, through the system composed of multiple servers to process and analyze these small programs to get the results and return to the user. This report explores the intersection of cloud computing and financial information processing, identifying risks and challenges faced by financial institutions in adopting cloud technology. It discusses the need for intelligent solutions to enhance data processing efficiency and accuracy while addressing security and privacy concerns. Drawing on regulatory frameworks, the report proposes policy recommendations to mitigate concentration risks associated with cloud computing in the financial industry. By combining intelligent forecasting and evaluation technologies with cloud computing models, the study aims to provide effective solutions for financial data processing and management, facilitating the industry's transition towards digital transformation.

Distributed, Parallel, and Cluster Computing,Artificial Intelligence

Pingping LIU,Linying YAN

DOI: https://doi.org/10.3969/j.issn.1672-9722.2016.02.025

2016-01-01

Abstract:To guarantee the data security in cloud computing ,the role‐based access control model and trust‐based access control model are combined in this paper ,and a hybrid model based on "trust‐role" is proposed .The model introduces the calculation of the trust value on the base of role‐based access control ,so that it is required for verification of the trust value and obtain access to data .It is proved this model can effectively solve the legitimate access to data in the cloud ,and protect the security problem of data in cloud computing .

Yingjie Xia,Mingzhe Zhu,Junhua Xuan,Ze Chen

DOI: https://doi.org/10.1109/INDUSIS.2010.5565810

2010-01-01

Abstract:In this paper, we propose a novel hierarchy-aware ECC model termed HHECC for access control in Cloud. This model is implemented by a hierarchical and hybrid Elliptic Curve Cryptography (ECC) encryption on Cloud data. Cloud is a popular storage platform to build data center for data backup, file synchronization and resource sharing. Since accessed by various kinds of users, the Cloud storage services should be affiliated with a secure access control strategy according to its confidential protocol and privacy policy. The hierarchy feature of the scheme is achieved by one-way hash function on the key for data decryption, and the hybrid feature denotes the combination of one-way hash, Advanced Encryption Standard (AES) and ECC for a fine grained control of user access. In comparison with other schemes, the simulation experiments of data access security and efficiency show that HHECC-based hierarchical access control scheme is more efficient for Cloud data encryption and decryption, and much securer for hierarchical user access control. © 2010 IEEE.

Ke Yang,Da Li,Lei Zhou,Kai Cheng

DOI: https://doi.org/10.1088/1742-6596/2166/1/012042

2022-01-01

Journal of Physics: Conference Series

Abstract:Abstract The new power system presents new features such as massive, decentralized, multiple types of equipment and user access, more complex interactions, and faster response speed. The zero-trust security model still has problems such as the single-point failure risk of permission control and the inability to balance dynamic fine-grained permission adjustment and real-time response. Based on this, this paper proposes an adaptive dynamic access control model based on blockchain and token. First, build a decentralized authorization management architecture based on blockchain smart contracts to provide users with reliable and intelligent authorization services. Secondly, an authorization technology based on short-term tokens is proposed, which realizes adaptive dynamic access authority adjustment through user trust evaluation and smart contract automatic discrimination. Finally, an intelligent identity authentication mechanism based on user behavior data analysis is designed to support the adaptive update of tokens. Experiments have verified that this model has certain advantages in accurate and adaptive dynamic authorization, which can provide a reference for the improvement of the zero-trust model.

Ping-ping LIU,Lin-ying YAN

DOI: https://doi.org/10.16185/j.jxatu.edu.cn.2015.05.003

2015-01-01

Abstract:For the purpose of secure cloud storage ,a secure cloud storage access control system scheme is proposed in this paper .In the scheme ,Linux and Hadoop are used to build the cloud platform .T he role-based access control method is employed to test identity and to access nonsensitive data . And the attribute encryption algorithm is applyed to encrypt/decrypt data .Experiment show s that this scheme can effectively ensure the integrity and confidentiality of data in the cloud storage .

Yu Zhang,Jing Chen,Ruiying Du,Lan Deng,Yang Xiang,Qing Zhou

DOI: https://doi.org/10.1109/TrustCom.2014.42

2014-01-01

Abstract:In the past few years, cloud computing has emerged as one of the most influential paradigms in the IT industry. As promising as it is, this paradigm brings forth many new challenges for data security because users have to outsource sensitive data on untrusted cloud servers for sharing. In this paper, to guarantee the confidentiality and security of data sharing in cloud environment, we propose a Flexible and Efficient Access Control Scheme (FEACS) based on Attribute-Based Encryption, which is suitable for fine-grained access control. Compared with existing state-of-the-art schemes, FEACS is more practical by following functions. First of all, considering the factor that the user membership may change frequently in cloud environment, FEACS has the capability of coping with dynamic membership efficiently. Secondly, full logic expression is supported to make the access policy described accurately and efficiently. Besides, we prove in the standard model that FEACS is secure based on the Decisional Bilinear Diffie-Hellman assumption. To evaluate the practicality of FEACS, we provide a detailed theoretical performance analysis and a simulation comparison with existing schemes. Both the theoretical analysis and the experimental results prove that our scheme is efficient and effective for cloud environment.