A framework and risk assessment approaches for risk-based access control in the cloud

Santos, Daniel Rodrigues dos; Marinho, Roberto; Schmitt, Gustavo Roecker; Westphall, Carla Merkle

doi:10.1016/j.jnca.2016.08.013

Cited by 48 publications

(20 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…More formally, when a call to a sub-sequence finishes and returns a ′, the initial is updated to +1 as follows: .UC n+1 = (UAP n , AccessedSet(UC n ) ∨ AccessedSet(UC ' )) (16) Note that the original UAP remains the same as it was before the sub-sequence call was made, and it is only updated when the user execution returns to the original flowchart. It is also important to note that the dependent calls and the UC' returned by the sub-sequence call can have revocation lists associated with them as described in section V.B.2).…”

Section: Subsequence Callsmentioning

confidence: 99%

SeqBAC: A Sequence-Based Access Control Model (S)

Regateiro

Pereira

Aguiar

2018

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

Access control, when used in the context of database applications, is aimed to supervise the requests made by legitimate users to access sensitive data. These requests represent actions that a user can perform on a database and they typically read or write data. While this supervision can be formalized at a higher level, e.g. using an access control model such as RBAC, in the end, the data access is done through each authorized action. Therefore, the current access control models enforce their policies on an action by action basis, being unable to support relations of order between them. In many database applications, access to data is not done randomly, but by following very specific sequences of actions which are not supervised. This paper argues that a better security policy can be achieved by supervising these sequences. Thus, previous research is leveraged to propose a formalized model, capable of enforcing access control over the sequences of actions that can complement existing access control models.

show abstract

Section: Subsequence Callsmentioning

confidence: 99%

SeqBAC: A Sequence-Based Access Control Model (S)

Regateiro

Pereira

Aguiar

2018

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

show abstract

“…RAdAC also works well in rapid-change environment to cater larger range of increase in users and resources. Nevertheless, failure in managing user identity and access structure in RAdAC has led to poor cloud management [12]. Thus, the implementation of RAdAC model is advantageous if the management of user identity and hidden access structure can be carried out effectively.…”

Section: Risk-adaptable Access Control (Radac)mentioning

confidence: 99%

“…Ontology in risk based access control is the extended work of [12] to define the independent risk policies of RAdAC model in specific hierarchical process. Subsequently, the ontology approach in RAdAC allows risk quantification without the need of cloud federation.…”

Section: Risk-adaptable Access Control (Radac)mentioning

confidence: 99%

“…Subsequently, failure in managing identity of user in access control model may disrupt the effective implementation [12]. Thus, this research has been the benchmark for this paper in designing the architecture of proposed authentication scheme.…”

Section: Risk-adaptable Access Control (Radac)mentioning

confidence: 99%

“…Furthermore, the emergence of access control authentication from a conventional secure password establishment to an attribute-based access control has led to the development of an efficient RAdAC to secure data in cloud. The advantages of RAdAC are the ability to cater the dynamic environment in handling exceptional access request and the flexibility in accessing resources [12]. This can resolve the issue using conventional password authentication scheme which depends on static access control policies and vulnerable to the password relevancy.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Towards Secure Risk-Adaptable Access Control in Cloud Computing

Abdullah

Bakar

2018

ijacsa

View full text Add to dashboard Cite

The emergence of pervasive cloud computing has supported the transition of physical data and machine into virtualization environment. However, security threat and privacy have been identified as a challenge to support the widespread adoption of cloud among user. Moreover, user awareness on the importance of cloud computing has increase the needs to safeguard the cloud by implementing access control that works on dynamic environment. Therefore, the emergence of Risk-Adaptable Access Control (RAdAC) as a flexible medium in handling exceptional access request is a great countermeasure to deal with security and privacy challenges. However, the rising problem in safeguarding users' privacy in RAdAC model has not been discussed in depth by other researcher. This paper explores the architecture of cloud computing and defines the existing solutions influencing the adoption of cloud among user. At the same time, the obscurity factor in protecting privacy of user is found within RAdAC framework. Similarly, the two-tier authentication scheme in RAdAC has been proposed in responding to security and privacy challenges as shown through informal security analysis.

show abstract