A Model for Trust-Based Access Control and Delegation in Mobile Clouds

Ray, Indrajit; Mulamba, Dieudonne; Han, Kun-Hee

doi:10.1007/978-3-642-39256-6_16

Cited by 7 publications

(5 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [35], the evidence results from these two are combined to make security decisions. There are models in which trust management is combined with role based access control [11,46]. Specifically, in [11], access is granted if both a client's trust level exceeds a threshold and the global role and permissions are correct.…”

Section: E Discussionmentioning

confidence: 99%

Towards Robust and Effective Trust Management for Security: A Survey

Wang

Müller

Liu

et al. 2014

2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications

View full text Add to dashboard Cite

There is a need for robust and effective trust management. Different security problems result in different requirements to the design of trust management, and the existing attacks in trust management for security are yet to be solved. In this paper, we first propose a framework to classify desired properties of trust management for each type of security problems. We then investigate typical representative attacks and existing solutions in trust management for security. By considering both these security properties and attacks on trust management systems, our work serves to propel the design of more effective and robust trust management systems for security.

show abstract

Section: E Discussionmentioning

confidence: 99%

Towards Robust and Effective Trust Management for Security: A Survey

Wang

Müller

Liu

et al. 2014

2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications

View full text Add to dashboard Cite

show abstract

“…Further, the administrative model also merges with the OpenStack Keystone management. Ray et al [17] propose a formal trust-based delegation model solving similar problems in mobile cloud environment. However, the calculated trust relation is inappropriate and unnecessary between domains in OpenStack since domains have the authority to assign trust relations with each other.…”

Section: Related Workmentioning

confidence: 99%

Extending OpenStack Access Control with Domain Trust

Tang

Sandhu

2014

Network and System Security

View full text Add to dashboard Cite

Abstract. OpenStack has been rapidly established as the most popular open-source platform for cloud Infrastrusture-as-a-Service in this fast moving industry. In response to increasing access control requirements from its users, the OpenStack identity service Keystone has introduced several entities, such as domains and projects in addition to roles, resulting in a rather complex and somewhat obscure authorization model. In this paper, we present a formalized description of the core OpenStack access control (OSAC). We further propose a domain trust extension for OSAC to facilitate secure cross-domain authorization. We have implemented a proof-of-concept prototype of this trust extension based on Keystone. The authorization delay introduced by the domain trusts is 0.7 percent on average in our experiments.

show abstract

“…Unlike [81,82], which combine a trust model with ABAC, Ray et al [83] present an access control model combining a trust model and RBAC. The proposed access control model is designed for mobile cloud systems.…”

Section: Attribute-based Andmentioning

confidence: 99%

“…This model is an extension of [85], where trust levels are assigned to roles and which are then further assigned to permissions as in RABC. However, in [83], the specific problem of delegation is addressed based on the extension of the RBAC model and the trust-based access control model of [85]. This addresses the issues of dynamicity and inconstancy in controlling an access control delegation.…”

Section: Attribute-based Andmentioning

confidence: 99%

Protocol-Based and Hybrid Access Control for the IoT: Approaches and Research Opportunities

Pal

Jadidi

2021

Sensors

View full text Add to dashboard Cite

Internet of Things (IoT) applications and services are becoming more prevalent in our everyday life. However, such an interconnected network of intelligent physical entities needs appropriate security to sensitive information. That said, the need for proper authentication and authorization is paramount. Access control is in the front line of such mechanisms. Access control determines the use of resources only to the specified and authorized users based on appropriate policy enforcement. IoT demands more sophisticated access control in terms of its usability and efficiency in protecting sensitive information. This conveys the need for access control to serve system-specific requirements and be flexibly combined with other access control approaches. In this paper, we discuss the potential for employing protocol-based and hybrid access control for IoT systems and examine how that can overcome the limitations of traditional access control mechanisms. We also focus on the key benefits and constraints of this integration. Our work further enhances the need to build hierarchical access control for large-scale IoT systems (e.g., Industrial IoT (IIoT) settings) with protocol-based and hybrid access control approaches. We, moreover, list the associated open issues to make such approaches efficient for access control in large-scale IoT systems.

show abstract

A Model for Trust-Based Access Control and Delegation in Mobile Clouds

Cited by 7 publications

References 23 publications

Towards Robust and Effective Trust Management for Security: A Survey

Towards Robust and Effective Trust Management for Security: A Survey

Extending OpenStack Access Control with Domain Trust

Protocol-Based and Hybrid Access Control for the IoT: Approaches and Research Opportunities

Contact Info

Product

Resources

About