Conflict analysis and detection based on model checking for spatial access control policy

Zhang, Aijuan; Ji, Cheng; Yu, Bo; Li, Xin

doi:10.23919/tst.2017.8030537

Cited by 5 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…F. Ma et al proposed a fine-grained access control model for spatial data in a grid environment based on a role-based access control model [19]. Furthermore, a multi-granularity spatial access control model was proposed that introduces more types of policy rule conflicts than single-granularity objects [20]. The model can manage and enforce the strong and efficient access control technology in large-scale environments.…”

Section: Related Workmentioning

confidence: 99%

A Watermark-Based In-Situ Access Control Model for Image Big Data

Guo

Ren

et al. 2018

Future Internet

View full text Add to dashboard Cite

When large images are used for big data analysis, they impose new challenges in protecting image privacy. For example, a geographic image may consist of several sensitive areas or layers. When it is uploaded into servers, the image will be accessed by diverse subjects. Traditional access control methods regulate access privileges to a single image, and their access control strategies are stored in servers, which imposes two shortcomings: (1) fine-grained access control is not guaranteed for areas/layers in a single image that need to maintain secret for different roles; and (2) access control policies that are stored in servers suffers from multiple attacks (e.g., transferring attacks). In this paper, we propose a novel watermark-based access control model in which access control policies are associated with objects being accessed (called an in-situ model). The proposed model integrates access control policies as watermarks within images, without relying on the availability of servers or connecting networks. The access control for images is still maintained even though images are redistributed again to further subjects. Therefore, access control policies can be delivered together with the big data of images. Moreover, we propose a hierarchical key-role-area model for fine-grained encryption, especially for large size images such as geographic maps. The extensive analysis justifies the security and performance of the proposed model

show abstract

Section: Related Workmentioning

confidence: 99%

A Watermark-Based In-Situ Access Control Model for Image Big Data

Guo

Ren

et al. 2018

Future Internet

View full text Add to dashboard Cite

show abstract

“…In fact, an XACML policy in distributed applications may be aggregated from multiple parties and can be managed by more than one administrator [8] which may arise anomalies between rules. Various research efforts have been devoted to anomaly detection of XACML policies using verification techniques [8,15,16,18,29,34]. The most important policy analysis techniques and formal approaches are presented by [37].…”

Section: Related Work and Contributionsmentioning

confidence: 99%

Formal Approach to Detect and Resolve Anomalies while Clustering ABAC Policies

Hadj¹,

Khoumsi²,

Benkaouz³

et al. 2018

ICST Transactions on Security and Safety

View full text Add to dashboard Cite

In big data environments with big number of users and high volume of data, we need to manage the corresponding huge number of security policies. Using Attribute-Based Access Control (ABAC) model to ensure access control might become complex and hard to manage. Moreover, ABAC policies may be aggregated from multiple parties. Therefore, they may contain several anomalies such as conflicts and redundancies, resulting in safety and availability problems. Several policy analysis and design methods have been proposed. However, most of these methods do not preserve the original policy semantics. In this paper, we present an ABAC anomaly detection and resolution method based on the access domain concept, while preserving the policy semantics. To make the suggested method scalable for large policies, we decompose the policy into clusters of rules, then the method is applied to each cluster. We prove correctness of the method and evaluate its computational complexity. Experimental results are given and discussed.

show abstract

“…Ряд зарубежных источников [17][18][19][20][21][22][23][24][25], содержащих исследования по проблематике теории конфликтов, используют аппарат математического моделирования для анализа объектов и систем в различных предметных областях. В работах [17; 22; 23] исследуются причины, динамика конфликтов, возникающих при реализации социальных процессов в сфере жизнедеятельности общества.…”

Section: Introductionunclassified

“…Определяется множество участников конфликта и моделируются пути его разрешения с применением дифференциальных уравнений. Также категориально-понятийный аппарат теории конфликтов может быть применен при возникновении противоречий в политике предоставления доступа к данным в географических информационных системах [18], для прогнозирования и анализа траекторий движения воздушных судов и недопущения столкновений [19], для разработки математических моделей систем, оценивающих эпидемиологическую обстановку и динамику распространения инфекционных заболеваний [20], а также в моделях, разрабатываемых для оценки бизнес-процессов [21].…”

Section: Introductionunclassified

Study of the Relationship between Conflict Properties and Performance Indicators of Organizational and Technical Systems on the Example of a Special Purpose Communication Network

Popov

Pyankov

2023

jour

View full text Add to dashboard Cite

The system approach to the study of organizational and technical systems, including organizational and technical elements and the interaction between them is used. The analysis of the literature on the investigated problem is carried out, the choice in favor of the conflict theory for the study of organizational-technical systems is made and the necessity of solving the scientific problem of clarifying the applicability of existing assessments of the conflicts of the system is determined. The hypothesis of the existence of a relationship between estimates of the conflict relations of elements and performance indicators of organizational-technical systems is considered.By the example of a special purpose local communication network a mathematical model of conflict interactions is developed, utility functions of its elements are introduced, existing and new methods of evaluation of conflict relations of elements and the system as a whole are considered.On the model of the considered local network we conduct a full-scale experiment to define the network performance (the ratio of the data transmission rate to the channel capacity, the central processor load, the ratio of the transmission time of a fixed amount of data to the minimum achievable with the use of the entire channel capacity) in various conditions of its operation, including the impact of negative factors. For each investigated state of the local network, we modify the mathematical model to calculate the values of the conflict relations of the elements and the system as a whole.The choice of estimates of the conflict relations, potentially having connection with efficiency indicators is carried out. The correlation between the selected set of assessments of conflict relations and performance indicators is determined by methods of correlation analysis. As a result of the analysis, we singled out the estimates, which can be used to predict the degree of change in the conflicts of the system and its elements when modifying or changing the conditions of functioning.

show abstract

Conflict analysis and detection based on model checking for spatial access control policy

Cited by 5 publications

References 14 publications

A Watermark-Based In-Situ Access Control Model for Image Big Data

A Watermark-Based In-Situ Access Control Model for Image Big Data

Formal Approach to Detect and Resolve Anomalies while Clustering ABAC Policies

Study of the Relationship between Conflict Properties and Performance Indicators of Organizational and Technical Systems on the Example of a Special Purpose Communication Network

Contact Info

Product

Resources

About