Fine-Grained Access Control in the Era of Cloud Computing: An Analytical Review

Albulayhi, Khalid; Abuhussein, Abdullah; Alsubaei, Faisal S.; Sheldon, Frederick T.

doi:10.1109/ccwc47524.2020.9031179

Cited by 12 publications

(6 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The foundational models of access control mechanisms are the Discretionary Access Control (DAC) and Mandatory Access Control (MAC) [8]. DAC, characterized by its flexibility, allows the resource owner to determine who has access to it (like a homeowner who decides which guests can enter their home) [18]. However, its reliance on individual users to set their access controls introduces significant risk, particularly with insider threats, as it enables users with malicious intent to grant access to sensitive information improperly [3].…”

Section: Evolution Of Access Control Mechanisms and Role-based Access...mentioning

confidence: 99%

From Theory to Practice: Implementing Effective Role-Based Access Control Strategies to Mitigate Insider Risks in Diverse Organizational Contexts

Marquis

2024

JERR

View full text Add to dashboard Cite

This study investigates the effectiveness of Role-Based Access Control (RBAC) systems in mitigating insider threats to database security within various organizational environments. Insider threats represent a significant challenge for database security, necessitating robust and adaptive security measures. By delineating access based on users' roles within an organization, RBAC emerges as a critical tool against such threats. Employing a quantitative research methodology, this work gathered data through a survey targeting professionals directly involved in the security and management of organizational databases across technology, finance, healthcare, and government industries. The study utilized Confirmatory Factor Analysis (CFA) and Structural Equation Modeling (SEM) to validate the measurement model and analyze the relationships between RBAC effectiveness, implementation challenges, RBAC enhancements, and their collective impact on insider threat reduction. Findings indicate that RBAC effectively reduces unauthorized access and data breaches, significantly mitigating insider threats. However, implementation challenges such as role definition complexity and adapting to dynamic access needs emerge as notable obstacles. Enhancements in RBAC, mainly through integrating technologies like machine learning and dynamic access controls, are identified as critical mediators that enhance RBAC's effectiveness. The study concludes that while RBAC is a vital tool for database security, its success depends on continuous improvement and customization to specific organizational contexts. It recommends developing continuous enhancement programs for RBAC systems, specialized training for administrators, and the customization of RBAC strategies to meet unique organizational and industry needs. These measures are crucial for optimizing RBAC's effectiveness against insider threats.

show abstract

Section: Evolution Of Access Control Mechanisms and Role-based Access...mentioning

confidence: 99%

From Theory to Practice: Implementing Effective Role-Based Access Control Strategies to Mitigate Insider Risks in Diverse Organizational Contexts

Marquis

2024

JERR

View full text Add to dashboard Cite

show abstract

“…Discretionary Access Control (DAC): DAC is one of the primary access control techniques introduced in computing. It grants access by managing an access control matrix or an Access-Control List (ACL) [ 53 ]. Once access is granted in DAC, it remains forever until the administrator revokes access.…”

Section: Access Control Models In Iotmentioning

confidence: 99%

Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future Directions

Ragothaman

Wang

Rimal

et al. 2023

Sensors

View full text Add to dashboard Cite

Internet of Things (IoT) provides a wide range of services in domestic and industrial environments. Access control plays a crucial role in granting access rights to users and devices when an IoT device is connected to a network. However, many challenges exist in designing and implementing an ideal access control solution for the IoT due to the characteristics of the IoT including but not limited to the variety of the IoT devices, the resource constraints on the IoT devices, and the heterogeneous nature of the IoT. This paper conducts a comprehensive survey on access control in the IoT, including access control requirements, authorization architecture, access control models, access control policies, access control research challenges, and future directions. It identifies and summarizes key access control requirements in the IoT. The paper further evaluates the existing access control models to fulfill the access control requirements. Access control decisions are governed by access control policies. The existing approaches on dynamic policies’ specification are reviewed. The challenges faced by the existing solutions for policies’ specification are highlighted. Finally, the paper presents the research challenges and future directions of access control in the IoT. Due to the variety of IoT applications, there is no one-size-fits-all solution for access control in the IoT. Despite the challenges encountered in designing and implementing the access control in the IoT, it is desired to have an access control solution to meet all the identified requirements to secure the IoT.

show abstract

“…We adopt the ITU-T X.812 framework and the ABAC access control model [16] due to its fine-grained access control (needed for protecting FHIR resources, see next Section) versus other models, such as RBAC or DAC [17]. SoC explicit consents are translated to access control policies in XACML format.…”

Section: B Access Control Services In Healthcare Soamentioning

confidence: 99%

Blockchain-Based Service-Oriented Architecture for Consent Management, Access Control, and Auditing

et al. 2023

View full text Add to dashboard Cite

Continuity of care requires the exchange of health information among organizations and care teams. The EU General Data Protection Regulation (GDPR) establishes that subject of care should give explicit consent to the treatment of her personal data, and organizations must obey the individual's will. Nevertheless, few solutions focus on guaranteeing the proper execution of consents. We propose a serviceoriented architecture, backed by blockchain technology, that enables: (1) tamper-proof and immutable storage of subject of care consents; (2) a fine-grained access control for protecting health data according to consents; and (3) auditing tasks for supervisory authorities (or subjects of care themselves) to assess that healthcare organizations comply with GDPR and granted consents. Standards for health information exchange and access control are adopted to guarantee interoperability. Access control events and the subject of care consents are maintained on a blockchain, providing a trusted collaboration between organizations, supervisory authorities, and individuals. A prototype of the architecture has been implemented as a proof of concept to evaluate the performance of critical components. The application of subject of care consent to control the treatment of personal health data in federated and distributed environments is a pressing concern. The experimental results show that blockchain can effectively support sharing consent and audit events among healthcare organizations, supervisory authorities, and individuals.INDEX TERMS Blockchain, consent management, fast healthcare information resources (FHIR), general data protection regulation (GDPR), service-oriented architecture (SOA), business process management (BPM).

show abstract

Fine-Grained Access Control in the Era of Cloud Computing: An Analytical Review

Cited by 12 publications

References 27 publications

From Theory to Practice: Implementing Effective Role-Based Access Control Strategies to Mitigate Insider Risks in Diverse Organizational Contexts

From Theory to Practice: Implementing Effective Role-Based Access Control Strategies to Mitigate Insider Risks in Diverse Organizational Contexts

Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future Directions

Blockchain-Based Service-Oriented Architecture for Consent Management, Access Control, and Auditing

Contact Info

Product

Resources

About