On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical Systems

Sciancalepore, Savio; Piro, Giuseppe; Caldarola, Daniele; Boggia, Gennaro; Bianchi, Giuseppe

doi:10.1109/jiot.2018.2864300

Cited by 26 publications

(20 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In distributed cybersecurity frameworks identity management and access control capabilities are of great importance, to verify the authenticity of any physical and logical entity belonging to the whole architecture and verify the authorization to accessing to heterogeneous resources and services distributed and deployed across different organizations. The most representative works on this topic can be found in [12,16,18,22,37,40,43,47,48].…”

Section: State Of the Art On Cyber-security Frameworkmentioning

confidence: 99%

“…In RBAC, access rights are based on roles and privileges of the users. Starting from the ABAC logic, other approaches aim to solve the access control problem through cryptographic mechanisms [18,37,47,48].…”

Section: State Of the Art On Cyber-security Frameworkmentioning

confidence: 99%

“…Furthermore, the heterogeneity of ICT installations are progressively increasing the attack surface, fostering the raise of new attack models that join the more classical strategies like Distributed Denial of Service (DDoS) and botnets [31,33]. Also identity management and access control strategies need attention: even if they have already been largely developed and integrated into distributed systems, they can neither guarantee the integrity and dependability of the whole chain over time, nor tracking the propagation of private data and sensitive information along the service chain [10,12,16,18,22,32,37,40,43,[47][48][49][50][51]. Finally, the chain topology and composition are usually unknown to the end user, who cannot easily check whether service owners, security mechanisms (e.g., encryption, integrity), and confidentiality policies are compliant with his/her own requirements and expectations.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Autonomous Cybersecurity Framework for Next-generation Digital Service Chains

et al. 2021

Self Cite

View full text Add to dashboard Cite

Today, the digital economy is pushing new business models, based on the creation of value chains for data processing, through the interconnection of processes, products, services, software, and things across different domains and organizations. Despite the growing availability of communication infrastructures, computing paradigms, and software architectures that already effectively support the implementation of distributed multi-domain value chains, a comprehensive architecture is still missing that effectively fulfills all related security issues: mutual trustworthiness of entities in partially unknown topologies, identification and mitigation of advanced multi-vector threats, identity management and access control, management and propagation of sensitive data. In order to fill this gap, this work proposes a new methodological approach to design and implement heterogeneous security services for distributed systems that combine together digital resources and components from multiple domains. The framework is designed to support both existing and new security services, and focuses on three novel aspects: (i) full automation of the processes that manage the whole system, i.e., threat detection, collection of information and reaction to attacks and system anomalies; (ii) dynamic adaptation of operations and security tasks to newest attack patterns, and (iii) real-time adjustment of the level of detail of inspection and monitoring processes. The overall architecture as well as the functions and relationships of its logical components are described in detail, presenting also a concrete use case as an example of application of the proposed framework.

show abstract

Section: State Of the Art On Cyber-security Frameworkmentioning

confidence: 99%

Section: State Of the Art On Cyber-security Frameworkmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Autonomous Cybersecurity Framework for Next-generation Digital Service Chains

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…It should be understood, however, that an aider need not be a singular entity. The notion of federated IoT, for example, captures an operational mode that lends itself naturally to security, e.g., [ 34 ]. Through such a view, both thing/entity and aider become dually physical and logical.…”

Section: Remarks On Some Open Issuesmentioning

confidence: 99%

“…The results also indicated the interaction between message latency and aiding effectiveness. Indeed, considerations for IoT security cannot be made in isolation of other cyber or physical phenomena with which it interacts [34]. This further spans to physical consideration within the cyber modules, e.g., processor overheating or actuation failure [37].…”

Section: The (Cyber-physical) Systems Viewmentioning

confidence: 99%

Secure Communications for Resource-Constrained IoT Devices

Taha

Rashwan

Hassanein

2020

Sensors

View full text Add to dashboard Cite

The importance of securing communications on the Internet of Things (IoT) cannot be overstated. This is especially the case in light of the increasing proliferation of IoT devices and instances, as well as the growing dependence on their usage. Meanwhile, there have recently been mounting concerns over a wide array of vulnerabilities in IoT communications. The objective of this work is to address constraints in IoT devices that are “resource-constrained”, which are devices that are limited in terms of computing, energy, communication, or range capabilities, whether in terms of nominal or temporal limitations. Specifically, we propose a framework for resource-aiding constrained devices to facilitate secure communication. Without loss of generalization, the framework’s viability is illustrated by focusing on a group of security functions that utilize message authentication codes, which is a strongly representative example of resource-intensive security functions. Aspects of the framework are further demonstrated in processing cores commonly used in commercial IoT devices.

show abstract

Refresh Instead of Revoke Enhances Safety and Availability: A Formal Analysis

Shakarami

Sandhu

2019

Data and Applications Security and Privacy XXXIII

View full text Add to dashboard Cite

Due to inherent delays and performance costs, the decision point in a distributed multi-authority Attribute-Based Access Control (ABAC) system is exposed to the risk of relying on outdated attribute values and policy; which is the safety and consistency problem. This paper formally characterizes three increasingly strong levels of consistency to restrict this exposure. Notably, we recognize the concept of refreshing attribute values rather than simply checking the revocation status, as in traditional approaches. Refresh replaces an older value with a newer one, while revoke simply invalidates the old value. Our lowest consistency level starts from the highest level in prior revocation-based work by Lee and Winslett (LW). Our two higher levels utilize the concept of request time which is absent in LW. For each of our levels we formally show that using refresh instead of revocation provides added safety and availability.

show abstract

On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical Systems

Cited by 26 publications

References 39 publications

An Autonomous Cybersecurity Framework for Next-generation Digital Service Chains

An Autonomous Cybersecurity Framework for Next-generation Digital Service Chains

Secure Communications for Resource-Constrained IoT Devices

Refresh Instead of Revoke Enhances Safety and Availability: A Formal Analysis

Contact Info

Product

Resources

About