Sharif Digital Repository

One of the security issues in data outsourcing scenario is the enforcement of data owner's access control policies. This includes some challenges; namely, the number of keys required to access authorized resources, efficient policy updating, write access control enforcement, user and data owner overhead, and preserving confidentiality of data and policies. Most of the existing solutions address only some of the challenges, while they impose high overhead on both the data owner and users. Though, policy management in the Role-Based Access Control (RBAC) model is easier and more efficient due to the existence of role hierarchical structure and role inheritance; most of the existing solutions... 

Enforcing dynamic and confidential access control policies is a challenging issue of data outsourcing to external servers due to the lack of trust towards the servers. In this paper, we propose a scalable yet flexible access control enforcement mechanism when the underlying relational data, on which access policies are defined, has been shared through a secret sharing scheme. For sharing values of an attribute in a relation, the attribute is assigned a secret distribution key and its values are split and distributed among data servers according to a Shamir based secret sharing scheme. Given access control policies over attributes of the relation schema, access to distribution keys, used... 

Enforcing dynamic and confidential access control policies is a challenging issue of data outsourcing to external servers due to the lack of trust towards the servers. In this paper, we propose a scalable yet flexible access control enforcement mechanism when the underlying relational data, on which access policies are defined, has been shared through a secret sharing scheme. For sharing values of an attribute in a relation, the attribute is assigned a secret distribution key and its values are split and distributed among data servers according to a Shamir based secret sharing scheme. Given access control policies over attributes of the relation schema, access to distribution keys, used... 

High heterogeneity and dynamicity of pervasive computing environments introduces requirement of more flexible and functional access control policies. The notion of provisional actions has been defined previously to overcome the insufficient grant/denial response to an access request and has been incorporated in the provision-based access controlmodel(PBAC).BasedonPBAC,weproposeacontext-aware provision-based access control model, capable of dynamic adaptation of access control policy according to the changing context. In particular, the model facilitates the definition of context-aware policies and enriches the access control by enforcing provisional actions in addition to common permissions.... 

An important issue in designing multichannel MAC protocols for Opportunistic Spectrum Access (OSA) is the synchronization between Secondary Users (SUs). Synchronization can be performed in two phases: the initial handshaking, and then the synchronous hopping across available channels. In this paper, we address the problem of initial handshaking through the approach called "blind rendezvous". We first introduce a role-based solution by constructing two channel hopping sequences. The secondary transmitter and receiver jump across channels according to these two sequences. The proposed algorithm guarantees rendezvous in at most (C+1)2 time slots (where C is the number of channels) and two SUs... 

In pervasive computing environments, a user can access resources and services from any where and at any time; thus a key security challenge in these environments is the design of an effective access control model which is aware of context modifications. Changes in context may trigger changes in authorizations. In this paper, we propose a new context-aware access control model based on role-based access control model for pervasive computing environments. We assign roles to users dynamically based on the long-term context information and tune active role's permissions according to the short-term context information of the users and environment. © 2007 IEEE  

Mandatory access control has traditionally been employed as a robust security mechanism in critical environments like military ones. As computing technology becomes more pervasive and mobile services are deployed, applications will need flexible access control mechanisms. Aggregating mandatory models with context-awareness would provide us with essential means to define dynamic policies needed in critical environments. In this paper, we introduce a dynamic context-aware mandatory access control model which enables us to specify dynamic confidentiality and integrity policies using contextual constraints. © 2008 Springer-Verlag  

Nowadays, data outsourcing has become a solution for many organizations especially large scale enterprises due to the high costs of in-house management of the rapidly growing data. Among all security requirements in this context, user access control and its following dynamic changes are of interest. In this paper, we propose an efficient and reliable mechanism to solve this problem in owner-write-users-read applications. A novel solution is introduced to enforce access control on outsourced data using the Chinese Remainder Theorem. The solution allows updating policy changes at a limited cost in terms of both computational power and the number of users' secret keys. Although the server, on... 

Wireless Sensor Networks (WSNs) have been weaved into the fabric of our daily lives. The foremost impediment in the rapid development of these networks is the energy limitation which inhibits them from meeting specific application requirements. Recently, the advances in energy harvesting technology have made it possible to replenish the energy of sensors via external sources. Energy Harvesting-Wireless Sensor Networks (EH-WSNs) are being transformed from a visionary concept into reality. However, this concept is still in its infancy and calls for extensive research to cater to the needs of WSNs. For future progress of EH-WSNs, Medium Access Control (MAC) layer has undoubtedly a decisive role... 

In order to overcome the shortcomings of the recent frameworks and mechanisms for semantic-based access control, this paper presents a semantic-based, context-aware, and multi-domain enabled framework implementing a semantic-based access control mechanism for Semantic Web. The access control framework is based on the MA(DL)2 model, which takes the semantic relationships among different entities into account. The framework handles the Semantic Web context by classifying and representing it through an ontology. Considering the MA(DL)2 model, the framework assumes SemanticWeb having some overlapped domains, which each contains an authority and a security agent. As a domain authority... 

Private set intersection (PSI) is a fundamental cryptographic protocol which has a wide range of applications. It enables two clients to compute the intersection of their private datasets without revealing non-matching elements. The advent of cloud computing drives the ambition to reduce computation and data management overhead by outsourcing such computations. However, since the cloud is not trustworthy, some cryptographic methods should be applied to maintain the confidentiality of datasets. But, in doing so, data owners may be excluded from access control on their outsourced datasets. Therefore, to control access rights and to interact with authorized users, they have to be online during... 

Prevention of unauthorized access to services in mobile ad hoc networks is a more sophisticated problem than access control in other networks, due to interconnection facilities and lack of any fixed network infrastructure in such networks. Therefore regarding the nature of these networks, controlling access to services should be in a decentralized manner providing good performance and preserving network security. In this paper, we propose a decentralized Cooperation Enforcement Based Access Control (CEBAC) framework for mobile ad hoc networks. CEBAC comprises several groups of Service Authorizers, each issuing Credentials for access to a specific kind of services. The User Authorization for... 

ANSI RBAC is a standard for a consistent and uniform definition on Role Based Access Control features and their functional specifications ANSI (2004) [1]. We analyze both static and dynamic separation of duty constraints specifications in the ANSI RBAC standard and evaluate their reliabilities. We then suggest necessary improvements for making them completely reliable  

The infrastructure provided by a Grid enables researchers to collaboratively solve various research problems through sharing their resources and establishing virtual organizations (VOs). However, the distributed and dynamic nature of a Grid VO is a challenge for access control systems. All users in a VO have responsibilities which correspond to their rights. While they should be able to make use of all VO resources, irresponsibility and permission misuse (insider attack) impose costs and losses on the affected resources. Hence, the history of users' behavior and the possibility of misuse need to be considered in the resource providers' risk management process. In this paper, we propose the... 

An access control model for Semantic Web should be compatible with the corresponding semantic model. The access control procedure(s) should also take the semantic relationships between the entities (specified as ontologies) into account. Considering the benefits of logic-based models and the description logic foundation of Semantic Web, in this paper, we propose an access control model based on a temporal variant of description logics (TL-ALCF). This logical schema enables us to express history constrained policies to enrich the policy-base with dynamic properties based on previous accesses. The specification of each component of the model as well as the approach to define history... 

As semantic web grows, security concerns increase. One concern is controlling accesses to resources in this environment. In order to infer whether the access is allowed or not, different information of different entities including contextual information should be involved. From access control point of view, we divide the entities in semantic web into three categories: resources (objects), requesters (subjects), and environment (infrastructure, time, and location). In this paper, we present a semantic-based context-aware access control framework to be applied in semantic web, considered as a multi-domain environment. To handle context information in the framework, we propose a context... 

Popularity of data outsourcing and its consequent access control issues such as dynamism and efficiency is the main motivation of this paper. Existing solutions suffer from the potential unlimited number of user keys, inefficient update of policies, and disclosure of data owner’s access control policies. Using Chinese remainder theorem and proxy re-encryption together, in this paper, we propose an efficient access control enforcement mechanism based on selective encryption that addresses all the shortages. The overall architecture, required algorithms, and access control policy update are discussed. The mechanism is evaluated through simulation and, the given results are satisfactory  

Internet of Things (IoT) represents enabling all things in such a smart way that those things be accessed any time and anywhere through the Internet. Presence of IoT as a novel way of networking, opens up new concernsaround the communication and network world. A secure establishing in such a diffused network is a great concerns of the researchers. Due to Smart things' resource-constraints and power-limitation the former ways of securing networks cannot be applicable in IoT. Thus, security bootstrapping has introduced a solution for establishing security in the first instance of deploying the network. In this study, we have proposed a security bootstrapping solution which can be applied in...