Sharif Digital Repository

Nowadays, data outsourcing has become a solution for many organizations especially large scale enterprises due to the high costs of in-house management of the rapidly growing data. Among all security requirements in this context, user access control and its following dynamic changes are of interest. In this paper, we propose an efficient and reliable mechanism to solve this problem in owner-write-users-read applications. A novel solution is introduced to enforce access control on outsourced data using the Chinese Remainder Theorem. The solution allows updating policy changes at a limited cost in terms of both computational power and the number of users' secret keys. Although the server, on... 

Enforcing dynamic and confidential access control policies is a challenging issue of data outsourcing to external servers due to the lack of trust towards the servers. In this paper, we propose a scalable yet flexible access control enforcement mechanism when the underlying relational data, on which access policies are defined, has been shared through a secret sharing scheme. For sharing values of an attribute in a relation, the attribute is assigned a secret distribution key and its values are split and distributed among data servers according to a Shamir based secret sharing scheme. Given access control policies over attributes of the relation schema, access to distribution keys, used... 

Enforcing dynamic and confidential access control policies is a challenging issue of data outsourcing to external servers due to the lack of trust towards the servers. In this paper, we propose a scalable yet flexible access control enforcement mechanism when the underlying relational data, on which access policies are defined, has been shared through a secret sharing scheme. For sharing values of an attribute in a relation, the attribute is assigned a secret distribution key and its values are split and distributed among data servers according to a Shamir based secret sharing scheme. Given access control policies over attributes of the relation schema, access to distribution keys, used... 

High heterogeneity and dynamicity of pervasive computing environments introduces requirement of more flexible and functional access control policies. The notion of provisional actions has been defined previously to overcome the insufficient grant/denial response to an access request and has been incorporated in the provision-based access controlmodel(PBAC).BasedonPBAC,weproposeacontext-aware provision-based access control model, capable of dynamic adaptation of access control policy according to the changing context. In particular, the model facilitates the definition of context-aware policies and enriches the access control by enforcing provisional actions in addition to common permissions.... 

Online Social Networks (OSNs) have become widely popular in recent years. In spite of users' interest to join OSNs, sharing vast amounts of personal information and resources in these networks might result in privacy issues for them. In the centralized OSNs, access control policies defined by users are enforced by OSN providers. Moreover, as these shared resources are stored by providers, they can access them. To avoid such problems, various architectures for decentralized OSNs are proposed. But the proposed architectures for P2P OSNs yet do not support any mechanism for collaborative privacy management on the shared content. By increasing the amount of resources such as photos which is... 

One of the security issues in data outsourcing scenario is the enforcement of data owner's access control policies. This includes some challenges; namely, the number of keys required to access authorized resources, efficient policy updating, write access control enforcement, user and data owner overhead, and preserving confidentiality of data and policies. Most of the existing solutions address only some of the challenges, while they impose high overhead on both the data owner and users. Though, policy management in the Role-Based Access Control (RBAC) model is easier and more efficient due to the existence of role hierarchical structure and role inheritance; most of the existing solutions... 

Private set intersection (PSI) is a fundamental cryptographic protocol which has a wide range of applications. It enables two clients to compute the intersection of their private datasets without revealing non-matching elements. The advent of cloud computing drives the ambition to reduce computation and data management overhead by outsourcing such computations. However, since the cloud is not trustworthy, some cryptographic methods should be applied to maintain the confidentiality of datasets. But, in doing so, data owners may be excluded from access control on their outsourced datasets. Therefore, to control access rights and to interact with authorized users, they have to be online during... 

In recent years, mobile social networks have largely been developed and gained considerable popularity. An approach to protecting privacy on mobile social networks is the use of encryption and access control. Good alternatives for use on mobile social networks are the Public Broadcast Encryption approach for appropriate concordance and consistency with the structure of social networks as well as the Attribute-Based Encryption owing to its capability and proper implementation of the access control policy. Accordingly, in this paper, a framework was presented based on the Public Broadcast Encryption and Attribute-Based Encryption. Using proxies, we outsourced some of these operations in the... 

Emerging tools that ease sharing information in online social networks (OSNs) can cause various privacy issues for users. Access control is the main security mechanism in OSNs which is used to tackle such issues. In this paper, a prioritized ontology based access control model for protecting users' information in OSNs is proposed. In the proposed model, description logic (DL) is used for modeling social networks and MKNF+ rules are used for specification of users' access control policies. Using MKNF+, we can have nonmonotonic inference (i.e., closed-world reasoning) in the access control procedure. Conflict among access rules defined by a user in an OSN, is another problem, which is resolved... 

Time plays a crucial role in access control for new computing environments, which is not supported in traditional access control models. In this paper, we propose a Generalized Temporal History Based Access Control (GTHBAC) model, aimed at integrating history-based constraints along with a generic access control model. GTHBAC enhances the specification of user-defined authorization rules by constraining time interval and temporal expression over users' history of accesses. Due to different application needs, GTHBAC uses two different time schemes, i.e., real time and logical time, in its authorization rules. A formal semantics for temporal authorizations is provided, and conflicting... 

Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments like military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes may be required in some environments. Moreover, as computing technology becomes more pervasive, flexible access control mechanisms are needed. Unlike traditional approaches for access control, such access decisions depend on the combination of the required credentials of users and the context of the system. Incorporating context-awareness into mandatory access control models results in a... 

Role-Based Access Control (RBAC) model is naturally suitable to organizations where users are assigned organizational roles with well-defined privileges. However, due to the large number of users in nowadays online services of organizations and enterprises, assigning users to roles is a tiresome task and maintaining user-role assignment up- to-date is costly and error-prone. Additionally, with the increasing number of users, RBAC may have problems in prohibiting cheat and changing roles of users. In order to categorize information and formulate security policies, human decision making is required which is naturally fuzzy in the real world. This leads using a fuzzy approach to address the...