scholarly journals Agent-Based Semantic Role Mining for Intelligent Access Control in Multi-Domain Collaborative Applications of Smart Cities

Sensors ◽  
2021 ◽  
Vol 21 (13) ◽  
pp. 4253
Author(s):  
Rubina Ghazal ◽  
Ahmad Kamran Malik ◽  
Basit Raza ◽  
Nauman Qadeer ◽  
Nafees Qamar ◽  
...  
Keyword(s):  
Access Control ◽  
Intelligent Agents ◽  
Smart Cities ◽  
Role Based Access Control ◽  
Semantic Role ◽  
Role Mining ◽  
Occupational Classification ◽  
Business Environments ◽  
Intelligent Software ◽  
Role Based

Significance and popularity of Role-Based Access Control (RBAC) is inevitable; however, its application is highly challenging in multi-domain collaborative smart city environments. The reason is its limitations in adapting the dynamically changing information of users, tasks, access policies and resources in such applications. It also does not incorporate semantically meaningful business roles, which could have a diverse impact upon access decisions in such multi-domain collaborative business environments. We propose an Intelligent Role-based Access Control (I-RBAC) model that uses intelligent software agents for achieving intelligent access control in such highly dynamic multi-domain environments. The novelty of this model lies in using a core I-RBAC ontology that is developed using real-world semantic business roles as occupational roles provided by Standard Occupational Classification (SOC), USA. It contains around 1400 business roles, from nearly all domains, along with their detailed task descriptions as well as hierarchical relationships among them. The semantic role mining process is performed through intelligent agents that use word embedding and a bidirectional LSTM deep neural network for automated population of organizational ontology from its unstructured text policy and, subsequently, matching this ontology with core I-RBAC ontology to extract unified business roles. The experimentation was performed on a large number of collaboration case scenarios of five multi-domain organizations and promising results were obtained regarding the accuracy of automatically derived RDF triples (Subject, Predicate, Object) from organizational text policies as well as the accuracy of extracted semantically meaningful roles.

scholarly journals Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

2019 ◽  
Vol 11 (9) ◽  
pp. 201 ◽  
Author(s):  
Wei Sun ◽  
Shiwei Wei ◽  
Huaping Guo ◽  
Hongbing Liu
Keyword(s):  
Access Control ◽  
Optimization Approach ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Engineering Technology ◽  
Role Mining ◽  
Novel Method ◽  
Separation Of Duty ◽  
Role Based ◽  
The Given

Role-based access control (RBAC), which has been regarded as one of the most popular access-control mechanisms, is featured by the separation-of-duty constraints, mutually exclusive constraints, and the least-privileges principle. Role mining, a bottom-up role-engineering technology, is an effective method to migrate from a non-RBAC system to an RBAC system. However, conventional role-mining approaches not only do not consider the separation of duty constraints, but also cannot ensure the security of a constructed RBAC system when the corresponding mined results violate the separation of a duty constraint and/or the least-privileges principle. To solve these problems, this paper proposes a novel method called role-mining optimization with separation-of-duty constraints and security detections for authorizations (RMO_SODSDA), which mainly includes two aspects. First, we present a role-mining-optimization approach for satisfying the separation of duty constraints, and we constructed different variants of mutually exclusive constraints to correctly implement the given separation of duty constraints based on unconstrained role mining. Second, to ensure the security of the constructed system and evaluate authorization performance, we reduced the authorization-query problem to a maximal-satisfiability problem. The experiments validate the effectiveness and efficiency of the proposed method.

scholarly journals Precursors of Role-Based Access Control Design in KMS: A Conceptual Framework

Information ◽  
2020 ◽  
Vol 11 (6) ◽  
pp. 334
Author(s):  
Gabriel Nyame ◽  
Zhiguang Qin
Keyword(s):  
Knowledge Management ◽  
Access Control ◽  
Organizational Context ◽  
Relevant Literature ◽  
Management Tool ◽  
Future Research ◽  
Illustrative Case ◽  
Role Based Access Control ◽  
Role Mining ◽  
Role Based

Role-based access control (RBAC) continues to gain popularity in the management of authorization concerning access to knowledge assets in organizations. As a socio-technical concept, the notion of role in RBAC has been overemphasized, while very little attention is given to the precursors: role strain, role ambiguity, and role conflict. These constructs provide more significant insights into RBAC design in Knowledge Management Systems (KMS). KMS is the technology-based knowledge management tool used to acquire, store, share, and apply knowledge for improved collaboration and knowledge-value creation. In this paper, we propose eight propositions that require future research concerning the RBAC system for knowledge security. In addition, we propose a model that integrates these precursors and RBAC to deepen the understanding of these constructs. Further, we examine these precursory constructs in a socio-technical fashion relative to RBAC in the organizational context and the status–role relationship effects. We carried out conceptual analysis and synthesis of the relevant literature, and present a model that involves the three essential precursors that play crucial roles in role mining and engineering in RBAC design. Using an illustrative case study of two companies where 63 IT professionals participated in the study, the study established that the precursors positively and significantly increase the intractability of the RBAC system design. Our framework draws attention to both the management of organizations and RBAC system developers about the need to consider and analyze the precursors thoroughly before initiating the processes of policy engineering, role mining, and role engineering. The propositions stated in this study are important considerations for future work.

scholarly journals A Conceptual Model of Role Based Access Control Using Role Mining Algorithm

2018 ◽  
Vol 12 (3) ◽  
pp. 1394
Author(s):  
Nazirah Abd Hamid ◽  
Rabiah Ahmad ◽  
Siti Rahayu Selamat
Keyword(s):  
Access Control ◽  
Conceptual Model ◽  
Role Based Access Control ◽  
Role Mining ◽  
General Process ◽  
System A ◽  
Mining Algorithm ◽  
Access Control System ◽  
Role Based ◽  
Mining Model

Numerous studies have shown that currently, role-based access control has becoming one of the successful access control model because of its principle that could simplifies the work of security administrators. However, to construct a concise, role-based access control system, a good role mining algorithm structure is needed therefore the objectives of this paper are firstly, to provide a general overview on phases that involved in designing and developing the algorithm and secondly, to introduce a conceptual model that constructed based on the analysis and this model represents a general process in role mining model. This model involved series of phases that begin with the input of data, pre-processing stage, candidate role generation phase, role selection and role assignment process and lastly number of roles as generated output.

scholarly journals BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT

Computers ◽  
2018 ◽  
Vol 7 (3) ◽  
pp. 39 ◽  
Author(s):  
Ronghua Xu ◽  
Yu Chen ◽  
Erik Blasch ◽  
Genshe Chen
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Smart Cities ◽  
Single Point ◽  
Raspberry Pi ◽  
Role Based Access Control ◽  
Privacy And Security ◽  
Smart Contract ◽  
Attribute Based Access Control ◽  
Role Based

While Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today’s AC is the centralized authorization server, which can cause a performance bottleneck or be the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices, services and information in large-scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI nodes) and more powerful computing devices (i.e., laptops) and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.

scholarly journals BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for IoT

2018 ◽  
Author(s):  
Ronghua Xu ◽  
Yu Chen ◽  
Erik Blasch ◽  
Genshe Chen
Keyword(s):  
Access Control ◽  
Large Scale ◽  
Smart Cities ◽  
Single Point ◽  
Raspberry Pi ◽  
Role Based Access Control ◽  
Privacy And Security ◽  
Smart Contract ◽  
Attribute Based Access Control ◽  
Role Based

While the Internet of Things (IoT) technology has been widely recognized as the essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today's AC is the centralized authorization server, which can be the performance bottleneck or the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable an effective protection for devices, services and information in large scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registering, propagating and revocating of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI node) and more powerful computing devices (i.e., laptops), and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.

Sign in / Sign up

Export Citation Format

Share Document