Data Provenance and Access Control Rules for Ownership Transfer Using Blockchain

Provenance provides information about how data came to be in its present state. Recently, many critical applications are working with data provenance and provenance security. However, the main challenges in provenance-based applications are storage representation, provenance security, and centralized approach. In this paper, the authors propose a secure trading framework which is based on the techniques of blockchain that includes various features like decentralization, immutability, and integrity in order to solve the trust crisis in centralized provenance-based system. To overcome the storage representation of data provenance, they propose JavaScript object notation (JSON) structure. To improve the provenance security, they propose the access control language (ACL) rule. To implement the JSON structure and ACL rules, permissioned blockchain based tool “Hyperledger Composer” has been used. They demonstrate that their framework minimizes the execution time when the number of transaction increases in terms of storage representation of data provenance and security.

Trust Negotiation among IoT-based Objects in Critical Healthcare Environment

In pervasive environment, the opportunity of unidentified objects involving in malevolent interactions increases due to the lack of centralized services. Traditional authentication and access control rules cannot be applied due to limitations of foot print of the objects used in Internet of Things. The proposed model presents authentication and authorization for an IoT-based ad-hoc objects using human notion of trust. The paper presents testing the proposed model with relevant use-cases in patient monitoring healthcare devices and presents the analysis results used in the critical care areas.

A Flexible and Centralized Approach for Access Control in Heterogeneous IoT Environment

In this article, the researchers introduce a 3-level model for security access control that comes as an extension to ABAC. This extension augments its structural and hierarchical expressiveness allowing to define arbitrarily complex access control rules. The authors apply this model to IoT platforms and show how it fulfils security access control requirements of these platforms. Finally, a reference architecture is introduced for access control applied to connected objects and its implementation details are presented.

A High-level Authorization Framework for Software-Defined Networks

Enterprise network managers need to control the access to their network resources and protect them from malicious users. Current Network Access Control (NAC) solutions rely on approaches, such as firewalls, VLAN, ACL, and LDAP that are inflexible and require per-device and vendor-specific configurations, being error-prone. Besides, misconfigurations may result in vulnerabilities that could compromise the overall network security. Managing security policies involve dealing with many access control rules, conflicting policies, rule priorities, right delegation, dynamics of the network, etc. This work presents HACFlow, a novel, autonomic, and policy-based framework for access control management in OpenFlow networks. HACFlow simplifies and automates the network management allowing network operators to govern rights of network entities by defining dynamic, fine-grained, and high-level access control policies. We analyzed the performance of HACFlow and compared it against related approaches.

Validation of IS Security Policies Featuring Authorisation Constraints

Designing a security policy for an information system (IS) is a non-trivial task. Variants of the RBAC model can be used to express such policies as access-control rules associated to constraints. In this paper, we advocate that currently available tools do not take sufficiently into account the functional description of the application and its impact on authorisation constraints and dynamic aspects of security. The authors suggest translating both security and functional models into a formal language, such as B, whose analysis and animation tools will help validate a larger set of security scenarios. The authors describe how various kinds of constraints can be expressed and animated in this context. The authors also present a tool support which performs this translation and report on a case study where animation and testing techniques were used to validate the security policy of a medical emergency information system.