• Title/Summary/Keyword: dynamic access control

Search Result 278, Processing Time 0.02 seconds

A Virtualization Management Convergence Access Control Model for Cloud Computing Environments (클라우드 컴퓨팅 환경에서 가상화 관리 융합접근제어 모델)

  • Choi, Eun-Bok
    • Journal of Convergence for Information Technology
    • /
    • v.8 no.5
    • /
    • pp.69-75
    • /
    • 2018
  • The purpose of access control is to prevent computing resources from illegal behavior such as leakage, modification, and destruction by unauthorized users. As the cloud computing environment is expanded to resource sharing services using virtualization technology, a new security model and access control technique are required to provide dynamic and secure cloud-based computing services. The virtualization management convergence access control model provides a flexible user authorization function by applying the dynamic privilege assignment function to the role based access control mechanism. In addition, by applying access control mechanism based on security level and rules, we solve the conflict problem in virtual machine system and guarantee the safeness of physical resources. This model will help to build a secure and efficient cloud-based virtualization management system and will be expanded to a mechanism that reflects the multi-level characteristics.

Medical Information Dynamic Access System in Smart Mobile Environments (스마트 모바일 환경에서 의료정보 동적접근 시스템)

  • Jeong, Chang Won;Kim, Woo Hong;Yoon, Kwon Ha;Joo, Su Chong
    • Journal of Internet Computing and Services
    • /
    • v.16 no.1
    • /
    • pp.47-55
    • /
    • 2015
  • Recently, the environment of a hospital information system is a trend to combine various SMART technologies. Accordingly, various smart devices, such as a smart phone, Tablet PC is utilized in the medical information system. Also, these environments consist of various applications executing on heterogeneous sensors, devices, systems and networks. In these hospital information system environment, applying a security service by traditional access control method cause a problems. Most of the existing security system uses the access control list structure. It is only permitted access defined by an access control matrix such as client name, service object method name. The major problem with the static approach cannot quickly adapt to changed situations. Hence, we needs to new security mechanisms which provides more flexible and can be easily adapted to various environments with very different security requirements. In addition, for addressing the changing of service medical treatment of the patient, the researching is needed. In this paper, we suggest a dynamic approach to medical information systems in smart mobile environments. We focus on how to access medical information systems according to dynamic access control methods based on the existence of the hospital's information system environments. The physical environments consist of a mobile x-ray imaging devices, dedicated mobile/general smart devices, PACS, EMR server and authorization server. The software environment was developed based on the .Net Framework for synchronization and monitoring services based on mobile X-ray imaging equipment Windows7 OS. And dedicated a smart device application, we implemented a dynamic access services through JSP and Java SDK is based on the Android OS. PACS and mobile X-ray image devices in hospital, medical information between the dedicated smart devices are based on the DICOM medical image standard information. In addition, EMR information is based on H7. In order to providing dynamic access control service, we classify the context of the patients according to conditions of bio-information such as oxygen saturation, heart rate, BP and body temperature etc. It shows event trace diagrams which divided into two parts like general situation, emergency situation. And, we designed the dynamic approach of the medical care information by authentication method. The authentication Information are contained ID/PWD, the roles, position and working hours, emergency certification codes for emergency patients. General situations of dynamic access control method may have access to medical information by the value of the authentication information. In the case of an emergency, was to have access to medical information by an emergency code, without the authentication information. And, we constructed the medical information integration database scheme that is consist medical information, patient, medical staff and medical image information according to medical information standards.y Finally, we show the usefulness of the dynamic access application service based on the smart devices for execution results of the proposed system according to patient contexts such as general and emergency situation. Especially, the proposed systems are providing effective medical information services with smart devices in emergency situation by dynamic access control methods. As results, we expect the proposed systems to be useful for u-hospital information systems and services.

A cross-domain access control mechanism based on model migration and semantic reasoning

  • Ming Tan;Aodi Liu;Xiaohan Wang;Siyuan Shang;Na Wang;Xuehui Du
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.18 no.6
    • /
    • pp.1599-1618
    • /
    • 2024
  • Access control has always been one of the effective methods to protect data security. However, in new computing environments such as big data, data resources have the characteristics of distributed cross-domain sharing, massive and dynamic. Traditional access control mechanisms are difficult to meet the security needs. This paper proposes CACM-MMSR to solve distributed cross-domain access control problem for massive resources. The method uses blockchain and smart contracts as a link between different security domains. A permission decision model migration method based on access control logs is designed. It can realize the migration of historical policy to solve the problems of access control heterogeneity among different security domains and the updating of the old and new policies in the same security domain. Meanwhile, a semantic reasoning-based permission decision method for unstructured text data is designed. It can achieve a flexible permission decision by similarity thresholding. Experimental results show that the proposed method can reduce the decision time cost of distributed access control to less than 28.7% of a single node. The permission decision model migration method has a high decision accuracy of 97.4%. The semantic reasoning-based permission decision method is optimal to other reference methods in vectorization and index time cost.

Access Control Mechanism for CouchDB

  • Ashwaq A., Al-otaibi;Reem M., Alotaibi;Nermin, Hamza
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.12
    • /
    • pp.107-115
    • /
    • 2022
  • Recently, big data applications need another database different from the Relation database. NoSQL databases are used to save and handle massive amounts of data. NoSQL databases have many advantages over traditional databases like flexibility, efficiently processing data, scalability, and dynamic schemas. Most of the current applications are based on the web, and the size of data is in increasing. NoSQL databases are expected to be used on a more and large scale in the future. However, NoSQL suffers from many security issues, and one of them is access control. Many recent applications need Fine-Grained Access control (FGAC). The integration of the NoSQL databases with FGAC will increase their usability in various fields. It will offer customized data protection levels and enhance security in NoSQL databases. There are different NoSQL database models, and a document-based database is one type of them. In this research, we choose the CouchDB NoSQL document database and develop an access control mechanism that works at a fain-grained level. The proposed mechanism uses role-based access control of CouchDB and restricts read access to work at the document level. The experiment shows that our mechanism effectively works at the document level in CouchDB with good execution time.

Sharing and Privacy in PHRs: Efficient Policy Hiding and Update Attribute-based Encryption

  • Liu, Zhenhua;Ji, Jiaqi;Yin, Fangfang;Wang, Baocang
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.1
    • /
    • pp.323-342
    • /
    • 2021
  • Personal health records (PHRs) is an electronic medical system that enables patients to acquire, manage and share their health data. Nevertheless, data confidentiality and user privacy in PHRs have not been handled completely. As a fine-grained access control over health data, ciphertext-policy attribute-based encryption (CP-ABE) has an ability to guarantee data confidentiality. However, existing CP-ABE solutions for PHRs are facing some new challenges in access control, such as policy privacy disclosure and dynamic policy update. In terms of addressing these problems, we propose a privacy protection and dynamic share system (PPADS) based on CP-ABE for PHRs, which supports full policy hiding and flexible access control. In the system, attribute information of access policy is fully hidden by attribute bloom filter. Moreover, data user produces a transforming key for the PHRs Cloud to change access policy dynamically. Furthermore, relied on security analysis, PPADS is selectively secure under standard model. Finally, the performance comparisons and simulation results demonstrate that PPADS is suitable for PHRs.

Implementation of Extended Task Role-Based Access Control Model (확장된 과업 역할기반 접근제어 모델의 구현)

  • 임황빈;박동규
    • Journal of the Institute of Electronics Engineers of Korea TE
    • /
    • v.39 no.4
    • /
    • pp.431-436
    • /
    • 2002
  • This paper implements an improved model for access control enforcement in enterprise environments. The integration of the task role-based access control model and the "conflicting entities" administration paradigm supply a specification of static and dynamic separation of duty requirements in the workflow environment. The implemented Extended Task Role-Based Access Control model can deal with the conflicting entities for workflow oriented tasks. It will support elaborate separation of duty policy to tasks in enterprise environment through the classification of enterprise sessions according to their characteristics.

Terminal-Assisted Hybrid MAC Protocol for Differentiated QoS Guarantee in TDMA-Based Broadband Access Networks

  • Hong, Seung-Eun;Kang, Chung-Gu;Kwon, O-Hyung
    • ETRI Journal
    • /
    • v.28 no.3
    • /
    • pp.311-319
    • /
    • 2006
  • This paper presents a terminal-assisted frame-based packet reservation multiple access (TAF-PRMA) protocol, which optimizes random access control between heterogeneous traffic aiming at more efficient voice/data integrated services in dynamic reservation TDMA-based broadband access networks. In order to achieve a differentiated quality-of-service (QoS) guarantee for individual service plus maximal system resource utilization, TAF-PRMA independently controls the random access parameters such as the lengths of the access regions dedicated to respective service traffic and the corresponding permission probabilities, on a frame-by-frame basis. In addition, we have adopted a terminal-assisted random access mechanism where the voice terminal readjusts a global permission probability from the central controller in order to handle the 'fair access' issue resulting from distributed queuing problems inherent in the access network. Our extensive simulation results indicate that TAF-PRMA achieves significant improvements in terms of voice capacity, delay, and fairness over most of the existing medium access control (MAC) schemes for integrated services.

  • PDF

Dynamic Predicate: An Efficient Access Control Mechanism for Hippocratic XML Databases (동적 프레디킷 : 허포크라테스 XML 데이타베이스를 위한 효율적인 액세스 통제 방법)

  • Lee Jae-Gil;Han Wook-Shin;Whang Kyu-Young
    • Journal of KIISE:Databases
    • /
    • v.32 no.5
    • /
    • pp.473-486
    • /
    • 2005
  • The Hippocratic database model recently proposed by Agrawal et at. incorporates privacy protection capabilities into relational databases. The authors have subsequenty proposed the Hippocratic XML daかabase model[4], an extension of the Hippocratic database model for XML databases. In this paper, we propose a new concept that we cail the dynamic predicate(DP) for effective access control in the Hippocratic XML database model. A DP is a novel concept that represents a dynamically constructed rendition that tan be adapted for determining the accessibility of elements during query execution. DPs allow us to effectively integrate authorization checking into the query plan so that unauthorized elements are excluded in the process of query execution. Using synthetic and real data, we have performed extensive experiments comparing query processing time with those of existing access control mechanisms. The results show that the proposed access control mechanism improves the wall clock time by up to 219 times over the top-down access control strategy and by up to 499 times over the bottom-up access control strategy. The major contribution of our, paper is enabling effective integration of access control mechanisms with the query plan using the DP under the Hippocratic XML database model.

Context Conflicts of Role-Based Access Control in Ubiquitous Computing Environment (유비쿼터스 컴퓨팅 환경의 역할 기반 접근제어에서 발생하는 상황 충돌)

  • Nam Seung-Jwa;Park Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.2
    • /
    • pp.37-52
    • /
    • 2005
  • Traditional access control models like role-based access control model are insufficient in security needs in ubiquitous computing environment because they take no thought of access control based on user's context or environment condition. In these days, although researches on context-aware access control using user's context or environment conditions based on role-based access control are emerged, they are on the primary stage. We present context definitions md an access control model to provide more flexible and dynamic context-aware access control based on role-based access control. Specially, we describe the conflict problems occurred in the middle of making an access decision. After classifying the conflict problems, we show some resolutions to solve them. In conclusion, we will lay the foundations of the development of security policy and model assuring right user of right object(or resource) and application service through pre-defined context and context classification in ubiquitous computing environments. Beyond the simplicity of access to objects by authorized users, we assure that user can access to the object, resource, or service anywhere and anytime according to right context.

A CASA-Based Dynamic Access Control Scheme for Ubiquitous Environments (유비쿼터스 환경을 위한 CASA 기반의 동적 접근 제어 기법)

  • Kim, Kyoung-Ja;Chang, Tae-Mu
    • Journal of the Korea Society of Computer and Information
    • /
    • v.13 no.4
    • /
    • pp.205-211
    • /
    • 2008
  • Conventional context-aware service models permit the access of resources only by user authentication, but the ubiquitous environments where the context information around users is changing frequently require the resource access control according to the rapid changes. This paper proposes a scheme to control access permission of resource dynamically as context information of user changes. Our access control model is based on traditional CASA (Context-Aware Security Architecture), but can restrict the access of the user already has been authorized. With the real-time checking of context information, our scheme gives different access controls according to changes in environmental information, and provides more secure services than conventional context-aware models.

  • PDF