Explore chapters and articles related to this topic
Security issues in blockchain as access control in electronic health records
Published in Muhammad Arif, Guojun Wang, Mazin Abed Mohammed, Md Tabrez Nafis, Vehicular Ad Hoc Networks, 2023
Aitizaz Ali, Muhammad Fermi Pasha, Ong Hue Fang
Object-based models are considered as DAC (discretionary access control) model and MAC (mandatory access control) model. In DAC, an object is directly connected to a subject using the relationship between these two entities. MAC is the improved form of DAC in a way that it uses the security attributes of the subject and objects to grant access [6]. MAC is considered a standard and well-established approach in cryptography [8]. It was first designed for military purposes for controlling information. MAC is indeed based on a lattice-based information flow model. MAC has further two versions, such as Bell–LaPadula and Biba models. The Bell–LaPadula model provides information flow and confidentiality, whereas the Biba model is concerned with maintaining the integrity of the data.
Access Control and Data Security of IoT Applications Using Blockchain Technology
Published in Rajdeep Chakraborty, Anupam Ghosh, Valentina Emilia Bălaş, Ahmed A Elngar, Blockchain, 2023
Usha Divakarla, K. Chandrasekaran
The previously specified features are often encoded into access control policies using different models known as access control models. These models vary in the way they are implemented and the degree of granularity and control they allow over the resources. Different models may use different variables and functions to implement the access control rules. Often all the access control methods are classified into mandatory access control (MAC) or discretionary access control (DAC). In MAC, permissions are given on a level based hierarchy. Administrators create levels and assign users to certain levels while rules are specified in a manner that a user can access all resources that are not above his level. DAC, however, provides access by the identity of the individual user. Usually this is done by maintaining a list of authorized users for each resource. MAC is more suited for governmental use cases where classifications (labels) are assigned to each file system object and the subjects (users) and rules are assigned based on these classifications. DAC is more often used in a personal scenario allowing owners control over access policies of their resources.
Security and Privacy in Location-Based Services
Published in Hassan A. Karimi, Advanced Location-Based Technologies and Services, 2016
Mohd Anwar, Amirreza Masoumzadeh, James Joshi
Various access control approaches have been proposed in the literature, including discretionary access control (DAC), mandatory access control (MAC), role-based access control (RBAC), and attribute-based access control (ABAC) (Joshi et al. 2001). In a DAC approach, a user is allowed to grant the privileges he already has to other users; whereas in a MAC approach, a classification scheme for subjects and objects is used, and a set of rules on different classes is defined in order to grant accesses. To avoid the unauthorized flow of sensitive information, the MAC model, also referred to as the multilevel model, can enforce no read-up (no write-up) and no write-down (no read-down) rules at a given level to capture confidentiality (integrity) requirements (Joshi et al. 2001). In an RBAC approach, users are assigned to roles; permissions related to activities associated with a role are made available to a user who is assigned to that role. Similarly, in an ABAC approach, access control rules are defined on subject or object attributes, which need to be satisfied before access is granted. In LBS, various access control approaches may need to be applied based on the specific requirements of an application domain. For instance, an LBS associated with military government (e.g., in mission critical mobile application) would need some form of multilevel security to provide information flow security based on location of the subjects and objects (Ray and Kumar 2006).
Policy reconciliation for access control in dynamic cross-enterprise collaborations
Published in Enterprise Information Systems, 2018
D. Preuveneers, W. Joosen, E. Ilie-Zudor
Access control is a key information protection mechanism, with the most common, oldest, and most well-known identity-based access control models being Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role Based Access Control (RBAC) (Sandhu 1993; Sandhu and Samarati 1994; Sandhu et al. 1996). Recently, there has been growing interest in Attribute Based Access Control (ABAC) (Jin, Krishnan, and Sandhu 2012) to overcome the limitations of the aforementioned access control models. The ABAC model makes decisions on permitting or denying access by relying on attributes of subjects, resources, actions, and the environment. It allows for resource owners, such as enterprise information systems, to grant access to unanticipated users as long as they have attributes that meet certain criteria. In policy-based access control, such as Ponder (Damianou et al. 2001), Rei and KAoS (Tonti et al. 2003), and the eXtensible Access Control Markup Language (XACML) specification (XACML-V3.0 2012), regulation of access to protected resources is expressed external to the applications as high-level rules that define who has access to what resources under what conditions. In Ferraiolo et al. (2016), the authors offer a comparison of the XACML and NGAC attribute-based access control specifications and underlying architectures. The latest trend in access control models is Risk-Adaptive Access Control (RAdAC) (Kandala, Sandhu, and Bhamidipati 2011; Ni, Bertino, and Lobo 2010) where access decisions depend on dynamic risk assessments.
Recommendations for smart grid security risk management
Published in Cyber-Physical Systems, 2019
Vikas Lamba, Nikola Šimková, Bruno Rossi
(2) Secure access control: although discretionary access control (DAC) and mandatory access control (MAC) can be used for conventional IT systems, these mechanisms may not be a viable solution for SGs as they cannot model interdependencies between cyber and physical components. Furthermore, these mechanisms are not resistant to operator mistakes and insider attacks. Hence, context-aware access control policies may be used that have the capability to track information flow, ability to detect events, and inhibits operations that can leak sensitive data [57]. In addition, role-based access control (RBAC) mechanisms can also be used to avoid complexities in managing big data from the numerous stakeholders in SGs [19,38].
Innovative Development Measures of the Chinese Medicine Industry in Industrial Big Data with the Aid of AI in the Context of an Imperfectly Competitive Market Economy
Published in Applied Artificial Intelligence, 2023
The Chinese medicine data management department can be prevented by using autonomous access control, which means that the staff of the Chinese medicine management department has absolute authority to generate access objects and decide the types of users who can use the access rights, and mandatory access control, which means that the system will decide the types of users who can use the access rights according to the pre-defined rules, so as to protect the critical Chinese medicine data.