Explore chapters and articles related to this topic
Security issues in blockchain as access control in electronic health records
Published in Muhammad Arif, Guojun Wang, Mazin Abed Mohammed, Md Tabrez Nafis, Vehicular Ad Hoc Networks, 2023
Aitizaz Ali, Muhammad Fermi Pasha, Ong Hue Fang
RBAC can be divided into three major categories: (a) basic RBAC, (b) hierarchical RBAC, and (c) constrained RBAC. Basic RBAC consists of a set of users, resources, and a set of the universe of access permissions. The core behind this is to integrate subsets of access rights and permissions within named roles. When a user is assigned a role, it describes that this user has the authority to access a particular resource within the confinement of the role. When a user is assigned a role it describes that this user has the authority to access a particular resource within the confinement of the role. A role defines competency in a specific area. A virtual role or position in RBAC is a term used when a role is assigned without any direct user. For example, the role of a healthcare provider is considered a high-level abstraction for doctors and nurses. Role assignment represents a concrete scope of responsibility. At a lower level, access to resources is provided through a functional interface by a resource manager. Such an interface to a resource is called operation. It depends upon the semantics of the operation that one or more permission might be added to a role but disjoint. For example, a read and append operation be assigned to a role but disjoint. These two operations can be implied through write operation. Depending upon the access policy, the list of the permission to a particular operation can be further evaluated by the access control system.
Security: Basics and Security Analytics
Published in Rakesh M. Verma, David J. Marchette, Cybersecurity Analytics, 2019
Rakesh M. Verma, David J. Marchette
After a suitable policy is devised, the next step is enforcing the policy, or access control. The basic data structure for access control, or who is authorized to do what on a computer system, is the access control list (ACL), which one can think as a sequence of pairs of the form (user, permission on a specific resource). Resources may be files, printers, etc. However, this is unwieldy to manage. Lookups and updates are slow and since everything is excruciatingly explicit, there is a huge amount of tedious work, depending on the system resources, when a new user joins the system or an existing user leaves the system. So we introduce abstractions such as role-based access controlRBACrole-based access control and attribute-based access control. In role-based access control, users have what are called roles on the system and the roles have associated permissions. In essence, the ACL is now split into two lists: the user-role list and the role-permission list. This makes things more manageable and less tedious.
Smart Grid Technologies
Published in Stuart Borlase, Smart Grids, 2017
Smart grid control systems should be designed to allow each user to have a unique account ID and password. This requirement supports traceability and role-based access control. Traceability means that actions taken on the control system can be traced to an individual user. Role-based access control means that each user can be assigned roles and associated privileges (levels of authority). For example, a dispatcher may be allowed to open a breaker, while a less privileged user may not be able to open the same breaker. Legacy control system equipment may not support separate usernames. In this case, NERC CIP 007 requires entities to limit password knowledge to those individuals with a need to know. The security clouds shown in Figure 3.49 include access control features that limit access to an entire electronic security perimeter. These access control features can be certificate based, can support separate user ID and passwords for all users, and can support role-based access control.
What drives MLOps adoption? An analysis using the TOE framework
Published in Journal of Decision Systems, 2023
Sibanjan Debeeprasad Das, Pradip Kumar Bala
Another key area of MLOps is to secure the ML systems, data and results so that only the authorised parties can access the access ML model data and result. ML system security comprises ML data security and ML model security. Role-based access control (RBAC) is generally used to enforce data protection policy and access permissions in an Enterprise (Ferraiolo et al., 1995). While there are many literature related to data security (Barani Sundaram et al., 2022; P.R. Kumar et al., 2018; Tankard, 2012), there are handful of literature on securing and protecting the ML systems. Bertino et al. (2021) emphasised on the need to secure the production of AI systems and identified few new class of vulnerabilities which are create problems in the system. Chen et al. (2019) discussed the different adversarial AI techniques that can deceive an AI system into making mistakes. Even the attackers can launch misclassification attacks and targeted attacks to generate adversarial examples. Even if the attacker has no idea of the details related to the training algorithm used in the model, they can launch a black-box attack. Barreno et al. (2010) presented a view on different classes of ML system attacks and developed a defence that succeeds against Indiscriminate Causative Availability attacks with potential broader relevance. A secure ML system forms a basis for creating a reliable ecosystem of ML models and consuming its results.
Systematic Survey: Secure and Privacy-Preserving Big Data Analytics in Cloud
Published in Journal of Computer Information Systems, 2023
Arun Amaithi Rajan, Vetriselvi V
The main idea behind RBAC is to provide restricted access to the system depending on the role of a user within an organization. RBAC is one of the principal methods in advanced AC.26 The levels of access that users have to the application are described by the roles in RBAC. Access can depend on many things, like authority, accountability, and job proficiency. Access to computer resources can also be restricted to particular operations, such as the capability to view, create, or alter a file.
Crowd review and attribute-based credit computation for an access control mechanism in cloud data centers
Published in International Journal of Computers and Applications, 2023
Ajay Kumar Dubey, Vimal Mishra
The role-based access control (RBAC) mechanism is most popular and a widely used access control technique due to its low cost and optimum security. It was pioneered in the 1970s for the online systems which has begun with multi-user environment. The advantage of this technique is that it is not directly related with the policy but has been well known as a safety model and enforces the access control mechanism in an organizational way [15]. This has greatly simplified the management of permissions. The access control is allocated based on the roles the entities are assigned by the organization of a network. The owner governs what the roles can access and how they can access the services as in DAC or policy-based or as with MACs. It regulates entity access on the basis of the entity activity execution in the system and its own access capabilities. Role-based policies depend on identification of the roles in the system as shown in Table 1. A role is a set of activity that can be performed by the entity. Services are linked with a role that contains the privileges assigned to that role. Entities can be reassigned from one role to another. Entity supports the following three security concepts: (i) Least privilege ensures that only those permissions are assigned to the users, which are necessary for the completion of the tasks.(ii) Separation of duties is ensured by invoking the mutually exclusive roles to complete a particular service.(iii) Data abstraction issues an abstracted permissions to the entities rather than the read, write, execute which are allocated by the operating system. The adoption of this model has several advantages like authorization management, roles hierarchy, and separation of duties [16]. This allows better management by separating the entity assignment to the roles and the access control to the roles. It allows better static/dynamic constraint enforcement that restricts the number of roles allowed for a given privilege. This is true even for a group of entities and the roles the entities play in various groups [17]. When we look at the meaning of a group, it is a list of entities which have the same access permissions for a period of time using some defined procedures. It includes the capability to establish the relationships between the roles and the permissions as well as entities and roles. Roles can take the inheritance relations like the one role inherits the permissions assigned to a different role.