Sharif Digital Repository

In pervasive computing environments, a user can access resources and services from any where and at any time; thus a key security challenge in these environments is the design of an effective access control model which is aware of context modifications. Changes in context may trigger changes in authorizations. In this paper, we propose a new context-aware access control model based on role-based access control model for pervasive computing environments. We assign roles to users dynamically based on the long-term context information and tune active role's permissions according to the short-term context information of the users and environment. © 2007 IEEE  

An access control model for Semantic Web should be compatible with the corresponding semantic model. The access control procedure(s) should also take the semantic relationships between the entities (specified as ontologies) into account. Considering the benefits of logic-based models and the description logic foundation of Semantic Web, in this paper, we propose an access control model based on a temporal variant of description logics (TL-ALCF). This logical schema enables us to express history constrained policies to enrich the policy-base with dynamic properties based on previous accesses. The specification of each component of the model as well as the approach to define history... 

High heterogeneity and dynamicity of pervasive computing environments introduces requirement of more flexible and functional access control policies. The notion of provisional actions has been defined previously to overcome the insufficient grant/denial response to an access request and has been incorporated in the provision-based access controlmodel(PBAC).BasedonPBAC,weproposeacontext-aware provision-based access control model, capable of dynamic adaptation of access control policy according to the changing context. In particular, the model facilitates the definition of context-aware policies and enriches the access control by enforcing provisional actions in addition to common permissions.... 

Virtual organization (VO) is aimed to provide inter-organizational collaborations. Constructing a VO necessitates provision of security and access control requirements which cannot be satisfied using the traditional access control models. This is basically due to special features of VOs; such as temporality, unknown users, and diverse resources. In this paper, after expressing our assumption on a framework for VOs; the concept of organizational trust and reputation is used to establish an access control model for VOs. Each member of an organization inherits its organizational reputation. Resource providers announce the behavior of their interacting users to their organization manager.... 

An access control model for Semantic Web should take the semantic relationships among the entities, defined in the abstract conceptual level (i.e., ontology level), into account. Authorization and policy specification based on a logical model let us infer implicit security policies from the explicit ones based on the defined semantic relationships in the domains of subjects, objects, and actions. In this paper, we propose a logic based access control model for specification and inference of history-constrained access policies in conceptual level of Semantic Web. The proposed model (named TDLBAC-2) enables authorities to state policy rules based on the history of users' accesses using a... 

One of the security issues in data outsourcing scenario is the enforcement of data owner's access control policies. This includes some challenges; namely, the number of keys required to access authorized resources, efficient policy updating, write access control enforcement, user and data owner overhead, and preserving confidentiality of data and policies. Most of the existing solutions address only some of the challenges, while they impose high overhead on both the data owner and users. Though, policy management in the Role-Based Access Control (RBAC) model is easier and more efficient due to the existence of role hierarchical structure and role inheritance; most of the existing solutions... 

Prevention of unauthorized access to services in mobile ad hoc networks is a more sophisticated problem than access control in other networks, due to interconnection facilities and lack of any fixed network infrastructure in such networks. Therefore regarding the nature of these networks, controlling access to services should be in a decentralized manner providing good performance and preserving network security. In this paper, we propose a decentralized Cooperation Enforcement Based Access Control (CEBAC) framework for mobile ad hoc networks. CEBAC comprises several groups of Service Authorizers, each issuing Credentials for access to a specific kind of services. The User Authorization for... 

With the advent of semantic technology' access control cannot be done in a safe way unless the access decision takes into account the semantic relationships among the entities in a semantic-aware environment. The SBAC model (Semantic Based Access Control model) considers this issue in its decision making process. However' time plays a crucial role in new computing environments'which is not supported in SBAC. In this paper' we propose the Temporal Semantic Based Access Control (TSBAC) model' as an extension of SBAC' which enhances the specification of user-defined authorization rules by constraining time interval and temporal expression over users' history of accesses. TSBAC uses logical... 

Emerging tools that ease sharing information in online social networks (OSNs) can cause various privacy issues for users. Access control is the main security mechanism in OSNs which is used to tackle such issues. In this paper, a prioritized ontology based access control model for protecting users' information in OSNs is proposed. In the proposed model, description logic (DL) is used for modeling social networks and MKNF+ rules are used for specification of users' access control policies. Using MKNF+, we can have nonmonotonic inference (i.e., closed-world reasoning) in the access control procedure. Conflict among access rules defined by a user in an OSN, is another problem, which is resolved... 

Context-awareness is an essential requirement of modern access control models. Organization-Based Access Control (OrBAC) model is a powerful context-aware access control model defined by first-order logic. However, due to the monotonicity nature of the first-order logic, OrBAC suffers from the incapability of making decision based on incomplete context information as well as the definition of default and exception policy rules. This paper proposes augmenting non-monotonicity features to OrBAC using MKNF+ logic, which is a combination of Description Logic (DL) and Answer Set Programming (ASP). Along with the use of DL to define ontology for main entities and context information in OrBAC;... 

In this paper, we evaluate the effect of energy constraints on the performance of a simple network comprised of wireless nodes with energy harvesting capability. In this scenario, wireless nodes contend with each other based on slotted Aloha protocol in order to transmit a packet. Packet transmission occurs provided that enough energy exists in the energy buffer. We propose an analytical model based on a closed queueing network (QN) to include details of data and energy buffers as well as random access MAC protocol. We show how energy limitation affects the MAC design parameters, e.g., contention window size, in order to optimize the performance of the network. Moreover, we evaluate the... 

Time plays a crucial role in access control for new computing environments, which is not supported in traditional access control models. In this paper, we propose a Generalized Temporal History Based Access Control (GTHBAC) model, aimed at integrating history-based constraints along with a generic access control model. GTHBAC enhances the specification of user-defined authorization rules by constraining time interval and temporal expression over users' history of accesses. Due to different application needs, GTHBAC uses two different time schemes, i.e., real time and logical time, in its authorization rules. A formal semantics for temporal authorizations is provided, and conflicting... 

With the advent of semantic technology, access control cannot be done in a safe way unless the access decision takes into account the semantic relationships between entities in a semantic-aware environment. SBAC model considers this issue in the decision making process. However, time plays a crucial role in new computing environments which is not supported in this model. In this paper we introduce temporal semantic based access control model (TSBAC), as an extension of SBAC model, which enhances the specification of user-defined authorization rules by constraining time interval and temporal expression over users' history of accesses. A formal semantics for temporal authorizations is provided... 

With the advent of semantic technology, access control cannot be done in a safe way unless the access decision takes into account the semantic relationships among the entities in a semantic-aware environment. SBAC model considers this issue in its decision making process. However, time plays a crucial role in new computing environments which is not supported in the model. In this paper we introduce the Temporal Semantic Based Access Control model (TSBAC), as an extension of SBAC, which enhances the specification of user-defined authorization rules by constraining time interval and temporal expression over users' history of accesses. A formal semantics for temporal authorizations is provided...