Skip to main content
SpringerLink
Log in

Management of access privileges for dynamic access control

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Access control is an important security mechanism for the protection of sensitive information and critical system resources. While it has been well-known that traditional access control models (TACMs), such as DAC, MAC, RBAC, etc., are not well suited for open networks due to the lack of dynamism in the management of access privileges, pro-active or dynamic access control models (PACMs) developed in recent years generally suffer from performance problems due to complex evaluation performed prior to access authorization. In game theory based dynamic access control models, which are one type of dynamic models, each access is modeled as a game that is played between the accessing subject and the accessed or protected object and the result of the play serves as the basis for making the authorization decision. Thus, delay is unavoidably introduced into the authorization process due to such pre-access evaluation. To overcome the shortcomings of TACMs and PACMs simultaneously, in this paper, we propose a new access control model called ISAC that, unlike all present access control models, is used not as a mechanism for access authorization but one for dynamic management of access privileges upon the completion of each access with the result being an updated set of access privileges for the accessing subject and used for updating the corresponding access control list for the subject. Access authorization will still be performed in the same way as that in the traditional access control models. Thus, ISAC offers the advantages of both traditional access control models in performance and pro-active access control models in dynamism. We will apply incomplete information static game to the development of ISAC in which we will show that there exists at least one Bayesian Nash equilibrium for the game play, which is the theoretical foundation for ISAC. We will also describe a framework design and an example implementation to illustrate the application of ISAC to access control. At last, we will present some experimental results to show that while maintaining the effectiveness of dynamic access control through the management of access privileges, ISAC can achieve the performance of traditional access control models.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Lampson, B.W.: Protection. Proceeding of the 5th Princeton Symposium on Information Sciences and Systems, Princeton, NJ, pp. 437–443 (1971)

  2. Snyder, L.: Formal models of capability-based protection systems. IEEE Trans. Comput. 30, 172–181 (1981)

    Article  Google Scholar 

  3. Bell, D.E., LaPadula, L.: Secure computer systems: a mathematical model. In: Mitre Corporation, Bedford, MA, vol. 4, pp. 229–263 (1973)

  4. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Trans. Comput. 29(2), 38–47 (1996)

    Google Scholar 

  5. Ferraiolo, D., Kuhn, D.: Role-based access control. In: Proceeding of the NIST-NSA National (USA) Computer Security Conference, Baltimore, pp. 554–563 (1992)

  6. Corradi, A., Montanari, R., Tibaldi, D.: Context-based access control management in ubiquitous environments. In: Proceeding of the 3rd IEEE International Symposium on Network Computing and Applications, Boston, pp. 253–260 (2004)

  7. Rubart, J.: Context-based access control. Proceeding of the 2005 Symposia on Metainformatics, Esbjerg, pp. 145–156 (2005)

  8. Yao, H., Hu, H., Lu, Z., Li, R.: Dynamic role and context-based access control for grid applications. In: Proceeding of the IEEE Region 10 Conference, Melbourne, pp. 1619–1625 (2005)

  9. Betarte, G., Gatto, A., Martinez, R., Zipitria, F.: ACTkit: a framework for the definition and enforcement of role, content and context-based access control policies. IEEE Latin Am. Trans. 10(3), 1742–1751 (2012)

    Article  Google Scholar 

  10. Shebaro, B., Oluwatimi, O., Bertino, E.: Context-based access control systems for mobile devices. IEEE Trans. Depend. Secure Comput. 12(2), 150–163 (2015)

    Article  Google Scholar 

  11. Covington, M.J., Sastry, M.R.: A contextual attribute-based access control model. In: Proceedings of the 2006 International Conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part II, Montpellier, pp. 1996–2006 (2006)

  12. Wang, B., Wang, L.: Design of attribute-based access control model for power information systems. Dianli Xitong Zidonghua 31(7), 81–84 (2007)

    Google Scholar 

  13. Kolter, J., Schillinger, R., Pernul, G.: A privacy-enhanced attribute-based access control system. In: Proceeding of the 21st Annual Conference on Data and Applications Security, Redondo, pp. 129–143 (2007)

  14. Yeh, L., Chen, Y., Huang, J.: ABACS: an attribute-based access control system for emergency services over vehicular ad hoc networks. IEEE J. Sel. Areas Commun. 29(3), 630–643 (2011)

    Article  Google Scholar 

  15. Xie, X., Ma, H., Li, J., Chen, X.: An efficient ciphertext-policy attribute-based access control towards revocation in cloud computing. J. Univ. Comput. Sci. 19(16), 2349–2367 (2013)

    Google Scholar 

  16. Hu, V., Kuhn, D., Ferraiolo, D.: Attribute-based access control. Computer 48(2), 85–88 (2015)

    Article  Google Scholar 

  17. Ma, S., He, J., Shuai, X.: Application of fuzzy comprehensive evaluation method in trust quantification. Int. J. Comput. Intell. Syst. 4(5), 768–776 (2011)

    Article  Google Scholar 

  18. Ma, S., He, J., Gao, F.: An access control model based on multi-factors trust. J. Netw. 7(1), 173–178 (2012)

    Google Scholar 

  19. Duan, J., Gao, D., Foh, C., Zhang, H.: TC-BAC: a trust and centrality degree based access control model in wireless sensor networks. Ad Hoc Netw. 11(8), 2675–2692 (2013)

    Article  Google Scholar 

  20. Taylor, J.M., Sharif, H.R.: Security challenges and methods for protecting critical infrastructure cyber-physical systems. In: Proceeding of the 2017 International Conference on Selected Topics in Mobile and Wireless Networking, Avignon, pp. 1–6 (2017)

  21. Fudenberg, D., Tirole, J.: Game Theory. MIT Press, Cambridge (1991)

    MATH  Google Scholar 

  22. Nash, J.: Equilibrium points in N-person games. Proc. Natl. Acad. Sci. U.S. Am. 36(1), 48–49 (1950)

    Article  MathSciNet  Google Scholar 

  23. Robert, D.: Game Theory for Applied Economists. Priceton University Press, Priceton (1992)

    Google Scholar 

  24. Chang, S.Y., Hu, Y.C.: SecureMAC: securing wireless medium access control against insider denial-of-service attacks. IEEE Trans. Mob. Comput. 16(12), 3527–3540 (2017)

    Article  Google Scholar 

  25. Jang, H., Yun, S.-Y., Shin, J., Yi, Y.: Game theoretic perspective of optimal CSMA. IEEE Trans. Wirel. Commun. 17(1), 194–209 (2018)

    Article  Google Scholar 

  26. Shahrokhzadeh, B., Dehghan, M.: A distributed game-theoretic approach for target coverage in visual sensor networks. IEEE Sens. J. 17(22), 7542–7552 (2017)

    Article  Google Scholar 

  27. Hao, X., Wang, M., Hou, S., Gong, Q., Liu, B.: Distributed topology control and channel allocation algorithm for energy efficiency in wireless sensor network: from a game perspective. Wirel. Personal Commun. 80(4), 1557–1577 (2015)

    Article  Google Scholar 

  28. Zhao, X., Zhang, X., Guo, H., Liu, Q.: The inter-cluster routing algorithm in wireless sensor network based on the game theory. In: Proceeding of the 4th International Conference on Digital Manufacturing and Automation, Qindao, pp. 1477–1480 (2013)

  29. Maani, E., Chen, Z., Katsaggelos, A.: A game theoretic approach to video streaming over peer-to-peer networks. Signal Process. 27(5), 545–554 (2012)

    Google Scholar 

  30. Koutsopoulos, I., Tassiulas, L., Gkatzikis, L.: Client-server games and their equilibria in peer-to-peer networks. Comput. Netw. 67(12), 201–218 (2014)

    Article  Google Scholar 

  31. Narang, P., Hota, C.: Game-theoretic strategies for IDS deployment in peer-to-peer networks. Inform. Syst. Front. 17(5), 1017–1028 (2015)

    Article  Google Scholar 

  32. Anggorojati, B., Prasad, N., Prasad, R.: An intrusion detection game in access control system for the M2M local cloud platform. In: Proceeding of the 19th Asia-Pacific Conference on Communications, Bali, pp. 345–350 (2013)

  33. Wong, W., Lee, W., Wei, H.: Base on game theory model to improve trust access control in cloud file-sharing system. In: Proceeding of the 10th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Kitakyushu, 702–705 (2014)

  34. Liu, H., Li, X., Xu, M., Mo, R., Ma, J.: A fair data access control towards rational users in cloud storage. Inf. Sci. 418, 258–271 (2017)

    Article  Google Scholar 

  35. Palomar E., Alcaide A., Molina E., Zhang Y.: Coalitional games for the management of anonymous access in online social networks. In: Proceeding of the 11th Annual International Conference on Privacy, Security and Trust, Tarragona, pp. 1–10 (2013)

  36. Liu, E., Liu, Z., Shao, F., Zhang, Z.: A game-theoretical approach to multimedia social networks security. Sci. World J. 1, 1–9 (2014)

    Google Scholar 

  37. Zhang, S., Cai, W., Li, Y.: A game theory-based social network access control method. J. Northwest. Polytech. Univ. 29(4), 652–657 (2011). (in Chinese)

    Google Scholar 

  38. Zhang, Y., He, J., Zhao, B., Huang, Z., Liu, R.: Towards more pro-active access control in computer systems and networks. Comput. Secur. 49, 132–146 (2015)

    Article  Google Scholar 

  39. Zhang, Y., He, J., Zhao, B., Liu, R.: Application of game theory for dynamic access control in security systems. Int. J. High Perform. Comput. Netw. 9(5/6), 451–461 (2016)

    Article  Google Scholar 

  40. Harsanyi, J.C.: Games with incomplete information played by “Bayesian” players. Manage. Sci. 14(3), 159–182 (1967)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgement

The work in this paper has been supported by National Natural Science Foundation of China (61602456) and National High Technology Research and Development Program of China (863 Program) (2015AA017204).

Author information

Authors and Affiliations

  1. Faculty of Information Technology, Beijing University of Technology, Beijing, China

    Nafei Zhu, Fangbo Cai, Jingsha He, Yixuan Zhang & Wenxin Li

  2. College of Computer and Information Science, China Three Gorges University, Yichang, Hubei, China

    Jingsha He & Zhao Li

Authors
  1. Nafei Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fangbo Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jingsha He
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yixuan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wenxin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zhao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jingsha He.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhu, N., Cai, F., He, J. et al. Management of access privileges for dynamic access control. Cluster Comput 22 (Suppl 4), 8899–8917 (2019). https://doi.org/10.1007/s10586-018-2018-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-018-2018-1

Keywords

Search

Navigation