Cited By
View all- Penelova M(2021)Access Control ModelsCybernetics and Information Technologies10.2478/cait-2021-004421:4(77-104)Online publication date: 1-Dec-2021
Poster: Towards Cloud-Based Software for Incorporating Time and Location into Access Control Decisions
Pages 55 - 57
Abstract
The increasing dependency on cloud computing has drawn attention to the security weaknesses of cloud providers. Not only how information is accessed, but also where and when have become important considerations in cloud security. Certain situations exist where it is necessary to restrict access to cloud resources based on time and location. An example is a policy for a medical institution where doctors can only access patient records at hospitals during their shifts. The Generalized Spatio-Temporal Role-Based Access Control model (GSTRBAC) determines users' access to resources based on such information. This poster proposes a cloud-based software architecture and outlines it possible implementation of the GSTRBAC model.
References
[1]
Ramadan Abdunabi, Mustafa Al-Lail, Indrakshi Ray, and Robert B France. 2013. Specification, validation, and enforcement of a generalized spatio-temporal rolebased access control model. IEEE Systems Journal 7, 3 (2013), 501--515.
[2]
Monjur Ahmed and Alan T. Litchfield. 2018. Taxonomy for Identification of Security Issues in Cloud Computing Environments. Journal of Computer Information Systems 58, 1 (2018), 79--88. https://doi.org/10.1080/08874417.2016.1192520 arXiv:https://doi.org/10.1080/08874417.2016.1192520
[3]
Nuray Baltaci Akhuseyinoglu and James Joshi. 2017. A risk-aware access control framework for cyber-physical systems. In 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC). IEEE, 349--358.
[4]
Grady Booch, James E. Rumbaugh, and Ivar Jacobson. 2005. The unified modeling language user guide - covers UML 2.0, Second Edition. Addison-Wesley.
[5]
Yan Cao, Zhiqiu Huang, Yaoshen Yu, Changbo Ke, and ZihaoWang. 2020. A topology and risk-aware access control framework for cyber-physical space. Frontiers of Computer Science 14, 4 (2020), 1--16.
[6]
Amiya K Maji, Arpita Mukhoty, Arun K Majumdar, Jayanta Mukhopadhyay, Shamik Sural, Soubhik Paul, and Bandana Majumdar. 2008. Security analysis and implementation of web-based telemedicine services with a four-tier architecture. In 2008 Second International Conference on Pervasive Computing Technologies for Healthcare. IEEE, 46--54.
[7]
Konstantinos Rantos, Konstantinos Fysarakis, Charalampos Manifavas, and Ioannis G Askoxylakis. 2018. Policy-Controlled Authenticated Access to LLNConnected Healthcare Resources. IEEE Systems Journal 12, 1 (2018), 92--102. https://doi.org/10.1109/JSYST.2015.2450313
[8]
Ravi S Sandhu, Edward J Coyne, Hal L Feinstein, and Charles E Youman. 1996. Role-based access control models. Computer 29, 2 (1996), 38--47.
[9]
Yingjie Xue, Jianan Hong, Wei Li, Kaiping Xue, and Peilin Hong. 2016. LABAC: A location-aware attribute-based access control scheme for cloud storage. In 2016 IEEE Global Communications Conference (GLOBECOM). IEEE, 1--6.
Index Terms
- Poster: Towards Cloud-Based Software for Incorporating Time and Location into Access Control Decisions
Recommendations
Delegation in role-based access control
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Entity-Based Access Control: supporting more expressive access control policies
ACSAC '15: Proceedings of the 31st Annual Computer Security Applications ConferenceAccess control is an important part of security that restricts the actions that users can perform on resources. Policy models specify how these restrictions are formulated in policies. Over the last decades, we have seen several such models, including ...
Comments
Information & Contributors
Information
Published In
June 2021
194 pages
ISBN:9781450383653
DOI:10.1145/3450569
- General Chair:
- Jorge Lobo,
- Program Chairs:
- Roberto Di Pietro,
- Omar Chowdhury
Copyright © 2021 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 11 June 2021
Check for updates
Author Tags
Qualifiers
- Poster
Conference
SACMAT '21
Sponsor:
SACMAT '21: The 26th ACM Symposium on Access Control Models and Technologies
June 16 - 18, 2021
Virtual Event, Spain
Acceptance Rates
Overall Acceptance Rate 177 of 597 submissions, 30%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 119Total Downloads
- Downloads (Last 12 months)13
- Downloads (Last 6 weeks)1
Reflects downloads up to 27 Feb 2025
Other Metrics
Citations
Cited By
View all- Penelova M(2021)Access Control ModelsCybernetics and Information Technologies10.2478/cait-2021-004421:4(77-104)Online publication date: 1-Dec-2021
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in