A Lightweight Graph-Based Model for Inter-networking Access Control

In classic operation systems, processes are assigned different privileges according to the resources. The enforcement of privilege differentiation on diverse processes indicates that strict security management on the individual process, whose emphasis on the restriction on respective process, however, may also overlook the security risk among the processes. Specifically, one process can invoke another one and establish a session, during which the privileges of invoked process may be passed to the invoking process (e.g., by the inter-processes requests). Thus, it may result in the abuse of privilege and resource leakage. Moreover, the inter-networking of the processes and their relations also complicate the tasks for the regulation on authorized privileges, and those can be obtained by inheritance. The management on the latter case (i.e., the inherited privileges) has not been well considered in the existing access control models, whose implementation also incur large overhead. In this paper, we propose a lightweight graph-based access control model to manage the privileges between the networked processes, which provides a general solution for the pervasive applicabilities such as process inter-invoking and network-based access control.

[1]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[4]  Bhavani M. Thuraisingham,et al.  Semantic web-based social network access control , 2011, Comput. Secur..

[5]  Yuqiong Sun,et al.  AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings , 2017, USENIX Security Symposium.

[6]  Hong Fan,et al.  An Attribute-Based Access Control Model for Web Services , 2006, 2006 Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'06).

[7]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[8]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[9]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[10]  Gail-Joon Ahn,et al.  Multiparty Access Control for Online Social Networks: Model and Mechanisms , 2013, IEEE Transactions on Knowledge and Data Engineering.

[11]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[12]  Ravi S. Sandhu,et al.  A framework for risk-aware role based access control , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[13]  Wenliang Du,et al.  Fine-Grained Access Control for HTML5-Based Mobile Applications in Android , 2013, ISC.