Management of access privileges for dynamic access control

Access control is an important security mechanism for the protection of sensitive information and critical system resources. While it has been well-known that traditional access control models (TACMs), such as DAC, MAC, RBAC, etc., are not well suited for open networks due to the lack of dynamism in the management of access privileges, pro-active or dynamic access control models (PACMs) developed in recent years generally suffer from performance problems due to complex evaluation performed prior to access authorization. In game theory based dynamic access control models, which are one type of dynamic models, each access is modeled as a game that is played between the accessing subject and the accessed or protected object and the result of the play serves as the basis for making the authorization decision. Thus, delay is unavoidably introduced into the authorization process due to such pre-access evaluation. To overcome the shortcomings of TACMs and PACMs simultaneously, in this paper, we propose a new access control model called ISAC that, unlike all present access control models, is used not as a mechanism for access authorization but one for dynamic management of access privileges upon the completion of each access with the result being an updated set of access privileges for the accessing subject and used for updating the corresponding access control list for the subject. Access authorization will still be performed in the same way as that in the traditional access control models. Thus, ISAC offers the advantages of both traditional access control models in performance and pro-active access control models in dynamism. We will apply incomplete information static game to the development of ISAC in which we will show that there exists at least one Bayesian Nash equilibrium for the game play, which is the theoretical foundation for ISAC. We will also describe a framework design and an example implementation to illustrate the application of ISAC to access control. At last, we will present some experimental results to show that while maintaining the effectiveness of dynamic access control through the management of access privileges, ISAC can achieve the performance of traditional access control models.

[1]  Jessica Rubart Context-based access control , 2005, MIS '05.

[2]  Zhang Xin,et al.  The Inter-Cluster Routing Algorithm in Wireless Sensor Network Based on the Game Theory , 2013, 2013 Fourth International Conference on Digital Manufacturing & Automation.

[3]  Hamid Sharif,et al.  Security challenges and methods for protecting critical infrastructure cyber-physical systems , 2017, 2017 International Conference on Selected Topics in Mobile and Wireless Networking (MoWNeT).

[4]  Lawrence Snyder,et al.  Formal Models of Capability-Based Protection Systems , 1981, IEEE Transactions on Computers.

[5]  Jinwoo Shin,et al.  Game Theoretic Perspective of Optimal CSMA , 2018, IEEE Transactions on Wireless Communications.

[6]  D. Richard Kuhn,et al.  Attribute-Based Access Control , 2017, Computer.

[7]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[8]  Feng Gao,et al.  An Access Control Model based on Multi-factors Trust , 2012, J. Networks.

[9]  Bin Zhao,et al.  Application of game theory for dynamic access control in security systems , 2016, International Journal of High Performance Computing and Networking.

[10]  E. Cowling,et al.  Optimizing Nitrogen Management in Food and Energy Production and Environmental Protection: Summary Statement from the Second International Nitrogen Conference , 2001, TheScientificWorldJournal.

[11]  Aggelos K. Katsaggelos,et al.  A game theoretic approach to video streaming over peer-to-peer networks , 2010, 2010 IEEE International Conference on Image Processing.

[12]  Yen-Cheng Chen,et al.  ABACS: An Attribute-Based Access Control System for Emergency Services over Vehicular Ad Hoc Networks , 2011, IEEE Journal on Selected Areas in Communications.

[13]  Li Rui-xuan,et al.  Dynamic Role and Context-Based Access Control for Grid Applications , 2005, TENCON 2005 - 2005 IEEE Region 10 Conference.

[14]  J. Nash Equilibrium Points in N-Person Games. , 1950, Proceedings of the National Academy of Sciences of the United States of America.

[15]  Jin Li,et al.  An Efficient Ciphertext-Policy Attribute-Based Access Control towards Revocation in Cloud Computing , 2013, J. Univers. Comput. Sci..

[16]  Ramjee Prasad,et al.  An Intrusion Detection game in access control system for the M2M local cloud platform , 2013, 2013 19th Asia-Pacific Conference on Communications (APCC).

[17]  Elisa Bertino,et al.  Context-Based Access Control Systems for Mobile Devices , 2015, IEEE Transactions on Dependable and Secure Computing.

[18]  Wang Lan-jing Design of Attribute-based Access Control Model for Power Information Systems , 2007 .

[19]  Tom Mens,et al.  The Ecology of Software Ecosystems , 2015, Computer.

[20]  Jingsha He,et al.  Application of Fuzzy Comprehensive Evaluation Method in Trust Quantification , 2011, Int. J. Comput. Intell. Syst..

[21]  Lazaros Gkatzikis,et al.  Client-server games and their equilibria in peer-to-peer networks , 2014, Comput. Networks.

[22]  Pratik Narang,et al.  Game-theoretic strategies for IDS deployment in peer-to-peer networks , 2015, Inf. Syst. Frontiers.

[23]  Antonio Corradi,et al.  Context-based access control management in ubiquitous environments , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[24]  A. Gatto,et al.  ACTkit: A Framework for the Definition and Enforcement of Role, Content and Context-based Access Control Policies , 2012, IEEE Latin America Transactions.

[25]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[26]  Wei-Tsong Lee,et al.  Base on Game Theory Model to Improve Trust Access Control in Cloud File-Sharing System , 2014, 2014 Tenth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[27]  Mehdi Dehghan,et al.  A Distributed Game-Theoretic Approach for Target Coverage in Visual Sensor Networks , 2017, IEEE Sensors Journal.

[28]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[29]  John C. Harsanyi,et al.  Games with Incomplete Information Played by "Bayesian" Players, I-III: Part I. The Basic Model& , 2004, Manag. Sci..

[30]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[31]  Hai Liu,et al.  A fair data access control towards rational users in cloud storage , 2017, Inf. Sci..

[32]  Yih-Chun Hu,et al.  SecureMAC: Securing Wireless Medium Access Control Against Insider Denial-of-Service Attacks , 2017, IEEE Transactions on Mobile Computing.

[33]  Bin Liu,et al.  Distributed Topology Control and Channel Allocation Algorithm for Energy Efficiency in Wireless Sensor Network: From a Game Perspective , 2015, Wirel. Pers. Commun..

[34]  Fei Shao,et al.  A Game-Theoretical Approach to Multimedia Social Networks Security , 2014, TheScientificWorldJournal.

[35]  Günther Pernul,et al.  A Privacy-Enhanced Attribute-Based Access Control System , 2007, DBSec.

[36]  M. Dufwenberg Game theory. , 2011, Wiley interdisciplinary reviews. Cognitive science.

[37]  R. Gibbons Game theory for applied economists , 1992 .

[38]  Hongke Zhang,et al.  TC-BAC: A trust and centrality degree based access control model in wireless sensor networks , 2013, Ad Hoc Networks.

[39]  Yan Zhang,et al.  Coalitional games for the management of anonymous access in online social networks , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[40]  Bin Zhao,et al.  Towards more pro-active access control in computer systems and networks , 2015, Comput. Secur..

[41]  Manoj R. Sastry,et al.  A Contextual Attribute-Based Access Control Model , 2006, OTM Workshops.