The Internet of Things(IoT)access controlmechanism may encounter security issues such as single point of failure and data tampering.To address these issues,a blockchain-based IoT reputation value attribute access cont...The Internet of Things(IoT)access controlmechanism may encounter security issues such as single point of failure and data tampering.To address these issues,a blockchain-based IoT reputation value attribute access control scheme is proposed.Firstly,writing the reputation value as an attribute into the access control policy,and then deploying the access control policy in the smart contract of the blockchain system can enable the system to provide more fine-grained access control;Secondly,storing a large amount of resources fromthe Internet of Things in Inter Planetary File System(IPFS)to improve system throughput;Finally,map resource access operations to qualification tokens to improve the performance of the access control system.Complete simulation experiments based on the Hyperledger Fabric platform.Fromthe simulation experimental results,it can be seen that the access control system can achieve more fine-grained and dynamic access control while maintaining high throughput and low time delay,providing sufficient reliability and security for access control of IoT devices.展开更多
With the growth of requirements for data sharing,a novel business model of digital assets trading has emerged that allows data owners to sell their data for monetary gain.In the distributed ledger of blockchain,howeve...With the growth of requirements for data sharing,a novel business model of digital assets trading has emerged that allows data owners to sell their data for monetary gain.In the distributed ledger of blockchain,however,the privacy of stakeholder's identity and the confidentiality of data content are threatened.Therefore,we proposed a blockchainenabled privacy-preserving and access control scheme to address the above problems.First,the multi-channel mechanism is introduced to provide the privacy protection of distributed ledger inside the channel and achieve coarse-grained access control to digital assets.Then,we use multi-authority attribute-based encryption(MAABE)algorithm to build a fine-grained access control model for data trading in a single channel and describe its instantiation in detail.Security analysis shows that the scheme has IND-CPA secure and can provide privacy protection and collusion resistance.Compared with other schemes,our solution has better performance in privacy protection and access control.The evaluation results demonstrate its effectiveness and practicability.展开更多
Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policy...Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policymanagement efficiency and difficulty in accurately describing the access control policy. To overcome theseproblems, this paper proposes a big data access control mechanism based on a two-layer permission decisionstructure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes areintroduced in the ABAC model as business constraints between entities. The proposed mechanism implementsa two-layer permission decision structure composed of the inherent attributes of access control entities and thebusiness attributes, which constitute the general permission decision algorithm based on logical calculation andthe business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neuralnetwork, respectively. The general permission decision algorithm is used to implement accurate policy decisions,while the business permission decision algorithm implements fuzzy decisions based on the business constraints.The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent,adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure,the complex and diverse big data access control management requirements can be satisfied by considering thesecurity and availability of resources. Experimental results show that the proposed mechanism is effective andreliable. In summary, it can efficiently support the secure sharing of big data resources.展开更多
Unmanned Aerial Vehicle(UAV)ad hoc network has achieved significant growth for its flexibility,extensibility,and high deployability in recent years.The application of clustering scheme for UAV ad hoc network is impera...Unmanned Aerial Vehicle(UAV)ad hoc network has achieved significant growth for its flexibility,extensibility,and high deployability in recent years.The application of clustering scheme for UAV ad hoc network is imperative to enhance the performance of throughput and energy efficiency.In conventional clustering scheme,a single cluster head(CH)is always assigned in each cluster.However,this method has some weaknesses such as overload and premature death of CH when the number of UAVs increased.In order to solve this problem,we propose a dual-cluster-head based medium access control(DCHMAC)scheme for large-scale UAV networks.In DCHMAC,two CHs are elected to manage resource allocation and data forwarding cooperatively.Specifically,two CHs work on different channels.One of CH is used for intra-cluster communication and the other one is for inter-cluster communication.A Markov chain model is developed to analyse the throughput of the network.Simulation result shows that compared with FM-MAC(flying ad hoc networks multi-channel MAC,FM-MAC),DCHMAC improves the throughput by approximately 20%~50%and prolongs the network lifetime by approximately 40%.展开更多
A deep learning access controlmodel based on user preferences is proposed to address the issue of personal privacy leakage in social networks.Firstly,socialusers andsocialdata entities are extractedfromthe social netw...A deep learning access controlmodel based on user preferences is proposed to address the issue of personal privacy leakage in social networks.Firstly,socialusers andsocialdata entities are extractedfromthe social networkandused to construct homogeneous and heterogeneous graphs.Secondly,a graph neural networkmodel is designed based on user daily social behavior and daily social data to simulate the dissemination and changes of user social preferences and user personal preferences in the social network.Then,high-order neighbor nodes,hidden neighbor nodes,displayed neighbor nodes,and social data nodes are used to update user nodes to expand the depth and breadth of user preferences.Finally,a multi-layer attention network is used to classify user nodes in the homogeneous graph into two classes:allow access and deny access.The fine-grained access control problem in social networks is transformed into a node classification problem in a graph neural network.The model is validated using a dataset and compared with other methods without losing generality.The model improved accuracy by 2.18%compared to the baseline method GraphSAGE,and improved F1 score by 1.45%compared to the baseline method,verifying the effectiveness of the model.展开更多
Currently,data security and privacy protection are becoming more and more important.Access control is a method of authorization for users through predefined policies.Token-based access control(TBAC)enhances the manage...Currently,data security and privacy protection are becoming more and more important.Access control is a method of authorization for users through predefined policies.Token-based access control(TBAC)enhances the manageability of authorization through the token.However,traditional access control policies lack the ability to dynamically adjust based on user access behavior.Incorporating user reputation evaluation into access control can provide valuable feedback to enhance system security and flexibility.As a result,this paper proposes a blockchain-empowered TBAC system and introduces a user reputation evaluation module to provide feedback on access control.The TBAC system divides the access control process into three stages:policy upload,token request,and resource request.The user reputation evaluation module evaluates the user’s token reputation and resource reputation for the token request and resource request stages of the TBAC system.The proposed system is implemented using the Hyperledger Fabric blockchain.The TBAC system is evaluated to prove that it has high processing performance.The user reputation evaluation model is proved to be more conservative and sensitive by comparative study with other methods.In addition,the security analysis shows that the TBAC system has a certain anti-attack ability and can maintain stable operation under the Distributed Denial of Service(DDoS)attack environment.展开更多
In the education archive sharing system,when performing homomorphic ciphertext retrieval on the storage server,there are problems such as low security of shared data,confusing parameter management,and weak access cont...In the education archive sharing system,when performing homomorphic ciphertext retrieval on the storage server,there are problems such as low security of shared data,confusing parameter management,and weak access control.This paper proposes an Education Archives Sharing and Access Control(EduASAC)system to solve these problems.The system research goal is to realize the sharing of security parameters,the execution of access control,and the recording of system behaviors based on the blockchain network,ensuring the legitimacy of shared membership and the security of education archives.At the same time,the system can be combined with most homomorphic ciphertext retrieval schemes running on the storage server,making the homomorphic ciphertext retrieval mechanism controllable.This paper focuses on the blockchain access control framework and specifically designs smart contracts that conform to the business logic of the EduASAC system.The former adopts a dual-mode access control mechanism combining Discretionary Access Control(DAC)and Mandatory Access Control(MAC)and improves the tagging mode after user permission verification based on the Authentication and Authorization for Constrained Environments(ACE)authorization framework of Open Authorization(OAuth)2.0;the latter is used in the system to vote on nodes to join requests,define access control policies,execute permission verification processes,store,and share system parameters,and standardize the behavior of member nodes.Finally,the EduASAC system realizes the encryption,storage,retrieval,sharing,and access control processes of education archives.To verify the performance of the system,simulation experiments were conducted.The results show that the EduASAC system can meet the high security needs of education archive sharing and ensure the system’s high throughput,low latency,fast decision-making,and fine-grained access control ability.展开更多
Several unique characteristics of Internet of Things(IoT)devices,such as distributed deployment and limited storage,make it challenging for standard centralized access control systems to enable access control in today...Several unique characteristics of Internet of Things(IoT)devices,such as distributed deployment and limited storage,make it challenging for standard centralized access control systems to enable access control in today’s large-scale IoT ecosystem.To solve these challenges,this study presents an IoT access control system called Ether-IoT based on the Ethereum Blockchain(BC)infrastructure with Attribute-Based Access Control(ABAC).Access Contract(AC),Cache Contract(CC),Device Contract(DC),and Policy Contract(PC)are the four central smart contracts(SCs)that are included in the proposed system.CC offers a way to save user characteristics in a local cache system to avoid delays during transactions between BC and IoT devices.AC is the fundamental program users typically need to run to build an access control technique.DC offers a means for storing the resource data created by devices and a method for querying that data.PC offers administrative settings to handle ABAC policies on users’behalf.Ether-IoT,combined with ABAC and the BC,enables IoT access control management that is decentralized,fine-grained and dynamically scalable.This research gives a real-world case study to illustrate the suggested framework’s implementation.In the end,a simulation experiment is performed to evaluate the system’s performance.To ensure data integrity in dispersed systems,the results show that Ether-IoT can sustain high throughput in contexts with a large number of requests.展开更多
The content security requirements of a radio frequency identification (RFID) based logistics-customs clearance service platform (LCCSP) are analysed in this paper. Then, both the unified identity authentication an...The content security requirements of a radio frequency identification (RFID) based logistics-customs clearance service platform (LCCSP) are analysed in this paper. Then, both the unified identity authentication and the access control modules are designed according to those analyses. Finally, the unified identity authentication and the access control on the business level are implemented separately. In the unified identity authentication module, based on an improved Kerberos-based authentication approach, a new control transfer method is proposed to solve the sharing problem of tickets among different servers of different departments. In the access control module, the functions of access controls are divided into different granularities to make the access control management more flexible. Moreover, the access control module has significant reference value for user management in similar systems.展开更多
Access control is an important protection mechanism for information systems. This paper shows how to make access control in workflow system. We give a workflow access control model (WACM) based on several current acce...Access control is an important protection mechanism for information systems. This paper shows how to make access control in workflow system. We give a workflow access control model (WACM) based on several current access control models. The model supports roles assignment and dynamic authorization. The paper defines the workflow using Petri net. It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM). Finally, an example of an e-commerce workflow access control model is discussed in detail.展开更多
With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issu...With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.展开更多
In order to solve the problems of data sharing security and policy conflict in multicloud storage systems(MCSS), this work designs an attribute mapping mechanism that extends ciphertext policy attribute-based encrypti...In order to solve the problems of data sharing security and policy conflict in multicloud storage systems(MCSS), this work designs an attribute mapping mechanism that extends ciphertext policy attribute-based encryption(CP-ABE), and proposes a multi-authority CP-ABE access control model that satisfies the need for multicloud storage access control. The mapping mechanism mainly involves the tree structure of CP-ABE and provides support for the types of attribute values. The framework and workflow of the model are described in detail. The effectiveness of the model is verified by building a simple prototype system, and the performance of the prototype system is analyzed. The results suggest that the proposed model is of theoretical and practical significance for access control research in MCSS. The CP-ABE has better performance in terms of computation time overhead than other models.展开更多
The performance of three wireless local-area network(WLAN) media access control(MAC) protocols is investigated and compared in the context of simulcast radioover-fiber-based distributed antenna systems(RoF-DASs) where...The performance of three wireless local-area network(WLAN) media access control(MAC) protocols is investigated and compared in the context of simulcast radioover-fiber-based distributed antenna systems(RoF-DASs) where multiple remote antenna units(RAUs) are connected to one access point(AP) with different-length fiber links.The three WLAN MAC protocols under investigation are distributed coordination function(DCF) in basic access mode,DCF in request/clear to send(RTS/CTS) exchange mode,and point coordination function(PCF).In the analysis,the inter-RAU hidden nodes problems and fiber-length difference effect are both taken into account.Results show that adaptive PCF mechanism has better throughput performances than the other two DCF modes,especially when the inserted fiber length is short.展开更多
Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchai...Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchain is widely used in the field of access control with its decentralization,traceability and non-defective modification.Combining the blockchain technology and the Bell-LaPadula model,we propose a new access control model,named BCBLPM,for MLS environment.The“multi-chain”blockchain architecture is used for dividing resources into isolated access domains,providing a fine-grained data protection mechanism.The access control policies are implemented by smart contracts deployed in each access domain,so that the side chains of different access domains storage access records from outside and maintain the integrity of the records.Finally,we implement the BC-BLPM prototype system using the Hyperledger Fabric.The experimental and analytical results show that the model can adapt well to the needs of multi-level security environment,and it has the feasibility of application in actual scenarios.展开更多
Electric-field control of perpendicular magnetic anisotropy(PMA) is a feasible way to manipulate perpendicular magnetization,which is of great importance for realizing energy-efficient spintronics.Here,we propose a no...Electric-field control of perpendicular magnetic anisotropy(PMA) is a feasible way to manipulate perpendicular magnetization,which is of great importance for realizing energy-efficient spintronics.Here,we propose a novel approach to accomplish this task at room temperature by resistive switching(RS) via electrochemical metallization(ECM) in a device with the stack of Si/SiO_(2)/Ta/Pt/Ag/Mn-doped ZnO(MZO)/Pt/Co/Pt/ITO.By applying certain voltages,the device could be set at high-resistance-state(HRS) and low-resistance-state(LRS),accompanied with a larger and a smaller coercivity(H_(C)),respectively,which demonstrates a nonvolatile E-field control of PMA.Based on our previous studies and the present control experiments,the electric modulation of PMA can be briefly explained as follows.At LRS,the Ag conductive filaments form and pass through the entire MZO layer and finally reach the Pt/Co/Pt sandwich,leading to weakening of PMA and reduction of H_(C).In contrast,at HRS,most of the Ag filaments dissolve and leave away from the Pt/Co/Pt sandwich,causing partial recovery of PMA and an increase of H_(C).This work provides a new clue to designing low-power spintronic devices based on PMA films.展开更多
As a new form of network,the Internet of things(IoT)is becoming more widely used in people’s lives.In this paper,related theoretical research and practical applications of the IoT are explored.The security of the IoT...As a new form of network,the Internet of things(IoT)is becoming more widely used in people’s lives.In this paper,related theoretical research and practical applications of the IoT are explored.The security of the IoT has become a hot research topic.Access controls are methods that control reasonable allocations of data and resources and ensure the security of the IoT.However,most access control systems do not dynamically assign users’rights.Additionally,with some access control systems,there is a risk of overstepping other user’s authority,and there may exist a central authority that is a single point of failure.Therefore,to solve these problems,this paper proposes a Task-Attribute-Based Access Control scheme for the IoT via blockchain that combines the access control technologies of both the IoT and blockchain.This model,which merges the advantages of task-based access controls and attribute-based access controls,is perfectly integrated with blockchain technology.This model uses hash functions and digital signature algorithms to ensure the authenticity and integrity of the data,and it can dynamically allocate users’minimum privileges and thus perfectly solves the single point of failure problem.The model is implemented using a Geth client and solidity code,and the simulation results demonstrate the effectiveness of the model.展开更多
The design of distributed ledger,Asymmetric Key Algorithm(AKA)blockchain systems,is prominent in administering security and access control in various real-time services and applications.The assimilation of blockchain ...The design of distributed ledger,Asymmetric Key Algorithm(AKA)blockchain systems,is prominent in administering security and access control in various real-time services and applications.The assimilation of blockchain systems leverages the reliable access and secure service provisioning of the services.However,the distributed ledger technology’s access control and chained decisions are defaced by pervasive and service unawareness.It results in degrading security through unattended access control for limited-service users.In this article,a service-aware access control procedure(SACP)is introduced to address the afore-mentioned issue.The proposed SACP denes attended access control for all the service session by identifying the users and service provider availability.The distributed nature of the ledger systems and classication tree learning are combined to determine unattended access.The sole access is determined by summarizing the closed and open access requests and the service provider’s availability and integrity checks.In this process,the learning process classies the secured access request and completed the integrity checks of the current and previous service dissemination.This classication-based access administration reduces the service disconnections and false access rate of the applications.展开更多
The traditional centralized data sharing systems have potential risks such as single point of failures and excessive working load on the central node.As a distributed and collaborative alternative,approaches based upo...The traditional centralized data sharing systems have potential risks such as single point of failures and excessive working load on the central node.As a distributed and collaborative alternative,approaches based upon blockchain have been explored recently for Internet of Things(IoTs).However,the access from a legitimate user may be denied without the pre-defined policy and data update on the blockchain could be costly to the owners.In this paper,we first address these issues by incorporating the Accountable Subgroup Multi-Signature(ASM)algorithm into the Attribute-based Access Control(ABAC)method with Policy Smart Contract,to provide a finegrained and flexible solution.Next,we propose a policy-based Chameleon Hash algorithm that allows the data to be updated in a reliable and convenient way by the authorized users.Finally,we evaluate our work by comparing its performance with the benchmarks.The results demonstrate significant improvement on the effectiveness and efficiency.展开更多
Security is an essential part of the cloud environment.For ensuring the security of the data being communicated to and from the cloud server,a significant parameter called trust was introduced.Trust-based security pla...Security is an essential part of the cloud environment.For ensuring the security of the data being communicated to and from the cloud server,a significant parameter called trust was introduced.Trust-based security played a vital role in ensuring that the communication between cloud users and service providers remained unadulterated and authentic.In most cloud-based data distribution environments,emphasis is placed on accepting trusted client users’requests,but the cloud servers’integrity is seldom verified.This paper designs a trust-based access control model based on user and server characteristics in a multi-cloud environment to address this issue.The proposed methodology consists of data encryption using Cyclic Shift Transposition Algorithm and trust-based access control method.In this trust-based access control mechanism framework,trust values are assigned to cloud users using direct trust degrees.The direct trust degree is estimated based on the following metrics:success and failure rate of interactions,service satisfaction index,and dishonesty level.In addition to this,trust values are assigned to cloud servers based on the metrics:server load,service rejection rate,and service access delay.The role-Based Access control policy of each user is modified based on his trust level.If the server fails to meet the minimum trust level,then another suitable server will be selected.The proposed system is found to outperform other existing systems in a multi-cloud environment.展开更多
文摘The Internet of Things(IoT)access controlmechanism may encounter security issues such as single point of failure and data tampering.To address these issues,a blockchain-based IoT reputation value attribute access control scheme is proposed.Firstly,writing the reputation value as an attribute into the access control policy,and then deploying the access control policy in the smart contract of the blockchain system can enable the system to provide more fine-grained access control;Secondly,storing a large amount of resources fromthe Internet of Things in Inter Planetary File System(IPFS)to improve system throughput;Finally,map resource access operations to qualification tokens to improve the performance of the access control system.Complete simulation experiments based on the Hyperledger Fabric platform.Fromthe simulation experimental results,it can be seen that the access control system can achieve more fine-grained and dynamic access control while maintaining high throughput and low time delay,providing sufficient reliability and security for access control of IoT devices.
基金supported by National Key Research and Development Plan in China(Grant No.2020YFB1005500)Beijing Natural Science Foundation(Grant No.M21034)BUPT Excellent Ph.D Students Foundation(Grant No.CX2023218)。
文摘With the growth of requirements for data sharing,a novel business model of digital assets trading has emerged that allows data owners to sell their data for monetary gain.In the distributed ledger of blockchain,however,the privacy of stakeholder's identity and the confidentiality of data content are threatened.Therefore,we proposed a blockchainenabled privacy-preserving and access control scheme to address the above problems.First,the multi-channel mechanism is introduced to provide the privacy protection of distributed ledger inside the channel and achieve coarse-grained access control to digital assets.Then,we use multi-authority attribute-based encryption(MAABE)algorithm to build a fine-grained access control model for data trading in a single channel and describe its instantiation in detail.Security analysis shows that the scheme has IND-CPA secure and can provide privacy protection and collusion resistance.Compared with other schemes,our solution has better performance in privacy protection and access control.The evaluation results demonstrate its effectiveness and practicability.
基金Key Research and Development and Promotion Program of Henan Province(No.222102210069)Zhongyuan Science and Technology Innovation Leading Talent Project(224200510003)National Natural Science Foundation of China(No.62102449).
文摘Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policymanagement efficiency and difficulty in accurately describing the access control policy. To overcome theseproblems, this paper proposes a big data access control mechanism based on a two-layer permission decisionstructure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes areintroduced in the ABAC model as business constraints between entities. The proposed mechanism implementsa two-layer permission decision structure composed of the inherent attributes of access control entities and thebusiness attributes, which constitute the general permission decision algorithm based on logical calculation andthe business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neuralnetwork, respectively. The general permission decision algorithm is used to implement accurate policy decisions,while the business permission decision algorithm implements fuzzy decisions based on the business constraints.The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent,adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure,the complex and diverse big data access control management requirements can be satisfied by considering thesecurity and availability of resources. Experimental results show that the proposed mechanism is effective andreliable. In summary, it can efficiently support the secure sharing of big data resources.
基金supported in part by the Beijing Natural Science Foundation under Grant L192031the National Key Research and Development Program under Grant 2020YFA0711303。
文摘Unmanned Aerial Vehicle(UAV)ad hoc network has achieved significant growth for its flexibility,extensibility,and high deployability in recent years.The application of clustering scheme for UAV ad hoc network is imperative to enhance the performance of throughput and energy efficiency.In conventional clustering scheme,a single cluster head(CH)is always assigned in each cluster.However,this method has some weaknesses such as overload and premature death of CH when the number of UAVs increased.In order to solve this problem,we propose a dual-cluster-head based medium access control(DCHMAC)scheme for large-scale UAV networks.In DCHMAC,two CHs are elected to manage resource allocation and data forwarding cooperatively.Specifically,two CHs work on different channels.One of CH is used for intra-cluster communication and the other one is for inter-cluster communication.A Markov chain model is developed to analyse the throughput of the network.Simulation result shows that compared with FM-MAC(flying ad hoc networks multi-channel MAC,FM-MAC),DCHMAC improves the throughput by approximately 20%~50%and prolongs the network lifetime by approximately 40%.
基金supported by the National Natural Science Foundation of China Project(No.62302540)The Open Foundation of Henan Key Laboratory of Cyberspace Situation Awareness(No.HNTS2022020)+2 种基金Natural Science Foundation of Henan Province Project(No.232300420422)The Natural Science Foundation of Zhongyuan University of Technology(No.K2023QN018)Key Research and Promotion Project of Henan Province in 2021(No.212102310480).
文摘A deep learning access controlmodel based on user preferences is proposed to address the issue of personal privacy leakage in social networks.Firstly,socialusers andsocialdata entities are extractedfromthe social networkandused to construct homogeneous and heterogeneous graphs.Secondly,a graph neural networkmodel is designed based on user daily social behavior and daily social data to simulate the dissemination and changes of user social preferences and user personal preferences in the social network.Then,high-order neighbor nodes,hidden neighbor nodes,displayed neighbor nodes,and social data nodes are used to update user nodes to expand the depth and breadth of user preferences.Finally,a multi-layer attention network is used to classify user nodes in the homogeneous graph into two classes:allow access and deny access.The fine-grained access control problem in social networks is transformed into a node classification problem in a graph neural network.The model is validated using a dataset and compared with other methods without losing generality.The model improved accuracy by 2.18%compared to the baseline method GraphSAGE,and improved F1 score by 1.45%compared to the baseline method,verifying the effectiveness of the model.
基金supported by NSFC under Grant No.62341102National Key R&D Program of China under Grant No.2018YFA0701604.
文摘Currently,data security and privacy protection are becoming more and more important.Access control is a method of authorization for users through predefined policies.Token-based access control(TBAC)enhances the manageability of authorization through the token.However,traditional access control policies lack the ability to dynamically adjust based on user access behavior.Incorporating user reputation evaluation into access control can provide valuable feedback to enhance system security and flexibility.As a result,this paper proposes a blockchain-empowered TBAC system and introduces a user reputation evaluation module to provide feedback on access control.The TBAC system divides the access control process into three stages:policy upload,token request,and resource request.The user reputation evaluation module evaluates the user’s token reputation and resource reputation for the token request and resource request stages of the TBAC system.The proposed system is implemented using the Hyperledger Fabric blockchain.The TBAC system is evaluated to prove that it has high processing performance.The user reputation evaluation model is proved to be more conservative and sensitive by comparative study with other methods.In addition,the security analysis shows that the TBAC system has a certain anti-attack ability and can maintain stable operation under the Distributed Denial of Service(DDoS)attack environment.
基金supported by the Fundamental Research Funds for the Central Universities.Nos.3282023017,328202251.RL H received the grant.
文摘In the education archive sharing system,when performing homomorphic ciphertext retrieval on the storage server,there are problems such as low security of shared data,confusing parameter management,and weak access control.This paper proposes an Education Archives Sharing and Access Control(EduASAC)system to solve these problems.The system research goal is to realize the sharing of security parameters,the execution of access control,and the recording of system behaviors based on the blockchain network,ensuring the legitimacy of shared membership and the security of education archives.At the same time,the system can be combined with most homomorphic ciphertext retrieval schemes running on the storage server,making the homomorphic ciphertext retrieval mechanism controllable.This paper focuses on the blockchain access control framework and specifically designs smart contracts that conform to the business logic of the EduASAC system.The former adopts a dual-mode access control mechanism combining Discretionary Access Control(DAC)and Mandatory Access Control(MAC)and improves the tagging mode after user permission verification based on the Authentication and Authorization for Constrained Environments(ACE)authorization framework of Open Authorization(OAuth)2.0;the latter is used in the system to vote on nodes to join requests,define access control policies,execute permission verification processes,store,and share system parameters,and standardize the behavior of member nodes.Finally,the EduASAC system realizes the encryption,storage,retrieval,sharing,and access control processes of education archives.To verify the performance of the system,simulation experiments were conducted.The results show that the EduASAC system can meet the high security needs of education archive sharing and ensure the system’s high throughput,low latency,fast decision-making,and fine-grained access control ability.
基金This work was supported by Universiti Kebangsaan Malaysia under“Dana Pecutan Penerbitan FTSM 2022,Dana Softam 2022”。
文摘Several unique characteristics of Internet of Things(IoT)devices,such as distributed deployment and limited storage,make it challenging for standard centralized access control systems to enable access control in today’s large-scale IoT ecosystem.To solve these challenges,this study presents an IoT access control system called Ether-IoT based on the Ethereum Blockchain(BC)infrastructure with Attribute-Based Access Control(ABAC).Access Contract(AC),Cache Contract(CC),Device Contract(DC),and Policy Contract(PC)are the four central smart contracts(SCs)that are included in the proposed system.CC offers a way to save user characteristics in a local cache system to avoid delays during transactions between BC and IoT devices.AC is the fundamental program users typically need to run to build an access control technique.DC offers a means for storing the resource data created by devices and a method for querying that data.PC offers administrative settings to handle ABAC policies on users’behalf.Ether-IoT,combined with ABAC and the BC,enables IoT access control management that is decentralized,fine-grained and dynamically scalable.This research gives a real-world case study to illustrate the suggested framework’s implementation.In the end,a simulation experiment is performed to evaluate the system’s performance.To ensure data integrity in dispersed systems,the results show that Ether-IoT can sustain high throughput in contexts with a large number of requests.
基金supported by Department of Science & Technology of Guangdong Province (No.2006A15006003)National High Technology Research and Development Program of China (863 Program)(No.2006AA04A120)
文摘The content security requirements of a radio frequency identification (RFID) based logistics-customs clearance service platform (LCCSP) are analysed in this paper. Then, both the unified identity authentication and the access control modules are designed according to those analyses. Finally, the unified identity authentication and the access control on the business level are implemented separately. In the unified identity authentication module, based on an improved Kerberos-based authentication approach, a new control transfer method is proposed to solve the sharing problem of tickets among different servers of different departments. In the access control module, the functions of access controls are divided into different granularities to make the access control management more flexible. Moreover, the access control module has significant reference value for user management in similar systems.
文摘Access control is an important protection mechanism for information systems. This paper shows how to make access control in workflow system. We give a workflow access control model (WACM) based on several current access control models. The model supports roles assignment and dynamic authorization. The paper defines the workflow using Petri net. It firstly gives the definition and description of the workflow, and then analyzes the architecture of the workflow access control model (WACM). Finally, an example of an e-commerce workflow access control model is discussed in detail.
基金financially supported by the National Natural Science Foundation of China(No.61303216,No.61272457,No.U1401251,and No.61373172)the National High Technology Research and Development Program of China(863 Program)(No.2012AA013102)National 111 Program of China B16037 and B08038
文摘With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.
基金supported in part by the Basic Public Welfare Research Program of Zhejiang Province under Grant LGF19F020006 LGF20G030001 GF20G030006the NSFC-Zhejiang Joint Fund for the Integration of Industrialization and Informatization under Grant U1509219。
文摘In order to solve the problems of data sharing security and policy conflict in multicloud storage systems(MCSS), this work designs an attribute mapping mechanism that extends ciphertext policy attribute-based encryption(CP-ABE), and proposes a multi-authority CP-ABE access control model that satisfies the need for multicloud storage access control. The mapping mechanism mainly involves the tree structure of CP-ABE and provides support for the types of attribute values. The framework and workflow of the model are described in detail. The effectiveness of the model is verified by building a simple prototype system, and the performance of the prototype system is analyzed. The results suggest that the proposed model is of theoretical and practical significance for access control research in MCSS. The CP-ABE has better performance in terms of computation time overhead than other models.
基金supported in part by National 973 Program(2012CB315705)NSFC Program(61302086,61271042,61107058, 61302016,and 61335002)+2 种基金Specialized Research Fund for the Doctoral Program of Higher Education(20130005120007)Program for New Century Excellent Talents in University(NCET-13-0682)Fundamental Research Funds for the Central Universities
文摘The performance of three wireless local-area network(WLAN) media access control(MAC) protocols is investigated and compared in the context of simulcast radioover-fiber-based distributed antenna systems(RoF-DASs) where multiple remote antenna units(RAUs) are connected to one access point(AP) with different-length fiber links.The three WLAN MAC protocols under investigation are distributed coordination function(DCF) in basic access mode,DCF in request/clear to send(RTS/CTS) exchange mode,and point coordination function(PCF).In the analysis,the inter-RAU hidden nodes problems and fiber-length difference effect are both taken into account.Results show that adaptive PCF mechanism has better throughput performances than the other two DCF modes,especially when the inserted fiber length is short.
文摘Traditional multi-level security(MLS)systems have the defect of centralizing authorized facilities,which is difficult to meet the security requirements of modern distributed peer-to-peer network architecture.Blockchain is widely used in the field of access control with its decentralization,traceability and non-defective modification.Combining the blockchain technology and the Bell-LaPadula model,we propose a new access control model,named BCBLPM,for MLS environment.The“multi-chain”blockchain architecture is used for dividing resources into isolated access domains,providing a fine-grained data protection mechanism.The access control policies are implemented by smart contracts deployed in each access domain,so that the side chains of different access domains storage access records from outside and maintain the integrity of the records.Finally,we implement the BC-BLPM prototype system using the Hyperledger Fabric.The experimental and analytical results show that the model can adapt well to the needs of multi-level security environment,and it has the feasibility of application in actual scenarios.
基金Project supported by the National Key Research and Development Program of China (Grant No. 2022YFA1403602)the National Natural Science Foundation of China (Grant Nos. 51971109, 52025012, and 52001169)。
文摘Electric-field control of perpendicular magnetic anisotropy(PMA) is a feasible way to manipulate perpendicular magnetization,which is of great importance for realizing energy-efficient spintronics.Here,we propose a novel approach to accomplish this task at room temperature by resistive switching(RS) via electrochemical metallization(ECM) in a device with the stack of Si/SiO_(2)/Ta/Pt/Ag/Mn-doped ZnO(MZO)/Pt/Co/Pt/ITO.By applying certain voltages,the device could be set at high-resistance-state(HRS) and low-resistance-state(LRS),accompanied with a larger and a smaller coercivity(H_(C)),respectively,which demonstrates a nonvolatile E-field control of PMA.Based on our previous studies and the present control experiments,the electric modulation of PMA can be briefly explained as follows.At LRS,the Ag conductive filaments form and pass through the entire MZO layer and finally reach the Pt/Co/Pt sandwich,leading to weakening of PMA and reduction of H_(C).In contrast,at HRS,most of the Ag filaments dissolve and leave away from the Pt/Co/Pt sandwich,causing partial recovery of PMA and an increase of H_(C).This work provides a new clue to designing low-power spintronic devices based on PMA films.
基金supported in part by the National Key Research and Development Project of China(No.2017YFB0802302)the Science and Technology Support Project of Sichuan Province(No.2016FZ0112,No.2017GZ0314,No.2018GZ0204)+2 种基金the Academic and Technical Leaders Training Funding Support Projects of Sichuan Province(No.2016120080102643)the Application Foundation Project of Sichuan Province(No.2017JY0168)the Science and Technology Project of Chengdu(No.2017-RK00-00103-ZF,No.2016-HM01-00217-SF).
文摘As a new form of network,the Internet of things(IoT)is becoming more widely used in people’s lives.In this paper,related theoretical research and practical applications of the IoT are explored.The security of the IoT has become a hot research topic.Access controls are methods that control reasonable allocations of data and resources and ensure the security of the IoT.However,most access control systems do not dynamically assign users’rights.Additionally,with some access control systems,there is a risk of overstepping other user’s authority,and there may exist a central authority that is a single point of failure.Therefore,to solve these problems,this paper proposes a Task-Attribute-Based Access Control scheme for the IoT via blockchain that combines the access control technologies of both the IoT and blockchain.This model,which merges the advantages of task-based access controls and attribute-based access controls,is perfectly integrated with blockchain technology.This model uses hash functions and digital signature algorithms to ensure the authenticity and integrity of the data,and it can dynamically allocate users’minimum privileges and thus perfectly solves the single point of failure problem.The model is implemented using a Geth client and solidity code,and the simulation results demonstrate the effectiveness of the model.
基金supported by the Deanship of Scientic Research(DSR),King Abdulaziz University,Jeddah,under Grant No.(DF-444-611-1441)。
文摘The design of distributed ledger,Asymmetric Key Algorithm(AKA)blockchain systems,is prominent in administering security and access control in various real-time services and applications.The assimilation of blockchain systems leverages the reliable access and secure service provisioning of the services.However,the distributed ledger technology’s access control and chained decisions are defaced by pervasive and service unawareness.It results in degrading security through unattended access control for limited-service users.In this article,a service-aware access control procedure(SACP)is introduced to address the afore-mentioned issue.The proposed SACP denes attended access control for all the service session by identifying the users and service provider availability.The distributed nature of the ledger systems and classication tree learning are combined to determine unattended access.The sole access is determined by summarizing the closed and open access requests and the service provider’s availability and integrity checks.In this process,the learning process classies the secured access request and completed the integrity checks of the current and previous service dissemination.This classication-based access administration reduces the service disconnections and false access rate of the applications.
基金supported by the National Natural Science Foundation of China under Grant 61972148。
文摘The traditional centralized data sharing systems have potential risks such as single point of failures and excessive working load on the central node.As a distributed and collaborative alternative,approaches based upon blockchain have been explored recently for Internet of Things(IoTs).However,the access from a legitimate user may be denied without the pre-defined policy and data update on the blockchain could be costly to the owners.In this paper,we first address these issues by incorporating the Accountable Subgroup Multi-Signature(ASM)algorithm into the Attribute-based Access Control(ABAC)method with Policy Smart Contract,to provide a finegrained and flexible solution.Next,we propose a policy-based Chameleon Hash algorithm that allows the data to be updated in a reliable and convenient way by the authorized users.Finally,we evaluate our work by comparing its performance with the benchmarks.The results demonstrate significant improvement on the effectiveness and efficiency.
文摘Security is an essential part of the cloud environment.For ensuring the security of the data being communicated to and from the cloud server,a significant parameter called trust was introduced.Trust-based security played a vital role in ensuring that the communication between cloud users and service providers remained unadulterated and authentic.In most cloud-based data distribution environments,emphasis is placed on accepting trusted client users’requests,but the cloud servers’integrity is seldom verified.This paper designs a trust-based access control model based on user and server characteristics in a multi-cloud environment to address this issue.The proposed methodology consists of data encryption using Cyclic Shift Transposition Algorithm and trust-based access control method.In this trust-based access control mechanism framework,trust values are assigned to cloud users using direct trust degrees.The direct trust degree is estimated based on the following metrics:success and failure rate of interactions,service satisfaction index,and dishonesty level.In addition to this,trust values are assigned to cloud servers based on the metrics:server load,service rejection rate,and service access delay.The role-Based Access control policy of each user is modified based on his trust level.If the server fails to meet the minimum trust level,then another suitable server will be selected.The proposed system is found to outperform other existing systems in a multi-cloud environment.