Blockchain-Empowered Token-Based Access Control System with User Reputation Evaluation

Currently,data security and privacy protection are becoming more and more important.Access control is a method of authorization for users through predefined policies.Token-based access control(TBAC)enhances the manageability of authorization through the token.However,traditional access control policies lack the ability to dynamically adjust based on user access behavior.Incorporating user reputation evaluation into access control can provide valuable feedback to enhance system security and flexibility.As a result,this paper proposes a blockchain-empowered TBAC system and introduces a user reputation evaluation module to provide feedback on access control.The TBAC system divides the access control process into three stages:policy upload,token request,and resource request.The user reputation evaluation module evaluates the user’s token reputation and resource reputation for the token request and resource request stages of the TBAC system.The proposed system is implemented using the Hyperledger Fabric blockchain.The TBAC system is evaluated to prove that it has high processing performance.The user reputation evaluation model is proved to be more conservative and sensitive by comparative study with other methods.In addition,the security analysis shows that the TBAC system has a certain anti-attack ability and can maintain stable operation under the Distributed Denial of Service(DDoS)attack environment.

EduASAC:A Blockchain-Based Education Archive Sharing and Access Control System

In the education archive sharing system,when performing homomorphic ciphertext retrieval on the storage server,there are problems such as low security of shared data,confusing parameter management,and weak access control.This paper proposes an Education Archives Sharing and Access Control(EduASAC)system to solve these problems.The system research goal is to realize the sharing of security parameters,the execution of access control,and the recording of system behaviors based on the blockchain network,ensuring the legitimacy of shared membership and the security of education archives.At the same time,the system can be combined with most homomorphic ciphertext retrieval schemes running on the storage server,making the homomorphic ciphertext retrieval mechanism controllable.This paper focuses on the blockchain access control framework and specifically designs smart contracts that conform to the business logic of the EduASAC system.The former adopts a dual-mode access control mechanism combining Discretionary Access Control(DAC)and Mandatory Access Control(MAC)and improves the tagging mode after user permission verification based on the Authentication and Authorization for Constrained Environments(ACE)authorization framework of Open Authorization(OAuth)2.0;the latter is used in the system to vote on nodes to join requests,define access control policies,execute permission verification processes,store,and share system parameters,and standardize the behavior of member nodes.Finally,the EduASAC system realizes the encryption,storage,retrieval,sharing,and access control processes of education archives.To verify the performance of the system,simulation experiments were conducted.The results show that the EduASAC system can meet the high security needs of education archive sharing and ensure the system’s high throughput,low latency,fast decision-making,and fine-grained access control ability.

The Design of an Intelligent Security Access Control System Based on Fingerprint Sensor FPC1011C

This paper deals with the design of an intelligent access control system based on the fingerprint sensor FPC- 1011C. The design uses the S3C2410 and TMS320VC5510A as the system processor. A fingerprint acquisition module and a wireless alarm module were designed by using the fingerprint sensor FPC1011C and GPRS module SIM100 respectively. The whole system was implemented wireless alarm through messages and GPRS-Internet in the GSM/GPRS web. In order to achieve the simple and high Real-time system, the μC-Linux system migration was also implemented.

A Protective Mechanism for the Access Control System in the Virtual Domain

In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system(OS) is comprised since malwares are running in ring 0 level. In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management(PM),security server(SS) and policy enforcement(PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache(AVC) between SS and PE in the guest OS,in order to speed up communication between the guest OS and the security domain. The policy enforcement module is retained in the guest OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implementthe system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.Keywords: hypervisor; virtualization; memo-

Blockchain-Enabled Privacy Protection and Access Control Scheme Towards Sensitive Digital Assets Management

With the growth of requirements for data sharing,a novel business model of digital assets trading has emerged that allows data owners to sell their data for monetary gain.In the distributed ledger of blockchain,however,the privacy of stakeholder's identity and the confidentiality of data content are threatened.Therefore,we proposed a blockchainenabled privacy-preserving and access control scheme to address the above problems.First,the multi-channel mechanism is introduced to provide the privacy protection of distributed ledger inside the channel and achieve coarse-grained access control to digital assets.Then,we use multi-authority attribute-based encryption(MAABE)algorithm to build a fine-grained access control model for data trading in a single channel and describe its instantiation in detail.Security analysis shows that the scheme has IND-CPA secure and can provide privacy protection and collusion resistance.Compared with other schemes,our solution has better performance in privacy protection and access control.The evaluation results demonstrate its effectiveness and practicability.

Deep Learning Social Network Access Control Model Based on User Preferences

A deep learning access controlmodel based on user preferences is proposed to address the issue of personal privacy leakage in social networks.Firstly,socialusers andsocialdata entities are extractedfromthe social networkandused to construct homogeneous and heterogeneous graphs.Secondly,a graph neural networkmodel is designed based on user daily social behavior and daily social data to simulate the dissemination and changes of user social preferences and user personal preferences in the social network.Then,high-order neighbor nodes,hidden neighbor nodes,displayed neighbor nodes,and social data nodes are used to update user nodes to expand the depth and breadth of user preferences.Finally,a multi-layer attention network is used to classify user nodes in the homogeneous graph into two classes:allow access and deny access.The fine-grained access control problem in social networks is transformed into a node classification problem in a graph neural network.The model is validated using a dataset and compared with other methods without losing generality.The model improved accuracy by 2.18%compared to the baseline method GraphSAGE,and improved F1 score by 1.45%compared to the baseline method,verifying the effectiveness of the model.

Big Data Access Control Mechanism Based on Two-Layer Permission Decision Structure

Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policymanagement efficiency and difficulty in accurately describing the access control policy. To overcome theseproblems, this paper proposes a big data access control mechanism based on a two-layer permission decisionstructure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes areintroduced in the ABAC model as business constraints between entities. The proposed mechanism implementsa two-layer permission decision structure composed of the inherent attributes of access control entities and thebusiness attributes, which constitute the general permission decision algorithm based on logical calculation andthe business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neuralnetwork, respectively. The general permission decision algorithm is used to implement accurate policy decisions,while the business permission decision algorithm implements fuzzy decisions based on the business constraints.The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent,adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure,the complex and diverse big data access control management requirements can be satisfied by considering thesecurity and availability of resources. Experimental results show that the proposed mechanism is effective andreliable. In summary, it can efficiently support the secure sharing of big data resources.

A Blockchain-Based Access Control Scheme for Reputation Value Attributes of the Internet of Things

The Internet of Things(IoT)access controlmechanism may encounter security issues such as single point of failure and data tampering.To address these issues,a blockchain-based IoT reputation value attribute access control scheme is proposed.Firstly,writing the reputation value as an attribute into the access control policy,and then deploying the access control policy in the smart contract of the blockchain system can enable the system to provide more fine-grained access control;Secondly,storing a large amount of resources fromthe Internet of Things in Inter Planetary File System(IPFS)to improve system throughput;Finally,map resource access operations to qualification tokens to improve the performance of the access control system.Complete simulation experiments based on the Hyperledger Fabric platform.Fromthe simulation experimental results,it can be seen that the access control system can achieve more fine-grained and dynamic access control while maintaining high throughput and low time delay,providing sufficient reliability and security for access control of IoT devices.

A Dual-Cluster-Head Based Medium Access Control for Large-Scale UAV Ad-Hoc Networks

Unmanned Aerial Vehicle(UAV)ad hoc network has achieved significant growth for its flexibility,extensibility,and high deployability in recent years.The application of clustering scheme for UAV ad hoc network is imperative to enhance the performance of throughput and energy efficiency.In conventional clustering scheme,a single cluster head(CH)is always assigned in each cluster.However,this method has some weaknesses such as overload and premature death of CH when the number of UAVs increased.In order to solve this problem,we propose a dual-cluster-head based medium access control(DCHMAC)scheme for large-scale UAV networks.In DCHMAC,two CHs are elected to manage resource allocation and data forwarding cooperatively.Specifically,two CHs work on different channels.One of CH is used for intra-cluster communication and the other one is for inter-cluster communication.A Markov chain model is developed to analyse the throughput of the network.Simulation result shows that compared with FM-MAC(flying ad hoc networks multi-channel MAC,FM-MAC),DCHMAC improves the throughput by approximately 20%~50%and prolongs the network lifetime by approximately 40%.

Decentralizing access control system for data sharing in smart grid

Smart grid enhances the intelligence of the traditional power grid,which allows sharing varied data such as consumer,production,or energy with service consumers.Due to the untrustworthy networks,there exist potential security threats(e.g.,unauthorized access and modification,malicious data theft)hindering the development of smart grid.While several access control schemes have been proposed for smart grid to achieve sensitive data protection and fine-grained identity management,most of them cannot satisfy the requirements of decentralizing smart grid environment and suffer from key escrow problems.In addition,some existing solutions cannot achieve dynamic user management for lacking the privilege revocation mechanism.In this paper,we propose a decentralizing access control system with user revocation to relieve the above problems.We design a new multiple-authority attribute-based encryption(MABE)scheme to keep data confidentiality and adapt decentralizing smart grid applications.We also compare our proposal with the similar solution from both security and performance.The comparing results show that our access control system can achieve a trade-off among confidentiality,authentication,distribution and efficiency in smart grid.

Ether-IoT:A Realtime Lightweight and Scalable Blockchain-Enabled Cache Algorithm for IoT Access Control

Several unique characteristics of Internet of Things(IoT)devices,such as distributed deployment and limited storage,make it challenging for standard centralized access control systems to enable access control in today’s large-scale IoT ecosystem.To solve these challenges,this study presents an IoT access control system called Ether-IoT based on the Ethereum Blockchain(BC)infrastructure with Attribute-Based Access Control(ABAC).Access Contract(AC),Cache Contract(CC),Device Contract(DC),and Policy Contract(PC)are the four central smart contracts(SCs)that are included in the proposed system.CC offers a way to save user characteristics in a local cache system to avoid delays during transactions between BC and IoT devices.AC is the fundamental program users typically need to run to build an access control technique.DC offers a means for storing the resource data created by devices and a method for querying that data.PC offers administrative settings to handle ABAC policies on users’behalf.Ether-IoT,combined with ABAC and the BC,enables IoT access control management that is decentralized,fine-grained and dynamically scalable.This research gives a real-world case study to illustrate the suggested framework’s implementation.In the end,a simulation experiment is performed to evaluate the system’s performance.To ensure data integrity in dispersed systems,the results show that Ether-IoT can sustain high throughput in contexts with a large number of requests.

Design and Implementation of File Access and Control System Based on Dynamic Web

A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is chosen for developing the file access and control system. Finally, the paper gives the detailed process of the design and implementation of the system, which includes some key problems such as solutions of document management and system security. Additionally, the limitations of the system as well as the suggestions of further improvement are also explained.

Security and Privacy Frameworks for Access Control Big Data Systems

In the security and privacy fields,Access Control(AC)systems are viewed as the fundamental aspects of networking security mechanisms.Enforcing AC becomes even more challenging when researchers and data analysts have to analyze complex and distributed Big Data(BD)processing cluster frameworks,which are adopted to manage yottabyte of unstructured sensitive data.For instance,Big Data systems’privacy and security restrictions are most likely to failure due to the malformed AC policy configurations.Furthermore,BD systems were initially developed toped to take care of some of the DB issues to address BD challenges and many of these dealt with the“three Vs”(Velocity,Volume,and Variety)attributes,without planning security consideration,which are considered to be patch work.Some of the BD“three Vs”characteristics,such as distributed computing,fragment,redundant data and node-to node communication,each with its own security challenges,complicate even more the applicability of AC in BD.This paper gives an overview of the latest security and privacy challenges in BD AC systems.Furthermore,it analyzes and compares some of the latest AC research frameworks to reduce privacy and security issues in distributed BD systems,which very few enforce AC in a cost-effective and in a timely manner.Moreover,this work discusses some of the future research methodologies and improvements for BD AC systems.This study is valuable asset for Artificial Intelligence(AI)researchers,DB developers and DB analysts who need the latest AC security and privacy research perspective before using and/or improving a current BD AC framework.

Performance Analysis of WLAN Medium Access Control Protocols in Simulcast Radio-Over-Fiber-Based Distributed Antenna Systems

The performance of three wireless local-area network(WLAN) media access control(MAC) protocols is investigated and compared in the context of simulcast radioover-fiber-based distributed antenna systems(RoF-DASs) where multiple remote antenna units(RAUs) are connected to one access point(AP) with different-length fiber links.The three WLAN MAC protocols under investigation are distributed coordination function(DCF) in basic access mode,DCF in request/clear to send(RTS/CTS) exchange mode,and point coordination function(PCF).In the analysis,the inter-RAU hidden nodes problems and fiber-length difference effect are both taken into account.Results show that adaptive PCF mechanism has better throughput performances than the other two DCF modes,especially when the inserted fiber length is short.

Study on Mandatory Access Control in a Secure Database Management System

This paper proposes a security policy model for mandatory access control in class B1 database management system whose level of labeling is tuple. The relation hierarchical data model is extended to multilevel relation hierarchical data model. Based on the multilevel relation hierarchical data model, the concept of upper lower layer relational integrity is presented after we analyze and eliminate the covert channels caused by the database integrity. Two SQL statements are extended to process polyinstantiation in the multilevel secure environment. The system is based on the multilevel relation hierarchical data model and is capable of integratively storing and manipulating multilevel complicated objects ( e.g., multilevel spatial data) and multilevel conventional data ( e.g., integer, real number and character string).

A Dynamic Active Multicast Group Access Control Framework Based on Trust Management System

The current multicast model provides no access control mechanism. Any host can send data directly to a multicast address or join a multicast group to become a member, which brings safety problems to multicast. In this paper, we present a new active multicast group access control mechanism that is founded on trust management. This structure can solve the problem that exists in multicast members＇ access control and distributing authorization of traditional IP multicast.

A Mandatory Access Control Framework in Virtual Machine System with Respect to Multi-level Security I： Theory

At present,there are few security models which control the communication between virtual machines (VMs).Moreover,these models are not applicable to multi-level security (MLS).In order to implement mandatory access control (MAC) and MLS in virtual machine system,this paper designs Virt-BLP model,which is based on BLP model.For the distinction between virtual machine system and non-virtualized system,we build elements and security axioms of Virt-BLP model by modifying those of BLP.Moreover,comparing with BLP,the number of state transition rules of Virt-BLP is reduced accordingly and some rules can only be enforced by trusted subject.As a result,Virt-BLP model supports MAC and partial discretionary access control (DAC),well satisfying the requirement of MLS in virtual machine system.As space is limited,the implementation of our MAC framework will be shown in a continuation.

Blockchain Data Privacy Access Control Based on Searchable Attribute Encryption

Data privacy is important to the security of our society,and enabling authorized users to query this data efficiently is facing more challenge.Recently,blockchain has gained extensive attention with its prominent characteristics as public,distributed,decentration and chronological characteristics.However,the transaction information on the blockchain is open to all nodes,the transaction information update operation is even more transparent.And the leakage of transaction information will cause huge losses to the transaction party.In response to these problems,this paper combines hierarchical attribute encryption with linear secret sharing,and proposes a blockchain data privacy protection control scheme based on searchable attribute encryption,which solves the privacy exposure problem in traditional blockchain transactions.The user’s access control is implemented by the verification nodes,which avoids the security risks of submitting private keys and access structures to the blockchain network.Associating the private key component with the random identity of the user node in the blockchain can solve the collusion problem.In addition,authorized users can quickly search and supervise transaction information through searchable encryption.The improved algorithm ensures the security of keywords.Finally,based on the DBDH hypothesis,the security of the scheme is proved in the random prediction model.

Virus spreading in wireless sensor networks with a medium access control mechanism

In this paper, an extended version of standard susceptible-infected （SI） model is proposed to consider the influence of a medium access control mechanism on virus spreading in wireless sensor networks. Theoretical analysis shows that the medium access control mechanism obviously reduces the density of infected nodes in the networks, which has been ignored in previous studies. It is also found that by increasing the network node density or node communication radius greatly increases the number of infected nodes. The theoretical results are confirmed by numerical simulations.