用于智能互联系统中可变活动控制和依赖链的 $$mathrm {ACAC_{D}}$ 模型

IF 2.4 4区 计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Information Security Pub Date : 2024-07-20 DOI:10.1007/s10207-024-00881-5
Tanjila Mawla, Maanak Gupta, Safwa Ameer, Ravi Sandhu
{"title":"用于智能互联系统中可变活动控制和依赖链的 $$mathrm {ACAC_{D}}$ 模型","authors":"Tanjila Mawla, Maanak Gupta, Safwa Ameer, Ravi Sandhu","doi":"10.1007/s10207-024-00881-5","DOIUrl":null,"url":null,"abstract":"<p>With the integration of connected devices, artificial intelligence, and heterogeneous networks in IoT-driven cyber-physical systems, our society is evolving as a smart, automated, and connected community. In such dynamic and distributed environments, various operations are carried out considering different contextual factors to support the automation of connected devices and systems. These devices often perform long-lived operations or tasks (referred to as activities) to fulfill larger goals in the connected environment. These activities are usually mutable (change states) and interdependent. They can influence the execution of other activities in the ecosystem, requiring <i>active</i> and real-time monitoring of the entire connected environment. Traditional access control models are designed to take authorization decisions at the time of access request and do not fit well in dynamic and connected environments, which require continuous active checks on dependent and mutable activities. Recently, a vision for activity-centric access control (ACAC) was proposed to enable security modeling and enforcement from the perspective and abstraction of interdependent activities. The proposed ACAC incorporates four decision parameters: Authorizations (A), oBligations (B), Conditions (C), and activity Dependencies (D) for an <i>object agnostic</i> continuous access control in smart systems. In this paper, we take a step further towards maturing ACAC by focusing on the mutability of activities (the ability of changing states of activities), activity dependencies (D) and developing a family of formal mathematically grounded models, referred to as <span>\\(\\mathrm {ACAC_{D}}\\)</span>. We propose six practically suitable sub-models for <span>\\(\\mathrm {ACAC_{D}}\\)</span> to support the state transition of a mutable activity incorporating the dependent activities’ state-check and state-update procedures. These formal models consider the real-time mutability of activities as a critical factor in resolving <i>active</i> dependencies among various activities in the ecosystem. Activity dependencies can form a chain where it is possible to have dependencies of dependencies. In ACAC, we also consider the chain of dependencies while handling the mutability of an activity. We highlight the challenges (such as multiple dependency paths, race conditions, circular dependencies, and deadlocks) while dealing with a chain of dependencies, and provide solutions to resolve these challenges. We also present a proof of concept implementation of our proposed <span>\\(\\mathrm {ACAC_{D}}\\)</span> models with performance analysis for a smart farming use case. This paper addresses the formal models’ intended behavior while supporting activities’ dependencies. Specifically, it focuses on developing and categorizing mathematically grounded activity dependencies into various ACAC sub-models without formal policy specification and analysis of theoretical complexities, which are intentionally kept out of the scope of this work.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"70 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"The $$\\\\mathrm {ACAC_{D}}$$ model for mutable activity control and chain of dependencies in smart and connected systems\",\"authors\":\"Tanjila Mawla, Maanak Gupta, Safwa Ameer, Ravi Sandhu\",\"doi\":\"10.1007/s10207-024-00881-5\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>With the integration of connected devices, artificial intelligence, and heterogeneous networks in IoT-driven cyber-physical systems, our society is evolving as a smart, automated, and connected community. In such dynamic and distributed environments, various operations are carried out considering different contextual factors to support the automation of connected devices and systems. These devices often perform long-lived operations or tasks (referred to as activities) to fulfill larger goals in the connected environment. These activities are usually mutable (change states) and interdependent. They can influence the execution of other activities in the ecosystem, requiring <i>active</i> and real-time monitoring of the entire connected environment. Traditional access control models are designed to take authorization decisions at the time of access request and do not fit well in dynamic and connected environments, which require continuous active checks on dependent and mutable activities. Recently, a vision for activity-centric access control (ACAC) was proposed to enable security modeling and enforcement from the perspective and abstraction of interdependent activities. The proposed ACAC incorporates four decision parameters: Authorizations (A), oBligations (B), Conditions (C), and activity Dependencies (D) for an <i>object agnostic</i> continuous access control in smart systems. In this paper, we take a step further towards maturing ACAC by focusing on the mutability of activities (the ability of changing states of activities), activity dependencies (D) and developing a family of formal mathematically grounded models, referred to as <span>\\\\(\\\\mathrm {ACAC_{D}}\\\\)</span>. We propose six practically suitable sub-models for <span>\\\\(\\\\mathrm {ACAC_{D}}\\\\)</span> to support the state transition of a mutable activity incorporating the dependent activities’ state-check and state-update procedures. These formal models consider the real-time mutability of activities as a critical factor in resolving <i>active</i> dependencies among various activities in the ecosystem. Activity dependencies can form a chain where it is possible to have dependencies of dependencies. In ACAC, we also consider the chain of dependencies while handling the mutability of an activity. We highlight the challenges (such as multiple dependency paths, race conditions, circular dependencies, and deadlocks) while dealing with a chain of dependencies, and provide solutions to resolve these challenges. We also present a proof of concept implementation of our proposed <span>\\\\(\\\\mathrm {ACAC_{D}}\\\\)</span> models with performance analysis for a smart farming use case. This paper addresses the formal models’ intended behavior while supporting activities’ dependencies. Specifically, it focuses on developing and categorizing mathematically grounded activity dependencies into various ACAC sub-models without formal policy specification and analysis of theoretical complexities, which are intentionally kept out of the scope of this work.</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"70 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-07-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00881-5\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00881-5","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

随着物联网驱动的网络物理系统中互联设备、人工智能和异构网络的集成,我们的社会正在演变成一个智能、自动化和互联的社区。在这种动态的分布式环境中,为了支持互联设备和系统的自动化,需要考虑不同的环境因素来执行各种操作。这些设备通常会执行长期的操作或任务(称为活动),以实现互联环境中的更大目标。这些活动通常是可变的(状态可变),并且相互依存。它们会影响生态系统中其他活动的执行,因此需要对整个互联环境进行主动和实时监控。传统的访问控制模型设计用于在提出访问请求时做出授权决定,不能很好地适应动态互联环境,因为这种环境需要对依赖性和易变性活动进行持续的主动检查。最近,有人提出了一种以活动为中心的访问控制(ACAC)设想,以便从相互依存活动的角度和抽象角度进行安全建模和执行。拟议的 ACAC 包含四个决策参数:授权 (A)、义务 (B)、条件 (C) 和活动依赖 (D),从而在智能系统中实现与对象无关的持续访问控制。在本文中,我们将重点放在活动的可变性(改变活动状态的能力)、活动依赖性(D)上,并开发了一系列正式的数学模型,称为 \(\mathrm {ACAC_{D}}\) ,从而进一步推动 ACAC 的成熟。我们为 \(\mathrm {ACAC_{D}}\) 提出了六个实际适用的子模型,以支持包含依赖活动的状态检查和状态更新程序的可变活动的状态转换。这些形式化模型将活动的实时可变性视为解决生态系统中各种活动间主动依赖关系的关键因素。活动依赖关系可以形成一个链条,在这个链条上有可能存在依赖关系的依赖关系。在 ACAC 中,我们在处理活动的可变性时也考虑了依赖链。我们强调了在处理依赖链时所面临的挑战(如多重依赖路径、竞赛条件、循环依赖和死锁),并提供了解决这些挑战的方案。我们还介绍了我们所提出的 \(\mathrm {ACAC_{D}}\) 模型的概念验证实现,并对智能农业用例进行了性能分析。本文讨论了正式模型的预期行为,同时支持活动的依赖性。具体来说,本文重点关注将数学基础上的活动依赖关系开发和分类到各种 ACAC 子模型中,而不涉及正式的策略规范和理论复杂性分析,这些都有意地超出了本文的研究范围。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

摘要图片

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
The $$\mathrm {ACAC_{D}}$$ model for mutable activity control and chain of dependencies in smart and connected systems

With the integration of connected devices, artificial intelligence, and heterogeneous networks in IoT-driven cyber-physical systems, our society is evolving as a smart, automated, and connected community. In such dynamic and distributed environments, various operations are carried out considering different contextual factors to support the automation of connected devices and systems. These devices often perform long-lived operations or tasks (referred to as activities) to fulfill larger goals in the connected environment. These activities are usually mutable (change states) and interdependent. They can influence the execution of other activities in the ecosystem, requiring active and real-time monitoring of the entire connected environment. Traditional access control models are designed to take authorization decisions at the time of access request and do not fit well in dynamic and connected environments, which require continuous active checks on dependent and mutable activities. Recently, a vision for activity-centric access control (ACAC) was proposed to enable security modeling and enforcement from the perspective and abstraction of interdependent activities. The proposed ACAC incorporates four decision parameters: Authorizations (A), oBligations (B), Conditions (C), and activity Dependencies (D) for an object agnostic continuous access control in smart systems. In this paper, we take a step further towards maturing ACAC by focusing on the mutability of activities (the ability of changing states of activities), activity dependencies (D) and developing a family of formal mathematically grounded models, referred to as \(\mathrm {ACAC_{D}}\). We propose six practically suitable sub-models for \(\mathrm {ACAC_{D}}\) to support the state transition of a mutable activity incorporating the dependent activities’ state-check and state-update procedures. These formal models consider the real-time mutability of activities as a critical factor in resolving active dependencies among various activities in the ecosystem. Activity dependencies can form a chain where it is possible to have dependencies of dependencies. In ACAC, we also consider the chain of dependencies while handling the mutability of an activity. We highlight the challenges (such as multiple dependency paths, race conditions, circular dependencies, and deadlocks) while dealing with a chain of dependencies, and provide solutions to resolve these challenges. We also present a proof of concept implementation of our proposed \(\mathrm {ACAC_{D}}\) models with performance analysis for a smart farming use case. This paper addresses the formal models’ intended behavior while supporting activities’ dependencies. Specifically, it focuses on developing and categorizing mathematically grounded activity dependencies into various ACAC sub-models without formal policy specification and analysis of theoretical complexities, which are intentionally kept out of the scope of this work.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
International Journal of Information Security
International Journal of Information Security 工程技术-计算机:理论方法
CiteScore
6.30
自引率
3.10%
发文量
52
审稿时长
12 months
期刊介绍: The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.
期刊最新文献
“Animation” URL in NFT marketplaces considered harmful for privacy An overview of proposals towards the privacy-preserving publication of trajectory data Enhancing privacy protections in national identification systems: an examination of stakeholders’ knowledge, attitudes, and practices of privacy by design An enhanced and verifiable lightweight authentication protocol for securing the Internet of Medical Things (IoMT) based on CP-ABE encryption Secure multi-party computation with legally-enforceable fairness
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1