Tanjila Mawla, Maanak Gupta, Safwa Ameer, Ravi Sandhu
{"title":"用于智能互联系统中可变活动控制和依赖链的 $$mathrm {ACAC_{D}}$ 模型","authors":"Tanjila Mawla, Maanak Gupta, Safwa Ameer, Ravi Sandhu","doi":"10.1007/s10207-024-00881-5","DOIUrl":null,"url":null,"abstract":"<p>With the integration of connected devices, artificial intelligence, and heterogeneous networks in IoT-driven cyber-physical systems, our society is evolving as a smart, automated, and connected community. In such dynamic and distributed environments, various operations are carried out considering different contextual factors to support the automation of connected devices and systems. These devices often perform long-lived operations or tasks (referred to as activities) to fulfill larger goals in the connected environment. These activities are usually mutable (change states) and interdependent. They can influence the execution of other activities in the ecosystem, requiring <i>active</i> and real-time monitoring of the entire connected environment. Traditional access control models are designed to take authorization decisions at the time of access request and do not fit well in dynamic and connected environments, which require continuous active checks on dependent and mutable activities. Recently, a vision for activity-centric access control (ACAC) was proposed to enable security modeling and enforcement from the perspective and abstraction of interdependent activities. The proposed ACAC incorporates four decision parameters: Authorizations (A), oBligations (B), Conditions (C), and activity Dependencies (D) for an <i>object agnostic</i> continuous access control in smart systems. In this paper, we take a step further towards maturing ACAC by focusing on the mutability of activities (the ability of changing states of activities), activity dependencies (D) and developing a family of formal mathematically grounded models, referred to as <span>\\(\\mathrm {ACAC_{D}}\\)</span>. We propose six practically suitable sub-models for <span>\\(\\mathrm {ACAC_{D}}\\)</span> to support the state transition of a mutable activity incorporating the dependent activities’ state-check and state-update procedures. These formal models consider the real-time mutability of activities as a critical factor in resolving <i>active</i> dependencies among various activities in the ecosystem. Activity dependencies can form a chain where it is possible to have dependencies of dependencies. In ACAC, we also consider the chain of dependencies while handling the mutability of an activity. We highlight the challenges (such as multiple dependency paths, race conditions, circular dependencies, and deadlocks) while dealing with a chain of dependencies, and provide solutions to resolve these challenges. We also present a proof of concept implementation of our proposed <span>\\(\\mathrm {ACAC_{D}}\\)</span> models with performance analysis for a smart farming use case. This paper addresses the formal models’ intended behavior while supporting activities’ dependencies. Specifically, it focuses on developing and categorizing mathematically grounded activity dependencies into various ACAC sub-models without formal policy specification and analysis of theoretical complexities, which are intentionally kept out of the scope of this work.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"70 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"The $$\\\\mathrm {ACAC_{D}}$$ model for mutable activity control and chain of dependencies in smart and connected systems\",\"authors\":\"Tanjila Mawla, Maanak Gupta, Safwa Ameer, Ravi Sandhu\",\"doi\":\"10.1007/s10207-024-00881-5\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>With the integration of connected devices, artificial intelligence, and heterogeneous networks in IoT-driven cyber-physical systems, our society is evolving as a smart, automated, and connected community. In such dynamic and distributed environments, various operations are carried out considering different contextual factors to support the automation of connected devices and systems. These devices often perform long-lived operations or tasks (referred to as activities) to fulfill larger goals in the connected environment. These activities are usually mutable (change states) and interdependent. They can influence the execution of other activities in the ecosystem, requiring <i>active</i> and real-time monitoring of the entire connected environment. Traditional access control models are designed to take authorization decisions at the time of access request and do not fit well in dynamic and connected environments, which require continuous active checks on dependent and mutable activities. Recently, a vision for activity-centric access control (ACAC) was proposed to enable security modeling and enforcement from the perspective and abstraction of interdependent activities. The proposed ACAC incorporates four decision parameters: Authorizations (A), oBligations (B), Conditions (C), and activity Dependencies (D) for an <i>object agnostic</i> continuous access control in smart systems. In this paper, we take a step further towards maturing ACAC by focusing on the mutability of activities (the ability of changing states of activities), activity dependencies (D) and developing a family of formal mathematically grounded models, referred to as <span>\\\\(\\\\mathrm {ACAC_{D}}\\\\)</span>. We propose six practically suitable sub-models for <span>\\\\(\\\\mathrm {ACAC_{D}}\\\\)</span> to support the state transition of a mutable activity incorporating the dependent activities’ state-check and state-update procedures. These formal models consider the real-time mutability of activities as a critical factor in resolving <i>active</i> dependencies among various activities in the ecosystem. Activity dependencies can form a chain where it is possible to have dependencies of dependencies. In ACAC, we also consider the chain of dependencies while handling the mutability of an activity. We highlight the challenges (such as multiple dependency paths, race conditions, circular dependencies, and deadlocks) while dealing with a chain of dependencies, and provide solutions to resolve these challenges. We also present a proof of concept implementation of our proposed <span>\\\\(\\\\mathrm {ACAC_{D}}\\\\)</span> models with performance analysis for a smart farming use case. This paper addresses the formal models’ intended behavior while supporting activities’ dependencies. Specifically, it focuses on developing and categorizing mathematically grounded activity dependencies into various ACAC sub-models without formal policy specification and analysis of theoretical complexities, which are intentionally kept out of the scope of this work.</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"70 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-07-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00881-5\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00881-5","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
The $$\mathrm {ACAC_{D}}$$ model for mutable activity control and chain of dependencies in smart and connected systems
With the integration of connected devices, artificial intelligence, and heterogeneous networks in IoT-driven cyber-physical systems, our society is evolving as a smart, automated, and connected community. In such dynamic and distributed environments, various operations are carried out considering different contextual factors to support the automation of connected devices and systems. These devices often perform long-lived operations or tasks (referred to as activities) to fulfill larger goals in the connected environment. These activities are usually mutable (change states) and interdependent. They can influence the execution of other activities in the ecosystem, requiring active and real-time monitoring of the entire connected environment. Traditional access control models are designed to take authorization decisions at the time of access request and do not fit well in dynamic and connected environments, which require continuous active checks on dependent and mutable activities. Recently, a vision for activity-centric access control (ACAC) was proposed to enable security modeling and enforcement from the perspective and abstraction of interdependent activities. The proposed ACAC incorporates four decision parameters: Authorizations (A), oBligations (B), Conditions (C), and activity Dependencies (D) for an object agnostic continuous access control in smart systems. In this paper, we take a step further towards maturing ACAC by focusing on the mutability of activities (the ability of changing states of activities), activity dependencies (D) and developing a family of formal mathematically grounded models, referred to as \(\mathrm {ACAC_{D}}\). We propose six practically suitable sub-models for \(\mathrm {ACAC_{D}}\) to support the state transition of a mutable activity incorporating the dependent activities’ state-check and state-update procedures. These formal models consider the real-time mutability of activities as a critical factor in resolving active dependencies among various activities in the ecosystem. Activity dependencies can form a chain where it is possible to have dependencies of dependencies. In ACAC, we also consider the chain of dependencies while handling the mutability of an activity. We highlight the challenges (such as multiple dependency paths, race conditions, circular dependencies, and deadlocks) while dealing with a chain of dependencies, and provide solutions to resolve these challenges. We also present a proof of concept implementation of our proposed \(\mathrm {ACAC_{D}}\) models with performance analysis for a smart farming use case. This paper addresses the formal models’ intended behavior while supporting activities’ dependencies. Specifically, it focuses on developing and categorizing mathematically grounded activity dependencies into various ACAC sub-models without formal policy specification and analysis of theoretical complexities, which are intentionally kept out of the scope of this work.
期刊介绍:
The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation.
Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.