Security Models and Mechanisms
By: Muhumuza Joshua, Brian Joram Wandobire, Bright Benard, Joel Tibabwetiza Muhanguzi
In an era of big data, security is quite a paradox yet to be solved. According to Gene Spafford, the only truly secure system is one powered off and cast in a block of concrete and sealed in a lead-lined room with armed guards.
The four pillars (4Vs) provided by big data i.e volume, variety, velocity, and value present a challenge in defining access control mechanisms to enhance security given the vast amount of processes i.e. storage, analysis, visualisation, and updating that vary in scope and the respective new rampant technologies being developed lately i.e. internet of things. This outdates security policies in existence and makes them hard to set up.
Access control as a backbone of technology brings opportunities to overcome these security challenges. Access control policies define procedures of performing or denying priorities by providing a set of rules that determine who, what, how, and where a given instruction has been performed.
The development of an access control system requires defining regulations according to which access is to be controlled and their implementation as functions executable by a computer system. It is implemented in a multiphase of policy, model, and mechanism.
A policy defines the (high-level) rules according to which access control must be regulated for example “Staff can read their file”.
A model provides a formal representation of the access control security policy and its working and the mechanism provides the low level (software and hardware) functions that implement the controls imposed by the policy and formally stated in the model. This kind of abstraction between policy, models, and mechanisms presents an advantage of multi-phase software development.
This kind of separation enables us to discuss protection requirements independently of their implementation, compare different access control policies and mechanisms that enforce the same policy, and design mechanisms that enforce multiple policies. This reduces coupling due to changes in policy.
In order to prove that the system is secure, we should be able to prove that the model is secure and that the mechanism correctly implements the model. However, having a correct mechanism is impossible, due to the security weaknesses of the implementation itself and the difficulty in mapping the access control primitives to a computer system.
A correct access control mechanism is expected to be tamper-proof (can’t be altered, or alterations should be detected), non-bypassable (all accesses to the system should be through it), confined(not clattered all over as verifiability in an undefined scope becomes hard) and should be small to enable rigorous verification checks.
The next hurdle presents defining access control policies and their respective models. This is due to the complex, ambiguous real-world security policies plus their translations yet a security policy must capture all regulations to be enforced and all possible threats.
Access control policies are grouped into three classes i.e. Discretionary authorized-based policies that use requester identity and access rules stating what requesters are not allowed to do. Mandatory access control policies use mandated regulations determined by a central authority and Role-based access control policies which depend on roles users have in the system and rules stating what each can access.
Three models that have been used over time are; Access control matrix model(HRU model) at the discretionary policies, the Bell-LaPadula model, and the Biba model for integrity-based Mandatory policies. Each of these has its low-based implementation called mechanisms. By the 1970s, access control systems were mainly used in the mainframe system, such as the BLP model and the Biba model.
An excerpt from Traditional and Hybrid Access Control Models(2021)
An access control mechanism can effectively monitor the access activities of resources and ensure that authorized users access information resources under legitimate conditions. Problems and challenges of access control mechanisms are analyzed to facilitate the adoption of access control solutions in real-life settings. Inconvenience and privacy threats are a paradigm yet to be solved in IoT applications. This is due to the massiveness of data evidenced by the 250% increment in M2M traffic(2011) in the United States still expected to occupy nearly half of the total traffic of the Internet by 2020. Massive data brings new challenges to data maintenance, storage, and retrieval. The dynamicity of the data from nodes and users makes it difficult to predict all the user information in advance an obstruction to the user and permission structure. Different application domains and environments require different characteristics of access control models and mechanisms.
With the widespread use of Web-based social networks (WBSNs) services, information sharing and dissemination are becoming more and more convenient, which poses serious security and privacy concerns. Access control policy management for IoT, such as integrating heterogeneous policies of different agents, policy detection, policy conflict resolution, user permission adjustment, policy matching, and so on is summarized into two main classes. The access control policy composition can be divided into policy standardization and policy conflict resolution. The second class is access control policy authoring, which includes permission assignment and policy matching.
Access Control Policy Combination and Conflict Resolution: An IoT search is a typical multi domain environment, which is composed of different search agents. Depending on different access control requirements of each domain, different access control policies need to be integrated to ensure the security of resources and data shared across different domains. Policy composition consists of two steps.
- Policy Standardization and Combination: This represents different access control policies in a standardized way.
- Policy Conflict Detection and Resolution: IoT search needs to address a large number of multiparty shared resources.
- Access Control Policy Authoring: IoT search is a massive, dynamic, and open environment, and these characteristics require real-time updating of the access control policy.
- Attribute Discovery: ABACus widely used onIoT search because the use attribute as the basic element of the access control policy can effectively solve the problem of dynamic change of massive subjects and objects.
- Policy Mining: The IoT search platform contains massive data and users, which correspond to a vast number of access control policies.
Policy and Model Combination To coordinate different access control policies between different domains and implement unified access control of resources, it is necessary to combine different access control policies.
The traditional access control model separates the subject and the object for policy detection and does not consider the objective connection between the subject and the object in the access control detection.
ACCESS AUTHORIZATION
IoT security vulnerabilities include insufficient authentication and authorization, lack of transport encryption, insecure Web interfaces, insecure software updates, etc. IoT security in security mechanisms is built from the ground up. All network communication must be encrypted and mutually authenticated. All access to device capabilities must be authorized and auditable.
Attribute Discovery Mechanism
Policy Mining
Access control is one of the essential services of information systems that protect underlying data from unauthorized access and improper modification.
Modern access control policy models require a more abstract and flexible approach to specifying authorization.
Security Technology Mining
Mode Mining;
- Centralized policy
- Distributed policy
- Locally centralized and globally Distributed policy
Characteristics Mining; It is essential to mine and analyze the node characteristics, such as attribute characteristics [100], role characteristics [101], capability characteristics [102], biometrics characteristics, and so on. Attribute mining is represented by ABAC. In ABAC, access rules can be determined based on various attributes, such as subject attributes, object attributes, environment attributes, and so on.
Authorization Model
The authorization model involves the following two phases. According to system requirements, we should first determine a security policy mode and the technology of each layer discussed in the last section. Then, we must design the access control model to encapsulate the defined policy.
We describe the authorization by category as follows;
Based on ABAC: The subject and the object are all identified through the attributes associated with characteristics [103]. In the ABAC model, the user is granted an appropriate access right according to his attributes when submitting an access request.
Based on RBAC:RBAC provides an authorization framework that specifies users’ access to resources based on their roles and supports security principles, such as least privilege, partition of administrative functions, and separation of duties.
BasedonCapBAC:In the CapBAC model, the users are granted access based on a token of authority (such as a key, a ticket, and so on), as well as the authorization chain.
Based on UCON: The UCON model in [111] puts forward the problem of authorization in a continuous way before the access execution, during the execution, and afterwards.
Based on Organizational-Based Access Control (OrBAC): OrBAC has extended the RBAC model and introduces the notion of “organization” as a new dimension.
Based on Biometrics Features or Blockchain: With the richness of IoT devices, bio features are fast becoming one of the key elements used to authenticate the IoT devices and their users.
Based on Open Authorization (OAuth): OAuth is an access control framework for clients accessing resources on Web servers.[1]
OPEN RESEARCH ISSUES
There are still many important issues and challenges that need to be addressed.
Policy Conflict Caused by Different Authorizations:
Policy Conflict Caused by Multiparty Relationship
Attribute-Permission Assignment Within Noise Data
Modeling and Evaluation of IoT Security Search
Authentication and Anonymous Protection of Physical Devices in the IoT
Strong Privacy: With the improvement of data sharing, more and more attention has been paid to data privacy and security. To protect an individual’s privacy, governments and researchers have proposed many privacy principles, such as ISO/IEC 29100:2011 [6], privacy by design [7], general data protection regulation [8], and fair information practice principles [9].
Multiparty Commonality: The data in IoT search are no longer limited to a single-closed environment, but generated by different cooperative organizations. The IoT search service is actually composed of several information systems that are dynamically connected. Access control methods and techniques cannot fully solve the access control problems faced by IoT search.
OSN is chosen as the application domain to discuss how access control models and solutions could meet the security and privacy requirements of OSN.
ACCESS CONTROL BACKGROUND
Once the private data are leaked, it may bring massive losses to the organisations.
Different from the traditional access control models with manual assignment of roles, ownership, or security labels by a system administrator, ABAC allows for the creation of access policies based on the existing attributes of the users and objects in the system. Temporal-RBAC (TRBAC) [33] is an extension of the RBAC model, which supports periodic role enabling, disabling, and temporal dependencies by using role triggers.
usage control (UCON) was developed in [35], which enables fine-grained control over usage of digital objects than that of traditional access control policies and models.
ABAC makes access control decisions based on the attributes of access control entities.
A simplified ABAC model is given in Fig. 2, where attribute assignment (AA) aims to assign attributes to subjects and objects, policy permission relation (PPR) is the relation between policies and the permissions they grant, and policy is the set of all policies that govern access in the system.
CP-ABE is the reverse of KP-ABE, using an attribute-based policy to encrypt an object, where the access structure that is used to describe the access control policy is combined with the resource to be accessed, and the attribute set is associated with the user’s private key. In this model, the access control policy is set by the data owner, so that the data owner freedom is higher.
A joint access control and random access channel resource allocation strategy are proposed to solve the optimization problem for maximization of the random access efficiency with the access delay constraints.
References:
