Computer Science ›› 2020, Vol. 47 ›› Issue (7): 56-65.doi: 10.11896/jsjkx.190700157

• Database & Big Data & Data Science • Previous Articles     Next Articles

Research Progress on Risk Access Control

WANG Jing-yu, LIU Si-rui   

  1. School of Information Engineering,Inner Mongolia University of Science and Technology,Baotou,Inner Mongolia 014010,China
  • Received:2019-07-22 Online:2020-07-15 Published:2020-07-16
  • About author:WANG Jing-yu,born in 1976,Ph.D,professor,is a member of China Computer Federation.His main research interests include cloud computing and information security.
    LIU Si-rui,born in 1993,postgraduate.Her main research interests include information security and big data access control.
  • Supported by:
    This work was supported by the National Natural Science Foundation of China(61662056) and Natural Science Foundation of Inner Mongolia Autonomous Region,China(2016MS0609,2016MS0608)

Abstract: Big data access control is one of the important technologies to ensure the security and information sharing of big data.However,because the traditional access control strategy can not meet the real-time and dynamic access information in the dynamic environment,the risk assessment method is introduced in the access control to coordinate access control policies,improve the application of access control in dynamic environments.In view of this,this paper systematically reviews and summarizes the main work of risk access control research at home and abroad,and analyzes the latest research results in recent years.Firstly,the risk access control extended to the traditional access control model and its XACML framework-based access control model is analyzed and summarized,and the application in different environments is summarized.Secondly,the techniques and methods of risk access control are summarized and analyzed,the risk is self-contained,and Risk-Adaptive Access Control (RAdAC) is analyzed and researched.Finally,the future research on risk access control in big data environment is prospected,and some problems with research value are proposed.This paper argues that risk-based access control is still an important research content of access control in future big data access control research technology.

Key words: Access control, Risk quantification, Risk factor, Risk threshold, Risk-adaptation

CLC Number: 

  • TP391
[1] BIRYUKOV A,CHRISTOPHE D C,WINKLER W E,et al.Discretionary Access Control[M]//Encyclopedia of Cryptography and Security.Springer US,2011.
[2] SAMARATI P, VIMERCATI S C D.Access Control:Policies,Models,and Mechanisms[C]//International School on Foundations of Security Analysis and Design. Berlin:Springer,2000:137-196.
[3] ALTURI V ,FERRAIOLO D.Role-Based Access Control[J].Computer,1998,4(3):554-563.
[4] https://baike.baidu.com/item/%E9%A3%8E%E9%99%A9/2833020?fr=aladdin.
[5] CHEN Y.Application of Fuzzy Analytic Hierarchy Process inInformation Security Evaluation of M System[J].Communication and Information Technology,2017(3):45-48.
[6] XU S,TANG Z Q,WANG X.Information Security Risk Assessment Based on D-AHP and Grey Theory[J].Computer Course,2019,45(7):194-202.
[7] TANG Z Q,HUANG Y J,LIANG J,et al.The grading of infor-mation systems based on grey fuzzy comprehensive theory[J].Journal of Beijing PolytechnicUniversity,2018,44(8):1145-1151.
[8] WANG X R,MA H Z,FENG A R,et al.Network Intrusion Detection Method Based on Information Gain and Principal Component Analysis[J].Computer Engineering,2019,45(6):175-180.
[9] M.C.Jason Prograrm Office.HORIZONTAL INTEGRA-TION:Broader Access Models for Realizing Information Dominance[OL].https://xueshu.baidu.com/usercenter/paper/show?paperid=39c44011ef24a98c761ce4698c1ff68b&site=xueshu_se.
[10] CHENG P C,ROHATGI P,KESER C,et al.Fuzzy Multi-Level Security:An Experiment on Quantified Risk-Adaptive Access Control[C]//IEEE Symposium on Security & Privacy.2007:222-230.
[11] WANG L,WIJESEKERA D,JAJODIA S.A logic-based framework for attribute based access control[C]//Acm Workshop on Formal Methods in Security Engineering.ACM,2004:45-55.
[12] VAANCHIG N,CHEN W,QIN Z.Ciphertext-Policy Attribute-Based Access Control with Effective User Revocation for Cloud Data Sharing System[C]//International Conference on Advanced Cloud & Big Data.IEEE,2017:186-193.
[13] JIANG Z J.Fuzzy Mathematics Theory and Method [M].Beijing:Publishing House of Electronics Industry,2015:1-223.
[14] LELLIOTT R.Fuzzy sets,natural language computations,and risk analysis[J].Fuzzy Sets & Systems,1988,27(3):395-396.
[15] BELL D E,LAPADULA L J.Computer Security Model:UnifiedExposition and Multics Interpretation[OL].https://www.researchgate.net/publication/238672205_Secure_Computer_Systems_Unified_Exposition_and_Multics_Interpretation
[16] NI Q,BERTINO E,LOBO J.Risk-based access control systems built on fuzzy inferences[C]//Proceedings of the 5th ACM Symposium on Information,Computer and Communications Security.2010.
[17] LAZZERINI B,MKRTCHYAN L.Analyzing Risk Impact Factors Using Extended Fuzzy Cognitive Maps[J].IEEE Systems Journal,2011,5(2):288-297.
[18] LI J,BAI Y,ZAMAN N.A Fuzzy Modeling Approach for Risk-Based Access Control in eHealth Cloud[C]//IEEE International Conference on Trust.IEEE,2013:17-23.
[19] MOYER M J C,AHAMAD M.Generalized role-based accesscontrol for securing future applications[C]//In 23rd National Information Systems Security Conference(NISSC 2000).Baltimore,Md,USA,October 2000.
[20] ZHANG G,PARASHAR M.Context-Aware Dynamic AccessControl for Pervasive Applications[C]//In Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2004).Western Multi Conference (WMC),San Diego,CA,USA,January 2004.
[21] DIEP N N,HUNG L X,ZHUNG Y,et al.Enforcing AccessControl Using Risk Assessment[C]//European Conference on Universal Multiservice Networks.IEEE,2007:419-424.
[22] CHEN L,CRAMPTON J.Risk-aware role-based access control[C]//International Conference on Security & Trust Management.Springer-Verlag,2011:140-156.
[23] SANTOS D R D,WESTPHALL C M,WESTPHALL C B.A dynamic risk-based access control architecture for cloud computing[C]//Network Operations & Management Symposium.IEEE,2014:1-9.
[24] ARIAS-CABARCOS P,ALMENAAREZ-MENDOZA F,MARON-LOPEZ A,et al.A Metric-Based Approach to Assess Risk for On Cloud Federated Identity Management[J] J.of Net.And Sys.Man.,20(2012)513-533.
[25] SANTOS D R D,MARINHO R,SCHMITT G R,et al.AFramework and Risk Assessment Approaches for Risk-based Access Control in the Cloud[J].Journal of Network and Computer Applications,2016,74:86-97.
[26] ROWLEY,ROBERT D.Professional Social Networking[J].Current Psychiatry Reports,2014,16(12):522.
[27] BOUCHAMI A,GOETTELMANN E,PERRIN O,et al.En-hancing Access-Control with Risk-Metrics for Collaboration on Social Cloud-Platforms[C]//IEEE Trustcom/bigdatase/ispa.IEEE,2015:864-871.
[28] CHEN A,XING H,SHE K,et al.A Dynamic Risk-Based Access Control Model for Cloud Computing[C]//2016 IEEE International Conferences on Big Data and Cloud Computing (BDCloud),Social Computing and Networking (SocialCom),Sustainable Computing and Communications (SustainCom).IEEE,2016:579-584.
[29] YANG H Y,NING Y G.A Dynamic Risk Access Control Model for Cloud Platform[J].Journal of Xidian University,2018,45(5):80-88.
[30] KAMOUN-ABID,FERDAOUS,MEDDEB-MAKHLOUF,et al.Risk-based Decision for a Distributed and Cooperative network policy in Cloud Computing[C]//14th International Wireless Communications & Mobile Computing Conference (IWCMC).2018:1161-1166.
[31] XU Y,GAO W,ZENG Q,et al.A Feasible Fuzzy-Extended Attribute-Based Access Control Technique[J].Security and Communication Networks,2018,2018:1-11.
[32] KRAUTSEVICH L,LAZOUSKI A,MARTINELLI F,et al.Towards Attribute-Based Access Control Policy Engineering Using Risk[M]//Risk Assessment and Risk-Driven Testing.Springer International Publishing,2016:80-90.
[33] METOUI N,BEZZI M,ARMANDO A.Risk-Based Privacy-Aware Access Control for Threat Detection Systems[J].Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVI.2017:1-30.
[34] YASSINE N M,PERROT N,KHEIR N,et al.A New Risk Assessment Framework Using Graph Theory for Complex ICT Systems[C]//ACM CCS International Workshop on Managing Insider Security Threats.ACM,2016:97-100.
[35] WANG Q,JIN H.Quantified risk-adaptive access control for patient privacy protection in health information systems[C]//Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security.ACM,2011:406-410.
[36] ZHEN H,HAO L I,MIN Z,et al.Risk-adaptive access control model for big data in healthcare[J].Journal on Communications,2015,36(12):190-199.
[37] SHARMA M,BAI Y,CHUNG S,et al.Using Risk in Access Control for Cloud-Assisted eHealth[C]//IEEE International Conference on High Performance Computing & Communication &IEEE International Conference on Embedded Software & Systems.IEEE,2012:1047-1052.
[38] AQEELI S S A,ALRODHAAN M A,TIAN Y,et al.Privacy Preserving Risk Mitigation Approach for Healthcare Domain[J].E-Health Telecommunication Systems and Networks,2018,7(1):1-42.
[39] CLEVELAND J,MAYHEW M J,ADLER A,et al.ScalableMachine Learning Framework for Behavior-Based Access Control[C]//International Symposium on Resilient Control Systems.IEEE,2013.
[40] BEN DAOUD W,MEDDEB-MAKHLOUF A,ZARAI F.AModel of Role-Risk Based Intrusion Prevention for Cloud Environment[C]//IEEE International Wireless Communications and Mobile Computing Conference.IEEE,2018:530-535.
[41] LIU H,ZHANG L M,CHEN Z G.Task access control model based on fuzzy theory in P2P networks[J].Transactions of Communications,2017,38(2):44-52.
[42] CHEN Y,MALIN B.Detection of anomalous insiders in collabo-rative environments via relational analysis of access logs[C]//Acm Conference on Data & Application Security & Privacy.CODASPY,2011.
[43] LIAO Y,VEMURI V R.Use of K-Nearest Neighbor classifier for intrusion detection[J].Computers & Security,2002,21(5):439-448.
[44] SHYU M,CHEN S,SARINNAPAKORN K,et al.A novel anomaly detection scheme based on principal component classififier[C]//IEEE Foundations and New Directions of Data Mining Workshop.2003:172-179.
[45] ATLAM H F,ALENEZI A,HUSSEIN R K,et al.Validation of an Adaptive Risk-based Access Control Model for the Internet of Things[J].International Journal of Computer Network & Information Security,2018,1(1):26-35.
[46] MCGRAW R. Risk-Adaptable Access Control (radac)[C]//Privilege (Access) Management Workshop.NIST,National Institute of Standards and Technology,Information Technology Laboratory.2009.
[47] BRITTON D W,BROWN I A.A Security Risk Measurement for the RAdAC Model[D].Monterey California Naval Postgra-duate School,2007:89.
[48] HUANG D H,YANG Y Q.Role-Based Risk Adaptive Access Control Model[J].Applied Mechanics and Materials,2013,416-417:1516-1521.
[49] FALL D,OKUDA T,KADOBAYASHI Y,et al.Risk Adaptive Authorization Mechanism (RAdAM) for Cloud Computing[J].Journal of Information Processing,2016,24(2):371-380.
[50] KANDALA S,SANDHU R,BHAMIDIPATI V.An attributebased framework for risk-adaptive access control models[C]//Sixth International Conference on Availability.IEEE Computer Society,2011:236-241.
[51] DÍAZLÓPEZ D,DÓLERATORMO G,GÓMEZMÁRMOL F,et al.Dynamic counter-measures for risk-based access control systems:An evolutive approach[J].Future Generation Computer Systems,2016,55(C):321-335.
[52] AL-ZEWAIRI M,ALQATAWNA J,ATOUM J.Risk adaptive hybrid RFID access control system[J].Security and Communication Networks,2015,8(18):3826-3835.
[53] MOURA P,FAZENDEIRO P,MARQUES P,et al.SoTRAACE-Socio-technical risk-adaptable access control model[C]//International Carnahan Conference on Security Technology.IEEE,2017.
[54] ZADEH L.Fuzzy sets[J].Information and Control,1965,8(3):338-353.
[55] NARANJO R,SANTOS M.A fuzzy decision system for money investment in stock markets based on fuzzy candlesticks patternrecognition[J].Expert Systems with Applications,2019,133:34-48.
[56] DHIVYA R,PRAKASH R.Edge Detection of Images UsingImproved Fuzzy C-Means and Artificial Neural Network Technique[J].Journal of Medical Imaging and Health Informatics,2019,9(6):1284-1293.
[57] MENDES W R,ARAUJO F M U,DUTTA R,et al.Fuzzy control system for variable rate irrigation using remote sensing[J].Expert Systems with Applications,2019,124:13-24.
[58] KANGARI R,RIGGS L.Construction risk assessment by lin-guistics[J].IEEE Transactions on Engineering Management,1989,36(2):126-131.
[59] XU Z Y,SHANG S C,QIAN W B,et al.A method for fuzzy risk analysis based on the new similarity of trape zoidal fuzzy numbers[J].Expert Systems with Applications,2010,37(3):1920-1927.
[1] GU Rong-Jie, WU Zhi-ping and SHI Huan. New Approach for Graded and Classified Cloud Data Access Control for Public Security Based on TFR Model [J]. Computer Science, 2020, 47(6A): 400-403.
[2] PAN Heng, LI Jing feng, MA Jun hu. Role Dynamic Adjustment Algorithm for Resisting Insider Threat [J]. Computer Science, 2020, 47(5): 313-318.
[3] WANG Hui, LIU Yu-xiang, CAO Shun-xiang, ZHOU Ming-ming. Medical Data Storage Mechanism Integrating Blockchain Technology [J]. Computer Science, 2020, 47(4): 285-291.
[4] TU Yuan-fei,ZHANG Cheng-zhen. Secure and Efficient Electronic Health Records for Cloud [J]. Computer Science, 2020, 47(2): 294-299.
[5] QIAO Mao,QIN Ling. AB-ACCS Scheme for Revocation of Efficient Attributes in Cloud Storage Services [J]. Computer Science, 2019, 46(7): 96-101.
[6] WU Dai-yue, LI Qiang, YU Xiang, HUANG Hai-jun. Client Puzzle Based Access Control Model in Public Blockchain [J]. Computer Science, 2019, 46(4): 129-136.
[7] HUANG Mei-rong, OU Bo, HE Si-yuan. Access Control Method Based on Feature Extraction [J]. Computer Science, 2019, 46(2): 109-114.
[8] FAN Jian-feng, LI Yi, WU Wen-yuan, FENG Yong. Double Blockchain Based Station Dynamic Loop Information Monitoring System [J]. Computer Science, 2019, 46(12): 155-164.
[9] ZHAO Peng, WU Li-fa, HONG Zheng. Research on Broker Based Multicloud Access Control Model [J]. Computer Science, 2019, 46(11): 123-129.
[10] WANG Jing, SI Shu-jian. Attribute Revocable Access Control Scheme for Brain-Computer Interface Technology [J]. Computer Science, 2018, 45(9): 187-194.
[11] HE Si-yuan, OU Bo, LIAO Xin. Role Matching Access Control Model for Distributed Workflow [J]. Computer Science, 2018, 45(7): 129-134.
[12] LIU Xin-yu, LI Lang, XIAO Bing-bing. Attribute-based Proxy Re-encryption Technology and Fault-tolerant Mechanism Based Data Retrieval Scheme [J]. Computer Science, 2018, 45(7): 162-166.
[13] WU Wei-jian, CHEN Shi-guo,LI Dan. Application of Dual Keeloq Algorithm in Intelligent Access Control System [J]. Computer Science, 2018, 45(6A): 573-575.
[14] YANG Xia, YANG Shan, GUO Wen-sheng, SUN Hai-yong, ZHAO Xiao-yan and ZHANG Yang. Research and Implementation of Light-weight Mandatory Access Control Technology for RTOS [J]. Computer Science, 2018, 45(3): 138-143.
[15] YANG Ying, XIA Jian-feng, ZHU Da-li. Multi-policy Security Model of Mobile Thin Client Based on Web Operating System [J]. Computer Science, 2018, 45(11): 108-114.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75 .
[2] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[3] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[4] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[5] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99 .
[6] ZHOU Yan-ping and YE Qiao-lin. L1-norm Distance Based Least Squares Twin Support Vector Machine[J]. Computer Science, 2018, 45(4): 100 -105 .
[7] LIU Bo-yi, TANG Xiang-yan and CHENG Jie-ren. Recognition Method for Corn Borer Based on Templates Matching in Muliple Growth Periods[J]. Computer Science, 2018, 45(4): 106 -111 .
[8] GENG Hai-jun, SHI Xin-gang, WANG Zhi-liang, YIN Xia and YIN Shao-ping. Energy-efficient Intra-domain Routing Algorithm Based on Directed Acyclic Graph[J]. Computer Science, 2018, 45(4): 112 -116 .
[9] CUI Qiong, LI Jian-hua, WANG Hong and NAN Ming-li. Resilience Analysis Model of Networked Command Information System Based on Node Repairability[J]. Computer Science, 2018, 45(4): 117 -121 .
[10] WANG Zhen-chao, HOU Huan-huan and LIAN Rui. Path Optimization Scheme for Restraining Degree of Disorder in CMT[J]. Computer Science, 2018, 45(4): 122 -125 .