A topology-aware access control model for collaborative cyber-physical spaces: Specification and verification. Issue 87 (November 2019)
- Record Type:
- Journal Article
- Title:
- A topology-aware access control model for collaborative cyber-physical spaces: Specification and verification. Issue 87 (November 2019)
- Main Title:
- A topology-aware access control model for collaborative cyber-physical spaces: Specification and verification
- Authors:
- Cao, Yan
Huang, Zhiqiu
Ke, Changbo
Xie, Jian
Wang, Jinyong - Abstract:
- Abstract: In collaborative environment, distributed multiple cyber-physical spaces interoperate with each other aiming to provide an intelligent spatial environment for their users to conduct their collaborative activities. Subjects and objects roam in the physical and cyber spaces among domains to support the completion of the activities. These dynamic behaviors bring great challenges to security issue. The actions of roaming subjects and roaming objects need to be specified and checked against security requirements of constituent domains. However, the existing inter-domain access control models was proposed for the traditional information system and focus on the cyber security. They cannot deal with the intricacies of cross-domain access requests in cyber-physical spaces. In this paper, we propose a formal inter-domain model to specify cyber-physical access control policies and a model checking approach to ensure security requirements hold in these policies. We first present a formal definition of the topology configuration to capture the environment characteristics of the cyber-physical spaces. It provides important contextual information for the access control system. Then, based on topology attributes defined in the topology configuration, a topology-aware inter-domain access control model TA-CPAC is proposed. It can adjust the permission assignment adaptively to react to the behaviors changes of subjects and objects. Next, the topology configuration and TA-CPAC modelAbstract: In collaborative environment, distributed multiple cyber-physical spaces interoperate with each other aiming to provide an intelligent spatial environment for their users to conduct their collaborative activities. Subjects and objects roam in the physical and cyber spaces among domains to support the completion of the activities. These dynamic behaviors bring great challenges to security issue. The actions of roaming subjects and roaming objects need to be specified and checked against security requirements of constituent domains. However, the existing inter-domain access control models was proposed for the traditional information system and focus on the cyber security. They cannot deal with the intricacies of cross-domain access requests in cyber-physical spaces. In this paper, we propose a formal inter-domain model to specify cyber-physical access control policies and a model checking approach to ensure security requirements hold in these policies. We first present a formal definition of the topology configuration to capture the environment characteristics of the cyber-physical spaces. It provides important contextual information for the access control system. Then, based on topology attributes defined in the topology configuration, a topology-aware inter-domain access control model TA-CPAC is proposed. It can adjust the permission assignment adaptively to react to the behaviors changes of subjects and objects. Next, the topology configuration and TA-CPAC model are formalized by the use of bigraphs and bigraphs reactive systems respectively, which allows us to utilize the model checking technology to reason about that whether the behaviors of roaming subjects and objects satisfy security requirements of all constituent domains. Finally, the effectiveness of our approach is evaluated by a collaborative scenario in a smart city. … (more)
- Is Part Of:
- Computers & security. Issue 87(2019)
- Journal:
- Computers & security
- Issue:
- Issue 87(2019)
- Issue Display:
- Volume 87, Issue 87 (2019)
- Year:
- 2019
- Volume:
- 87
- Issue:
- 87
- Issue Sort Value:
- 2019-0087-0087-0000
- Page Start:
- Page End:
- Publication Date:
- 2019-11
- Subjects:
- Cross-domain authorization -- Access control -- Cyber-physical space -- Bigraphs -- Model checking
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2019.02.013 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16314.xml