Access Control Management in Cloud Environments

Preface
Acknowledgements
Contents
Part I Description
	1 Introduction
		1.1 Overview and Motivation
			1.1.1 Cloud Computing
			1.1.2 Internet of Things
				IoT Data Taxonomy
				Data Generation
				Data Quality
				Data Interoperability
			1.1.3 Access Control Management
				Mobile Service System
				Electronic Payment
				Role Based Access Control
		1.2 Objectives of the Book
		1.3 Organization of the Book
		1.4 Problems and Exercises
			1.4.1 Problems
			1.4.2 Exercises
		References
	2 Electronic Commerce Items and Related Technology
		2.1 Introduction
		2.2 Items in Electronic Commerce
			2.2.1 Trust and Privacy
			2.2.2 Electronic Payment Systems
			2.2.3 Mass-Market Adoption
			2.2.4  Management and Implementation
			2.2.5 Security
				Network Connection Level
				Management Level
				Transactions Level
		2.3 A Framework for Electronic Commerce
			2.3.1 Criteria for Choosing a Framework
			2.3.2 Framework and Dimensions
			2.3.3 Dimension One: Software Technology in E-Commerce
			2.3.4 Dimension 2: Hardware Support in E-Commerce
			2.3.5 Dimension 3: E-Commerce Application
		2.4 Conclusions
		2.5 Problems and Exercises
			2.5.1 Problems
			2.5.2 Exercises
		References
	3 Untraceable Electronic Cash System in the Internet of Things
		3.1 Introduction
			3.1.1 Electronic Cash and Its Properties
			3.1.2 Off-line Electronic Cash Overview
			3.1.3 Outline of the Chapter
		3.2 Some Basic Definitions
			3.2.1 Hash Functions and Random Oracle Model
			3.2.2 Cut-and-Choose Technique
			3.2.3 RSA and DLA
			3.2.4 Blind Signature
		3.3 Basic Model
		3.4 New Off-line Untraceable Electronic Cash Scheme
			3.4.1 System Initialization
			3.4.2 New Untraceable Electronic Cash Scheme
		3.5 Security Analysis
		3.6 A Simple Example
		3.7 Comparisons
		3.8 Conclusion
		3.9 Problems and Exercises
			3.9.1 Problems
			3.9.2 Exercises
		References
Part II M-Services and Scalable Payment
	4 Achieving Secure and Flexible M-Services Through Tickets
		4.1 Introduction
		4.2 Security Primitives in the Proposed Architecture
			4.2.1 Basic Definitions
			4.2.2 Ticket Types
		4.3 Single Signature Scheme for Tickets t1 and t2
			4.3.1 System Initialization
			4.3.2 The Single Signature Scheme
		4.4 Multi-Signature Scheme for Ticket t3
			4.4.1 Scheme Initialization
			4.4.2 The Multi-Signature Scheme
		4.5 System Security
			4.5.1 Threat Analysis
			4.5.2 Analysis of Ticket Usage
		4.6 Comparisons
		4.7 Conclusions
		4.8 Problems and Exercises
			4.8.1 Problems
			4.8.2 Exercises
		References
	5 A Self-Scalable Anonymity Payment Approach in Cloud Environment
		5.1 Introduction
		5.2 Some Basic Definitions
			5.2.1 Hash Functions
			5.2.2 DLA and ElGamal Encryption System
			5.2.3 Undeniable Signature Scheme and Schnorr Signature Scheme
			5.2.4 Role Based Access Control
		5.3 Basic Model and New Payment Model
			5.3.1 Basic Payment Model
			5.3.2 Anonymity Provider Agent
			5.3.3 Proof of Ownership of a Coin
		5.4 Self-Scalable Anonymity Payment Scheme
			5.4.1 System Initialization
			5.4.2 New Off-line Payment Scheme
			5.4.3 Security Analysis
		5.5 User-Role Assignment
			5.5.1 Duty Separation Constraints
			5.5.2 Grant Model
			5.5.3 Revoke Model
		5.6 Implementations
		5.7 Conclusions
		Appendix: An Example of the New Scheme
		5.8 Problems and Exercises
			5.8.1 Problems
			5.8.2 Exercises
		References
	6 Using RBAC to Secure Payment Process in Cloud
		6.1 Introduction
		6.2 Administrative Issues in RBAC
			6.2.1 User-Role Assignments
			6.2.2 Permission-Role Assignments
			6.2.3 Role-Role Assignment
			6.2.4 Duty Separation Constraints
				Static Separation of Duty
				Dynamic Separation of Duty
		6.3 User-Role Assignments for a Flexible Payment Scheme
		6.4 Permission-Role Assignments with the Payment Scheme
		6.5 Related Work
		6.6 Conclusions
		6.7 Problems and Exercises
			6.7.1 Problems
			6.7.2 Exercises
		References
Part III RBAC with OCL and Negative Authorization
	7 Role-Based Access Control Constraints and Object Constraint Language
		7.1 Introduction
		7.2 Motivation and Related Technologies
			7.2.1 Role-Based Access Control
			7.2.2 Unified Modelling Language and Object Constraints Language
		7.3 Constraints in RBAC
			7.3.1 Separation Constraints
			7.3.2 Prerequisite Constraints
			7.3.3 Cardinality Constraints
			7.3.4 Mobility Constraints
		7.4 Constraints Expression with OCL
			7.4.1 Separation of Duty Constraints
			7.4.2 Mobility Constraints
			7.4.3 Prerequisite Constraints
			7.4.4 Cardinality Constraints
		7.5 Comparisons
		7.6  Conclusions
		7.7 Problems and Exercises
			7.7.1 Problems
			7.7.2 Exercises
		References
	8 Role-Based Delegation with Negative Authorization
		8.1 Introduction
		8.2 Related Work
		8.3 Delegation Framework
			8.3.1 Basic Elements and Components
			8.3.2 Role-Based Delegation
		8.4 Delegation Authorization
			8.4.1 Authorization Models
			8.4.2 An Approach for the Conflicting Problem
		8.5 Comparisons
		8.6 Conclusions
		8.7 Problems and Exercises
			8.7.1 Problems
			8.7.2 Exercises
		References
Part IV Ubiquitous Computing and Social Networks
	9 Access Control Management for Ubiquitous Computing
		9.1 Introduction
		9.2 Related Technologies
			9.2.1 Usage Control
			9.2.2 Ubiquitous Computing Model
		9.3 Authorization Models
		9.4 Security Architecture
			9.4.1 Structure of Reference Monitor
			9.4.2 Architectures
				SRM-Only Architecture
				CRM-Only Architecture
				SRM and CRM Architecture
		9.5 Comparisons
		9.6 Conclusions
		9.7 Problems and Exercises
			9.7.1 Problems
			9.7.2 Exercises
		References
	10 Trust-Based Access Control Management in Collaborative Open Social Networks
		10.1 Introduction
		10.2 Motivations
		10.3 A Trust Based Access Framework
		10.4 Access Control Policies
			10.4.1 Policy Operations
			10.4.2 Access Control Architecture
		10.5 Access Control Authorizations
		10.6 Comparisons
		10.7 Conclusions
		10.8 Problems and Exercises
			10.8.1 Problems
			10.8.2 Exercises
		References
Part V Access Control Policy and Blockchain Technology
	11 Building Access Control Policy Model for Privacy Preserving and Testing Policy Conflicting Problems
		11.1 Introduction
		11.2 Motivations
		11.3 Purpose Involved Access Control Framework
		11.4 Access Control Policies
			11.4.1 Authorization Models
			11.4.2 Policy Operations
		11.5 Conflicting Algorithms
		11.6 Experimental Results
		11.7 Comparisons
		11.8 Conclusions
		11.9 Problems and Exercises
			11.9.1 Problems
			11.9.2 Exercises
		References
	12 Effective Collaboration with Information Sharing in Virtual Universities
		12.1 Introduction
		12.2 Motivations
		12.3 The Role-Based Delegation and Revocation Framework
			12.3.1 Role-Based Access Control
			12.3.2 Role-Based Delegation Model
			12.3.3 Role-Based Group Delegation
		12.4 Role-Based Delegation Revocations
			12.4.1 Revocation Dimensions
			12.4.2 Revoking Delegations
		12.5 Delegation Authorization
			12.5.1 Authorization Models
			12.5.2 Authorization Rules
		12.6 XML Implementation
		12.7 Comparisons
		12.8 Conclusions
		12.9 Problems and Exercises
			12.9.1 Problems
			12.9.2 Exercises
		References
	13 Distributed Access Control Through Blockchain Technology
		13.1 Introduction
		13.2 Access Control Methods and Blockchain Technology
			13.2.1 Access Control Methods
			13.2.2 Enhancements on Ticket-Based Access Control Scheme for Mobile User
			13.2.3 Enhancements on Anonymity Payment Scheme
			13.2.4 Enhancements on Formal Authorization Approaches for Role Based Access Control
			13.2.5 Blockchain Technology
		13.3 Blockchain Based Access Control
		13.4 Blockchain-Based Access Control for the Internet of Things
		13.5 Future Work
			13.5.1 Improvement of the Payment Scheme
			13.5.2 Extension of Formal Authorization Approaches for Role Based Access Control
			13.5.3 Electronic Commerce with RBAC
			13.5.4 Implementation Issues
		References
Index