{"title":"Securing cross-domain data access with decentralized attribute-based access control","authors":"Ahmad Salehi Shahraki , Carsten Rudolph , Hooman Alavizadeh , A.S.M. Kayes , Wenny Rahayu , Zahir Tari","doi":"10.1016/j.adhoc.2025.103807","DOIUrl":null,"url":null,"abstract":"<div><div>In attribute-based access control (ABAC), access to resources depends on the specific attributes of the entity requesting access. Existing ABAC models primarily depend on local attribute authorities to define and confirm attributes, which makes it challenging to support access decisions cross-domains without introducing centralization. Centralized solutions often conflict with individual domains’ security, privacy, and control requirements and, if compromised for any reason, can impact access to large datasets across participating domains. This paper introduces a novel access control model for cross-domain environments that significantly reduces central control. Our decentralized ABAC (D-ABAC) model uses group signature techniques to exchange attribute information securely and privately within cross-domains. Each domain maintains its own policies and attribute authorities, reducing the need for global trust or centralization to mutual trust between attribute authorities. We further design and implement a proof-of-concept system to demonstrate the practical feasibility of our proposed system for the collaborative and secure sharing of healthcare data in cross-domain environments. The proposed system model enhances security, scalability, and privacy in cross-domain settings, making it suitable for sensitive environments such as healthcare.</div></div>","PeriodicalId":55555,"journal":{"name":"Ad Hoc Networks","volume":"173 ","pages":"Article 103807"},"PeriodicalIF":4.4000,"publicationDate":"2025-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ad Hoc Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1570870525000551","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
In attribute-based access control (ABAC), access to resources depends on the specific attributes of the entity requesting access. Existing ABAC models primarily depend on local attribute authorities to define and confirm attributes, which makes it challenging to support access decisions cross-domains without introducing centralization. Centralized solutions often conflict with individual domains’ security, privacy, and control requirements and, if compromised for any reason, can impact access to large datasets across participating domains. This paper introduces a novel access control model for cross-domain environments that significantly reduces central control. Our decentralized ABAC (D-ABAC) model uses group signature techniques to exchange attribute information securely and privately within cross-domains. Each domain maintains its own policies and attribute authorities, reducing the need for global trust or centralization to mutual trust between attribute authorities. We further design and implement a proof-of-concept system to demonstrate the practical feasibility of our proposed system for the collaborative and secure sharing of healthcare data in cross-domain environments. The proposed system model enhances security, scalability, and privacy in cross-domain settings, making it suitable for sensitive environments such as healthcare.
期刊介绍:
The Ad Hoc Networks is an international and archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in ad hoc and sensor networking areas. The Ad Hoc Networks considers original, high quality and unpublished contributions addressing all aspects of ad hoc and sensor networks. Specific areas of interest include, but are not limited to:
Mobile and Wireless Ad Hoc Networks
Sensor Networks
Wireless Local and Personal Area Networks
Home Networks
Ad Hoc Networks of Autonomous Intelligent Systems
Novel Architectures for Ad Hoc and Sensor Networks
Self-organizing Network Architectures and Protocols
Transport Layer Protocols
Routing protocols (unicast, multicast, geocast, etc.)
Media Access Control Techniques
Error Control Schemes
Power-Aware, Low-Power and Energy-Efficient Designs
Synchronization and Scheduling Issues
Mobility Management
Mobility-Tolerant Communication Protocols
Location Tracking and Location-based Services
Resource and Information Management
Security and Fault-Tolerance Issues
Hardware and Software Platforms, Systems, and Testbeds
Experimental and Prototype Results
Quality-of-Service Issues
Cross-Layer Interactions
Scalability Issues
Performance Analysis and Simulation of Protocols.