Securing cross-domain data access with decentralized attribute-based access control

IF 4.4 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Ad Hoc Networks Pub Date : 2025-03-07 DOI:10.1016/j.adhoc.2025.103807

Ahmad Salehi Shahraki , Carsten Rudolph , Hooman Alavizadeh , A.S.M. Kayes , Wenny Rahayu , Zahir Tari

{"title":"Securing cross-domain data access with decentralized attribute-based access control","authors":"Ahmad Salehi Shahraki , Carsten Rudolph , Hooman Alavizadeh , A.S.M. Kayes , Wenny Rahayu , Zahir Tari","doi":"10.1016/j.adhoc.2025.103807","DOIUrl":null,"url":null,"abstract":"<div><div>In attribute-based access control (ABAC), access to resources depends on the specific attributes of the entity requesting access. Existing ABAC models primarily depend on local attribute authorities to define and confirm attributes, which makes it challenging to support access decisions cross-domains without introducing centralization. Centralized solutions often conflict with individual domains’ security, privacy, and control requirements and, if compromised for any reason, can impact access to large datasets across participating domains. This paper introduces a novel access control model for cross-domain environments that significantly reduces central control. Our decentralized ABAC (D-ABAC) model uses group signature techniques to exchange attribute information securely and privately within cross-domains. Each domain maintains its own policies and attribute authorities, reducing the need for global trust or centralization to mutual trust between attribute authorities. We further design and implement a proof-of-concept system to demonstrate the practical feasibility of our proposed system for the collaborative and secure sharing of healthcare data in cross-domain environments. The proposed system model enhances security, scalability, and privacy in cross-domain settings, making it suitable for sensitive environments such as healthcare.</div></div>","PeriodicalId":55555,"journal":{"name":"Ad Hoc Networks","volume":"173 ","pages":"Article 103807"},"PeriodicalIF":4.4000,"publicationDate":"2025-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ad Hoc Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1570870525000551","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

In attribute-based access control (ABAC), access to resources depends on the specific attributes of the entity requesting access. Existing ABAC models primarily depend on local attribute authorities to define and confirm attributes, which makes it challenging to support access decisions cross-domains without introducing centralization. Centralized solutions often conflict with individual domains’ security, privacy, and control requirements and, if compromised for any reason, can impact access to large datasets across participating domains. This paper introduces a novel access control model for cross-domain environments that significantly reduces central control. Our decentralized ABAC (D-ABAC) model uses group signature techniques to exchange attribute information securely and privately within cross-domains. Each domain maintains its own policies and attribute authorities, reducing the need for global trust or centralization to mutual trust between attribute authorities. We further design and implement a proof-of-concept system to demonstrate the practical feasibility of our proposed system for the collaborative and secure sharing of healthcare data in cross-domain environments. The proposed system model enhances security, scalability, and privacy in cross-domain settings, making it suitable for sensitive environments such as healthcare.

查看原文本刊更多论文

使用分散的基于属性的访问控制保护跨域数据访问

在基于属性的访问控制（ABAC）中，对资源的访问取决于请求访问的实体的特定属性。现有的ABAC模型主要依赖于本地属性机构来定义和确认属性，这使得在不引入集中化的情况下支持跨域访问决策具有挑战性。集中式解决方案通常与各个域的安全、隐私和控制要求相冲突，如果由于任何原因受到损害，可能会影响对参与域的大型数据集的访问。本文提出了一种新的跨域环境访问控制模型，大大减少了中央控制。我们的去中心化ABAC （D-ABAC）模型使用组签名技术在跨域内安全、私密地交换属性信息。每个域维护自己的策略和属性权威，减少了对全局信任或集中到属性权威之间相互信任的需求。我们进一步设计并实现了一个概念验证系统，以证明我们提出的系统在跨域环境中协作和安全共享医疗保健数据的实际可行性。所提出的系统模型增强了跨域设置中的安全性、可伸缩性和隐私性，使其适用于医疗保健等敏感环境。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Ad Hoc Networks 工程技术-电信学

CiteScore

10.20

自引率

4.20%

发文量

131

审稿时长

4.8 months

期刊介绍： The Ad Hoc Networks is an international and archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in ad hoc and sensor networking areas. The Ad Hoc Networks considers original, high quality and unpublished contributions addressing all aspects of ad hoc and sensor networks. Specific areas of interest include, but are not limited to: Mobile and Wireless Ad Hoc Networks Sensor Networks Wireless Local and Personal Area Networks Home Networks Ad Hoc Networks of Autonomous Intelligent Systems Novel Architectures for Ad Hoc and Sensor Networks Self-organizing Network Architectures and Protocols Transport Layer Protocols Routing protocols (unicast, multicast, geocast, etc.) Media Access Control Techniques Error Control Schemes Power-Aware, Low-Power and Energy-Efficient Designs Synchronization and Scheduling Issues Mobility Management Mobility-Tolerant Communication Protocols Location Tracking and Location-based Services Resource and Information Management Security and Fault-Tolerance Issues Hardware and Software Platforms, Systems, and Testbeds Experimental and Prototype Results Quality-of-Service Issues Cross-Layer Interactions Scalability Issues Performance Analysis and Simulation of Protocols.