New privacy-respecting access control-based approach for data placement in an Internet of Things environment

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-08-12 DOI:10.1016/j.jisa.2025.104192

Sana Said, JalelEddine Hajlaoui, Mohamed Nazih Omri

{"title":"New privacy-respecting access control-based approach for data placement in an Internet of Things environment","authors":"Sana Said, JalelEddine Hajlaoui, Mohamed Nazih Omri","doi":"10.1016/j.jisa.2025.104192","DOIUrl":null,"url":null,"abstract":"<div><div>The future internet landscape is increasingly dependent on social networks and the Internet of Things (IoT), leveraging diverse communication technologies. While early internet usage primarily involved web browsing, multimedia services, and social networking, the rapid proliferation of the IoT has made data confidentiality and security paramount. This paper presents a novel approach that integrates Formal Concept Analysis (FCA) with Role-Based Access Control (RBAC) to strengthen access control and optimize data confidentiality in IoT environments. Our proposed <strong>D</strong>ata <strong>P</strong>lacement in IoT using <strong>P</strong>rivacy-respecting <strong>A</strong>ccess <strong>C</strong>ontrol (DPPAC) framework addresses two critical challenges: minimizing unauthorized access risks and ensuring robust data confidentiality through optimal security component placement. A comprehensive evaluation demonstrates DPPAC’s superiority over traditional RBAC and FCA methods across key metrics, including Authorization Rate (AR), Rejection Rate (RR), Precision, Recall, and <span><math><msub><mrow><mi>F</mi></mrow><mrow><mtext>measure</mtext></mrow></msub></math></span>. Experimental results show that DPPAC achieves significantly higher AR and lower RR compared to traditional approaches, confirming its enhanced security capabilities.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104192"},"PeriodicalIF":3.7000,"publicationDate":"2025-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625002297","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The future internet landscape is increasingly dependent on social networks and the Internet of Things (IoT), leveraging diverse communication technologies. While early internet usage primarily involved web browsing, multimedia services, and social networking, the rapid proliferation of the IoT has made data confidentiality and security paramount. This paper presents a novel approach that integrates Formal Concept Analysis (FCA) with Role-Based Access Control (RBAC) to strengthen access control and optimize data confidentiality in IoT environments. Our proposed Data Placement in IoT using Privacy-respecting Access Control (DPPAC) framework addresses two critical challenges: minimizing unauthorized access risks and ensuring robust data confidentiality through optimal security component placement. A comprehensive evaluation demonstrates DPPAC’s superiority over traditional RBAC and FCA methods across key metrics, including Authorization Rate (AR), Rejection Rate (RR), Precision, Recall, and

F_{measure}

. Experimental results show that DPPAC achieves significantly higher AR and lower RR compared to traditional approaches, confirming its enhanced security capabilities.

查看原文本刊更多论文

物联网环境中基于访问控制的数据放置新方法，尊重隐私

未来的互联网格局越来越依赖于社交网络和物联网（IoT），利用各种通信技术。虽然早期的互联网使用主要涉及网页浏览、多媒体服务和社交网络，但物联网的快速扩散使数据保密性和安全性变得至关重要。本文提出了一种将形式概念分析（FCA）与基于角色的访问控制（RBAC）相结合的新方法，以加强物联网环境中的访问控制并优化数据机密性。我们提出的使用尊重隐私的访问控制（DPPAC）框架的物联网数据放置解决了两个关键挑战：最大限度地减少未经授权的访问风险，并通过最佳的安全组件放置确保强大的数据机密性。综合评估表明，DPPAC在关键指标上优于传统的RBAC和FCA方法，包括授权率（AR）、拒绝率（RR）、精密度（Precision）、召回率（Recall）和Fmeasure。实验结果表明，与传统方法相比，DPPAC实现了更高的AR和更低的RR，验证了其增强的安全能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.