Sana Said, JalelEddine Hajlaoui, Mohamed Nazih Omri
{"title":"New privacy-respecting access control-based approach for data placement in an Internet of Things environment","authors":"Sana Said, JalelEddine Hajlaoui, Mohamed Nazih Omri","doi":"10.1016/j.jisa.2025.104192","DOIUrl":null,"url":null,"abstract":"<div><div>The future internet landscape is increasingly dependent on social networks and the Internet of Things (IoT), leveraging diverse communication technologies. While early internet usage primarily involved web browsing, multimedia services, and social networking, the rapid proliferation of the IoT has made data confidentiality and security paramount. This paper presents a novel approach that integrates Formal Concept Analysis (FCA) with Role-Based Access Control (RBAC) to strengthen access control and optimize data confidentiality in IoT environments. Our proposed <strong>D</strong>ata <strong>P</strong>lacement in IoT using <strong>P</strong>rivacy-respecting <strong>A</strong>ccess <strong>C</strong>ontrol (DPPAC) framework addresses two critical challenges: minimizing unauthorized access risks and ensuring robust data confidentiality through optimal security component placement. A comprehensive evaluation demonstrates DPPAC’s superiority over traditional RBAC and FCA methods across key metrics, including Authorization Rate (AR), Rejection Rate (RR), Precision, Recall, and <span><math><msub><mrow><mi>F</mi></mrow><mrow><mtext>measure</mtext></mrow></msub></math></span>. Experimental results show that DPPAC achieves significantly higher AR and lower RR compared to traditional approaches, confirming its enhanced security capabilities.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104192"},"PeriodicalIF":3.7000,"publicationDate":"2025-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625002297","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The future internet landscape is increasingly dependent on social networks and the Internet of Things (IoT), leveraging diverse communication technologies. While early internet usage primarily involved web browsing, multimedia services, and social networking, the rapid proliferation of the IoT has made data confidentiality and security paramount. This paper presents a novel approach that integrates Formal Concept Analysis (FCA) with Role-Based Access Control (RBAC) to strengthen access control and optimize data confidentiality in IoT environments. Our proposed Data Placement in IoT using Privacy-respecting Access Control (DPPAC) framework addresses two critical challenges: minimizing unauthorized access risks and ensuring robust data confidentiality through optimal security component placement. A comprehensive evaluation demonstrates DPPAC’s superiority over traditional RBAC and FCA methods across key metrics, including Authorization Rate (AR), Rejection Rate (RR), Precision, Recall, and . Experimental results show that DPPAC achieves significantly higher AR and lower RR compared to traditional approaches, confirming its enhanced security capabilities.
期刊介绍:
Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.