Muhammad Asif Habib

Object based dynamic separation of duty in RBAC

Role Based Access Control (RBAC) offers tight security of information and ease of management to implement. RBAC is a proven and open ended technology that is being attracted by most of the organizations for its capability to reduce security administration in terms of cost and complexity. The focus of this paper is one of the important factors in RBAC, i.e. Dynamic Separation of Duty (DSD) which is implemented to avoid internal security threats. We discuss DSD from a different perspective i.e. object based separation of duty. Different problems and observations have been described regarding DSD with respect to formal definitions of DSD. Those observations and problems influenced us to go for updated definition of DSD. So, we propose a newly updated definition of DSD. Different examples have been given regarding object based DSD with different scenarios. We also described benefits of implementing newly proposed definition of DSD.

Attributed role based access control model

Role based access control (RBAC) is well known due to its high security and ease in management for permissions. But it also has some deficiencies like role structure complexity and having no dynamic behavior. Attribute based access control (ABAC) is a dynamic access control model that provides ease of role structuring. Analyzing roles and permissions after implementing access control model and its management is not easy in ABAC. In this paper, an access control model is developed that accumulates the strengths of RBAC and ABAC and also remove some of the deficiencies of above stated models. The proposed model implements and exploits the attributes of objects, permissions, roles, and users as foundation. Moreover the proposed model employs the role structuring ability of ABAC and tight security behavior of RBAC. We also implemented the proposed model and discussed with respect to a case study.

Role inheritance with object-based DSD

Role-based access control (RBAC) is an evolution in the field of access control. RBAC offers tight security of information and ease of management to implement. The focus of this paper is on some of the important factors in RBAC, i.e., dynamic separation of duty (DSD) which is implemented to avoid internal security threats and role inheritance. We discuss DSD from a different perspective, i.e., object-based dynamic separation of duty. Also, we discuss permission level inheritance from object perspective. Different problems and observations have been described regarding DSD with respect to formal definitions of DSD. Those observations and problems influenced us to go for updated definition of DSD. So, we propose a definition of DSD from different perspective and elaborate the importance of role inheritance. Different examples have been given regarding object-based DSD with different scenarios. We also describe the benefits of implementing the proposed definition of DSD.

Permission based implementation of Dynamic Separation of Duty (DSD) in Role based Access Control (RBAC)

Role based Access Control (RBAC) is known as an evolution in the field of access control. The strength of RBAC is considered due to the incorporation of concept of roles. Separation of Duty (SOD) is a constraint that implements least privilege principle in RBAC. Dynamic Separation of Duty (DSD) is a powerful constraint to control internal security threats. Current RBAC standard implements DSD on the level of roles. This creates various problems. In this paper, various problems in case of implementing DSD on the level of roles are identified. We show and prove that RBACs strength is the incorporation of concept of roles but this is not for better security in terms of authorization. Instead this helps in better administration or usability for users. The RBAC usability can be improved if RBAC administration is being implemented on the basis of roles and access control can be more secure if DSD is being implemented on the basis of conflicting permissions. The concept of normalized roles is also introduced. The proposed model implements access control on the basis of normalized role. DSD is being implemented on the basis of conflicting permissions and non-conflicting permissions are exercised under the umbrella of role. This becomes a hybrid approach for access control. The administrators are given freedom in implementing DSD in various modes according to the organizational requirements from lenient to strict implementation. The proposed model is also formally specified and the benefits as a result of implementing the proposed model are discussed.

CDCSS: cluster-based distributed cooperative spectrum sensing model against primary user emulation (PUE) cyber attacks

In cognitive radio network, the secondary users (SUs) use the spectrum of primary users for communication which arises the security issues. The status of SUs as legitimate users is compulsory for the stability of the system. This paper addresses the issue of delay caused by a band-selection decision process that directly affects the security and performance. The model cluster-based distributed cooperative spectrum sensing is proposed. In this model, cluster heads (CHs) exchange control information with other CHs and ordinary nodes. This model significantly reduced the delay, sensing, convergence, routing, in band-selection process. This also reduces the energy consumption while sensing the spectrum which seriously leads to performance upgradation. The simulated results show the improved performance of cognitive radio networks in terms of delay, packet loss ratio and bandwidth usage as compared to cluster-based cooperative spectrum sensing model. The opportunity for primary user emulation attacker is minimized as the overall delay is reduced.

MDCBIR-MF: multimedia data for content-based image retrieval by using multiple features

Due to recent development in technology, the complexity of multimedia is significantly increased and the retrieval of similar multimedia content is an open research problem. In the service of multimedia service, the requirement of Multimedia Indexing Technology is increasing to retrieve and search for interesting data from huge Internet. Since the traditional retrieval method, which is using textual index, has limitation to handle the multimedia data in current Internet, alternatively, the more efficient representation method is needed. Content-Based Image Retrieval (CBIR) is a process that provides a framework for image search and low-level visual features are commonly used to retrieve the images from the image database. The basic requirement in any image retrieval process is to sort the images with a close similarity in term of visual appearance. The color, shape, and texture are the examples of low-level image features. The feature combination that is also known as feature fusion is applied in CBIR to increase the performance, a single feature is not robust to the transformations that are in the image datasets. This paper represents a new Content-Based Image Retrieval (CBIR) technique to fuse the color and texture features to extract local features as our feature vector. The features are created for each image and stored as a feature vector in the database. The proposed research is divided into three phases that feature extraction, similarities match, and performance evaluation. Color Moments (CM) are used for Color features and extract the Texture features, used Gabor Wavelet and Discrete Wavelet transform. To enhance the power of feature vector representation, Color and Edge Directivity Descriptor (CEDD) is also included in the feature vector. We selected this combination, as these features are reported intuitive, compact and robust for image representation. We evaluated the performance of our proposed research by using the Corel, Corel-1500, and Ground Truth (GT) images dataset. The average precision and recall measures are used to evaluate the performance of the proposed research. The proposed approach is efficient in term of feature extraction and the efficiency and effectiveness of the proposed research outperform the existing research in term of average precision and recall values.

A generic methodology for geo-related data semantic annotation

Geo‐related data, also known as spatial data, is represented using a vector used for representing longitude, elevation, and latitude. Specially built systems, well known as Geographical Information Systems (GIS), made use of such data for querying, manipulating, navigation, and analyzing. In the current era of data, science needs to involve smart interactive investigation involving Internet of Data (IoD) on predicting upcoming changes and spatial updates on the map is growing rapidly. To resolve issues concerning real‐time spatial data, transformation using semantic annotation can provide a better way to translate spatial relationships. These spatial relationships will support spatial analysis by linking different cause and effect with the help of reasoning mechanism. This researchs major focus is on a data transformation methodology for geo‐related semantic annotation. Spatial dataset gets stored in a database and then transformed into Extensible Markup Language (XML) and Resource Description Framework (RDF). Even for bi‐directional transformation to work properly, we need to map different schema level transformations. A deep research is conducted to consider available mappings, implementations, and updates to further improving data fusion for having better compatibility. Then, transformed data as results get analyzed and discussed based on the data mapping rules formulated. It is aimed to show the importance of reducing the response time of investigation and offer compatibility between the web and semantically enriched spatial data.

Mutually exclusive permissions in RBAC

Role-based access control (RBAC) always provides tight security of information and ease of management to security policy. There are certain constraints which make the information security tight. Separation of duty (SOD) in terms of mutual exclusion and role inheritance (RI) are some of those constraints which provide security of information and make the management of security policy easier. On one side after implementing separation of duty, we may able to get tight security but on the other side it can create complexity for the security administrator and the end users who use the system. Implementing mutual exclusion on the basis of roles reduces the authority of the RBAC user for which the user is authorised. In this paper, we describe the complexities and complications which can be faced after implementing separation of duty in terms of mutually exclusive roles (MER). We also describe the problems which can be faced if either the role inheritance is not implemented or implemented in an incomplete manner. We also propose a model to counter the problems.

Analysis of Factors Affecting Energy Aware Routing in Wireless Sensor Network

Among constituents of communication architecture, routing is the most energy squeezing process. In this survey article, we are targeting an innovative aspect of analysis on routing in wireless sensor network (WSN) that has never been seen in the available literature before. This article can be a guiding light for new researchers to comprehend the WSN technology, energy aware routing, and the factors that affect the energy aware routing in WSN. This insight comprehension then makes the ways easy for them in designing such types of algorithms as well as evaluating the authenticity and extending the existing algorithms of this category, since algebraic and graphical modelling of these factors is also demonstrated. Various available techniques used by existing routing algorithms to handle these factors in making themselves energy aware are also given. Further, they are analyzed along with the suggested improvements for the researchers. At the end, we presented our previously published research work as an example and case study of discussed factors. A rich list of references is also cited for interested readers to explore the related given points.

Loss Based Congestion Control Module for Health Centers Deployed by Using Advanced IoT Based SDN Communication Networks

Many healthcare centers are deploying advanced Internet of Things (IoT) based on Software-Defined Networks (SDNs). Transmission Control Protocol (TCP) was developed to control the data transmission in wide range of networks and provides reliable communication by using many caching and congestion control schemes. TCP is predestined to always increase and decrease its congestion window size to make changes in traffic. Nowadays, about 50% IoT based SDN traffic is controlled by TCP CUBIC, which is the default congestion control scheme in Linux operating system. The aim of this research is to develop a new content-caching based congestion control scheme for advanced IoT enabled SDN networks to achieve better performance in healthcare infrastructure network environments. In this research, Congestion Control Module for Loss Event (CCM-LE) is proposed to enhance the performance of TCP CUBIC in advanced IoT based on SDN. Network Simulator 2 (NS-2) is used to simulate the experiments of CCM-LE and state-of-the-art schemes. Results show that the performance of CCM-LE outperforms by 19% as compared to state-of-the-art schemes.