Forthcoming articles

International Journal of Security and Networks

International Journal of Security and Networks (IJSN)

These articles have been peer-reviewed and accepted for publication but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.

Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.

Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.

Register for our alerting service, which notifies you by email when new issues are published online.

Open AccessArticles marked with this Open Access icon are freely available and openly accessible to all without any restriction except the ones stated in their respective CC licenses.
We also offer which provide timely updates of tables of contents, newly published articles and calls for papers.

International Journal of Security and Networks (23 papers in press)

Regular Issues

  • Characterizing Spatial Dependence on Epidemic Thresholds in Networks   Order a copy of this article
    by Zesheng Chen 
    Abstract: Epidemic processes are an important security research topic for both the Internet and social networks. The epidemic threshold is a fundamental metric used to evaluate epidemic spread in networks. Previous work has shown that the epidemic threshold of a network is $1/lambda_{max}(A)$, i.e., the inverse of the largest eigenvalue of its adjacency matrix. In this work, however, we indicate that such a theoretical threshold ignores spatial dependence among nodes and hence underestimates the actual epidemic threshold. Moreover, inspired by the Markov Random Field, we analytically derive a more accurate epidemic threshold based on a spatial Markov dependence assumption. Our model shows that the epidemic threshold is indeed $1/lambda_{max}(A)(1-rho)$, where $rho$ is the average spatial correlation coefficient between neighboring nodes. We then apply simulations to compare the performance of these two theoretical epidemic thresholds in different networks, including regular graphs, synthesized irregular graphs, and a real topology. We find that our proposed epidemic threshold incorporates a certain spatial dependence and thus achieves greater accuracy in characterizing the actual epidemic threshold in networks.
    Keywords: Epidemic thresholds; susceptible-infected-susceptible (SIS) model; spatial dependence; Markov Random Field; Markov model; mean-field approach.

  • Location big data differential privacy dynamic partition release method   Order a copy of this article
    by Yan Yan, Lianxiu Zhang, Bingqian Wang, Xin Gao 
    Abstract: Aiming at the privacy protection requirements in real-time statistical publishing process of location big data, a dynamic partition method is proposed based on differential privacy mechanism. The temporal redundancy between adjacent data snapshots has been eliminated by sampling and differential processing of dynamic location big data, and the spatial redundancy of location big data has been reduced by adaptive density meshing and uniformity heuristic quadruple partitioning. Differential privacy protection has been realized by adjusting partition structures of the current data set on the spatial structure of previous moment and adding Laplace noise. Experiments carried out on the cloud computing platform and real location big data sets show that the proposed algorithm can meet the dynamic partition release requirements of real-time location big data, and the query precision of single-released location big data is better than other similar methods.
    Keywords: location big data; dynamic partition release; differential privacy; temporal redundancy; spatial redundancy.

  • Data Integrity Attack Detection in Smart Grid: A Deep Learning Approach   Order a copy of this article
    by Sunitha Basodi, Song Tan, WenZhan Song, Yi Pan 
    Abstract: Cybersecurity in smart grids plays a crucial role in determining reliable functioning and availability. Data integrity attacks at the physical layer of smart grids are mainly addressed in this paper. State Vector Estimation(SVE) methods are widely used to detect such attacks, but such methods fail to identify attacks that comply with physical properties of the grid, known as unobservable attacks. In this paper, we formulate a distance measure to be employed as the cost function in deep-learning models using feedforward neural network architectures to classify malicious and secured measurements. Efficiency and performance of these models are compared with existing state-of-the-art detection algorithms and supervised machine learning models. Our analysis shows better performance for deep learning models in detecting centralized data attacks.
    Keywords: smart grids; bad data detection; state vector estimation; deep learning; IEEE test bus systems; matpower; keras with tensorflow.

  • A real-time botnet detection model based on an efficient wrapper feature selection method   Order a copy of this article
    by Akram Farahmand-Nejad, Samira Noferesti 
    Abstract: Botnets are one of the most widespread and serious threats of cybersecurity that have infected millions of computers around the world over the past few years. Previous research has shown that machine learning methods can accurately detect botnet attacks. However, these methods often do not address the problem of real-time botnet detection, which is one of the main challenges in this area and is essential to prevent the damage caused by botnet attacks. This paper aims to present an efficient real-time model for botnet detection. In the proposed method, a subset of the effective features in detecting the bot traffic is initially selected using the World Competitive Contests Algorithm. Then, based on the selected features, a support vector machine model is created offline to detect real-time bot traffic from the normal one. The test results show that the proposed method can detect botnets with 95% accuracy and outperforms other methods.
    Keywords: network security; botnets; real time; machine learning; support vector machine; SVM; feature selection; world competitive contests algorithm; WCC; wrapper methods; botnet attacks.

  • AudioKey: A Usable Device Pairing System Using Audio Signals on Smartwatches   Order a copy of this article
    by Jiacheng Shang, Jie Wu 
    Abstract: Smartwatches are expected to replace smartphones in some applications with better user experience because of a greater range of features and new innovations such as audio recording, activity recognition, and data transmission. In this paper, we develop a system called AudioKey, aiming to pair two smartwatches by generating a unique secret key between them. Compared with existing works, our system does not need extra infrastructure to synchronize devices and trigger the key generation process, and only uses the existing sensors (gyroscope and microphone) that are deployed on most smartwatches. AudioKey triggers the key generation process on two devices at the same time by detecting the handshake between two normal users. A secret key is extracted from both the frequency domain and the time domain of audio signals and used to authenticate each other or encrypt the sensitive data. Evaluation results collected on 9 volunteers in three different scenarios show that our system can achieve a bit generation rate of 13.4 bits/s with the mean key agreement rate of $96.7\\%$ for a 128-bit secret key, while a strong attacker can only achieve a mean key agreement of $10.8\\%$.
    Keywords: Human activity recognition; Secret key generation.

  • Text Similarity Semantic Calculation Based On Deep Reinforcement Learning   Order a copy of this article
    by Guanlin Chen, Xiaolong Shi, Moke Chen, Liang Zhou 
    Abstract: Semantic analysis is a fundamental technology in natural language processing. Semantic similarity calculations are involved in many applications of natural language processing, such as QA system, machine translation, text similarity calculation, text classification, information extraction and even speed recognition, etc. This paper proposes a new framework for computing semantic similarity: Deep Reinforcement Learning For Siamese Attention Structure Model(DRSASM). The model learns word segmentation automatically and word distillation automatically through reinforcement learning. The overall architecture LSTM network to extract semantic features, and then introduces a new Attention mechanism model to enhance semantics. The experiment show that this new model on the SNLI data set and Chinese business data set can improve the accuracy compared to current base line structure models.
    Keywords: Big Data; Machine learning; Deep learning; Natural language processing; Semantic similarity; Semantic computing; Reinforcement learning; Attention model; LSTM model.

  • Optimal Network Defense Strategy Selection Based on Bayesian Game   Order a copy of this article
    by Zengguang Wang, Yu Lu, Xi Li 
    Abstract: Existing passive defense methods cannot effectively guarantee network security; to solve this problem, a novel method is proposed that selects the optimal defense strategy. The network attack-defense process is modeled based on the Bayesian game. The payoff is quantified from the impact value of the attack-defense actions. The optimal defense strategy is selected that takes defense effectiveness as the criterion. The rationality and feasibility of the method are verified through a representative example, and the general rules of network defense are summarized. Compared to the classic strategy selection methods based on game theory, the proposed method can select the optimal strategy in the form of pure strategy by quantifying defense effectiveness, which was proven to perform better.
    Keywords: network security; network attack-defense process; Bayesian game; incomplete information; attack-defense payoffs; Nash equilibrium; strategy selection; defense effectiveness; pure strategy; optimal defense strategy.

  • Designing a Secure Positioning System Using Blockchain Technology   Order a copy of this article
    by Rajrupa Singh, Selvakumar R 
    Abstract: Achieving a secure positioning system is one of the most prominent issues in the field of wireless security. The central task of this paper is introducing a system that is provably secure for sharing the most sensitive data among the users in a peer-to-peer network. In such systems, the geographical position of the users or the nodes in the network plays a vital role in maintaining the security of the entire network especially for defense purpose. Apart from the existing Bounded Storage Models, the system gives a positive result for "Secure Positioning Problem". The designing of the proposed system is based on the network, where the public ledger is maintained by all the nodes independently without any central authority. This zero knowledge protocol proposed in this paper makes the search space size to grow exponentially, which is a major challenge for the intruder to prove their position.
    Keywords: Blockchain; Position-Based Access; Peer-to-Peer Networks; Zero-knowledge Proof; Low Storage Nodes; Authentication and Authorization.

  • Secure Outsourcing of Modular Inverses and Scalar Multiplications on Elliptic Curves   Order a copy of this article
    by Yuan Ping, Xuyang Guo, Baocang Wang, Jingxian Zhou 
    Abstract: In the big data era, we can collect more data than ever before yet to analyze them remains a challenge of pricey analysis to normal users. As the core of the widely-used elliptic curve cryptosystems, modular inverse and point multiplication are worthy of being outsourced as services for their fundamental and pricey computation. However, this raises security concerns, especially on the untrusted cloud. Towards these issues, in this paper, we propose two outsourcing protocols to do these two operations, respectively. For efficiency aspects, in the first protocol, only three modular multiplications required by the client to outsource a modular inverse operation to the cloud. In the second protocol, a point multiplication operation can be carried out just by doing two addition operations on elliptic curves. For security aspects, in both protocols, the input is randomly split into two parts to meet the input privacy and output privacy. The security of both protocols is theoretically proved under a single server and the non-colluding two servers models, respectively. Furthermore, the cheating behaviors of the servers can be detected by probabilities of 100% and 75%, respectively. Besides the proposed two secure outsourcing protocols achieve the highest security goal, namely, perfect privacy (or unconditional security), simulation experiments confirm the significant improvement on efficiency in comparison of the corresponding traditional ones.
    Keywords: Cloud Computing; Secure Outsourcing; Modular Inverse; Point Multiplication; Elliptic Curve; Public Key Cryptography.

  • Fog Computing: Survey on Decoy Information Technology   Order a copy of this article
    by Muhyidean Altarawneh, Wesam Almobaideen 
    Abstract: Fog computing extends the cloud paradigm to the edge of the network, thus covering deficiencies that are in cloud computing infrastructure. Security concerns are reduced, but this does not provide a secured platform, since data could be simply compromised in constrained environments. This survey emphasizes on possible security mechanisms that uses technologies like user behavior profiling and decoy technology to mitigate security threats. It mainly focuses on reviewing papers that have used decoy technology on fields of fog computing and other environments that fall under the same umbrella. After comparing papers, based on the results, classifications were provided in different perspectives such as detecting unauthorized access and decoy technology deployment. These classifications could support in selecting the best practice based on the required function and environment of deployment.
    Keywords: decoy technology; honeypots; security; fog computing; constrained networks.

  • Packing Resistant Solution to Group Malware Binaries   Order a copy of this article
    by Ahmad Azab 
    Abstract: Malware is still identified as a serious threat on the Internet and considered the main tool utilized by cybercriminals to conduct their malicious actions against corporations, government agencies and individuals. Malware authors embed numerous techniques, such as obfuscation and morphing, to avoid detection by anti-virus engines and facing hardened zero-day detection. To address this problem, we propose a solution that groups malware binaries belonging to the same variant, regardless of whether they are packed or not. Our approach deploys similarity measures between the malware binaries of the same variant by applying data mining concepts in conjunction with hashing algorithms. In this paper, we assess Trend Locality Sensitive Hashing (TLSH) and SSDEEP hashing algorithms to group packed and unpacked binaries of the same variants, deploying K-NN learning algorithm. Two Zeus variants are used - Mal_ZBOT and TSPY_ZBOT - to address the effectiveness of the proposed approach. The experimental results reflect our method's effectiveness in grouping binaries of the same variant, its resilience to common obfuscations used by cybercriminals and a poor performance with regard to applying the hashing algorithm without the data mining concept. The best result attained over both packed and unpacked binaries is 0.982 F-Measure.
    Keywords: Malware; Hashing; Datamining; Zeus.

  • Evaluating the behavior of stream learning algorithms for detecting invasion on wireless networks   Order a copy of this article
    by Cláudio Alves, Flávia Bernardini, Leandro Sousa, Edwin Mitaac 
    Abstract: Ensuring protection in computer networks is an increasingly difficult task because of the sheer number and variability of threats currently encountered. Intrusion Detection Systems (IDS) is usually used to improve the security of information in computers networks, including any content that has value to a person or company. IDS monitor computers or networks to identify malicious activity or unauthorized access. An open issue is how much data is necessary for constructing models for predicting invasion in wireless networks, specially considering that are some scenarios that dataset is not promptly available. Our approach should consider constructing classifiers given a dataset and, as the dataset grows, new classifiers are constructed. Other strategy is explore stream learning algorithms that adapt models along the time. In addition to studying the applicability of stream learning algorithms. This work aims to investigate whether in terms of processing time, stream algorithms are more efficient than batch ones.
    Keywords: Stream Learning; Intrusion Detection Systems (IDS); Wireless Networks.

  • Multi-Party Computation Review for Secure Data Processing in IoT-Fog Computing Environment   Order a copy of this article
    by Bhabendu Kumar Mohanta, Debasish Jena, Srichandan Sobhanayak 
    Abstract: In the last decade Internet of Things (IoT) technology becomes useful in almost every application fields. IoT-Cloud based architecture is insufficient to handle the requirement of IoT like latency, bandwidth, and volume of data. Fog computing can address those problems by providing processing and services to end-users at the edge network. In centralized system computation and processing was done in a centralized way. Some of the issues in that centralized system are malicious behavior, node capture, and failure. The solution for this would be if multiple parties do the computation then the decision can be reliable, trustworthy. In this paper, authors first used IoT-Fog-Cloud architecture to explain the need to multi-party computation in IoT applications. Secondly, authors review existing work in term of the basic working principle of multi-party computation and already used applications area. Lastly paper described the solution approach to perform the secure multi-party computation in term of Blockchain Technology.
    Keywords: IoT; Fog Computing; Cloud computing; Multi-Party Computation; Security; Blockchain; Distributed.

  • A Framework for Security Enhancement in Multitenant SDN-based Datacenters   Order a copy of this article
    by Mostafa Ammar, Ayman Abdel-hamid, Mohamed Rizk, Magdy Abdelazim 
    Abstract: Nowadays, there is a rising demand for enterprises to migrate datacenter into public cloud. This transfer has several drivers such as decreasing datacenter operational cost and increasing scalability. Moreover, it motivated cloud providers to construct more multitenant datacenters. On the other hand, cyber attacks against IT infrastructures are becoming sophisticated. Protection against datacenter adversaries requires integration between security middleboxes such as (Intrusion detection system (IDS), firewall (FW)) and network layer. In this paper, a framework is proposed to enhance security for software defined network (SDN) based multitenant datacenters. A novel mechanism is introduced to only forward suspicious traffic for deep packet inspection(DPI) without affecting any other traffic. Attack graphs are used to specify all possible attack scenarios against datacenter network. Framework proof of concept prototype is implemented using a mixed emulation and simulation environment. A typical multitenant data center network topology is used to test and evaluate framework performance. Moreover, different types of traffic (TCP, UDP) and typical middleboxes are used in experiments. Performance evaluation Results show framework feasibility and performance against attacks while not affecting delay sensitive traffic.
    Keywords: SDN; datacenter; multitenancy; security; attack graph; deep packet inspection.

  • A Game Theoretic Approach Based on Intrusion Tolerant Systems   Order a copy of this article
    by Nouhad Sanoussi, Ghizlane Orhanou, Said El Hajji 
    Abstract: Despite the enormous efforts made to guarantee a great level of security in the network, this is still far from being completely solved. Hence, to continue providing proper services in threatening environments there is a need for intrusion tolerance. The purpose of an Intrusion Tolerant System (ITS) is to survive against every intrusion, rather than to prevent them. Unfortunately, these mechanisms of defense require a huge investment andrnan accurate study of the network to effectively secure the infrastructure. The weakness of the traditional network security solutions is that they lack a quantitative decision framework. Game theory approaches proved their efficiency in this issue. Therefore, in this paper, we propose a game theoretic approach to model the attack-defense interaction in taking into account both internal and external attacks and analyze the effect of intrusion tolerant system on the payoff of both the internal and external attacker and the defender.rnA MATLAB simulation is used to illustrate the game model and calculate the frequency of attack strategy and invest in tolerance strategy.
    Keywords: Network security; ITS; Game Theory; Attacker; Bayesian Game.

  • An improved weighted centroid localization algorithm for wireless sensor networks in coal mine underground   Order a copy of this article
    by Haibo Liu, Yujie Dong, Fuzhong Wang 
    Abstract: In view of the practical characteristics of coal mine underground working environment and the low positioning accuracy of existing algorithm, an improved weighted centroid localization algorithm based on received signal strength indicator (RSSI) is proposed. Firstly, the environmental parameters of RSSI ranging are modified by the least square method to eliminate the influence of various interferences on the measured data. The exponential factor and the modified RSSI value are directly calculated to determine the coordinates of the unknown node. The exponential factor is optimized by an improved quantum particle swarm optimization algorithm based on the criterion of minimum root mean square error. The simulation results show that the proposed algorithm can reduce the influence of complex environment factors in the positioning process and has the better positioning accuracy than the traditional method, which meets requirements of personnel location precision in underground long-distance roadway.In view of the practical characteristics of coal mine underground working environment and the low positioning accuracy of existing algorithm, an improved weighted centroid localization algorithm based on received signal strength indicator (RSSI) is proposed. Firstly, the environmental parameters of RSSI ranging are modified by the least square method to eliminate the influence of various interferences on the measured data. The exponential factor and the modified RSSI value are directly calculated to determine the coordinates of the unknown node. The exponential factor is optimized by an improved quantum particle swarm optimization algorithm based on the criterion of minimum root mean square error. The simulation results show that the proposed algorithm can reduce the influence of complex environment factors in the positioning process and has the better positioning accuracy than the traditional method, which meets requirements of personnel location precision in underground long-distance roadway.
    Keywords: wireless sensor networks; localization; least square algorithm; quantum-behaved particle swarm optimization; RSSI.

  • Wireless corrosion monitoring system based on an interdigital capacitive corrosion sensor   Order a copy of this article
    by Along Yu, Jiajia Ji, Hao Cao, Hongbing Sun, Jinqiao Dai 
    Abstract: The corrosion of reinforcing steel bars in concrete is the main factor affecting the durability of reinforced concrete structures. The traditional capacitance method has many limitations in detecting the corrosion of the bars, such as low sensitivity, short lifespan and small test range. Therefore, an interdigital capacitive corrosion sensor is designed based on the capacitive method, and a wireless corrosion monitoring system for reinforcing steel bars in concrete is established based on the ZigBee wireless sensor network technology. The data processing unit, wireless communication unit, data acquisition unit, voltage conversion unit and serial communication unit are designed for terminal nodes and the coordinator node in the system. Moreover, a host computer interface is developed with Microsoft Visual Studio 2010, which can realize real-time display and query of monitoring information. The experimental results show that the system can effectively monitor the corrosion of reinforcing steel bars in concrete, which can provide a reliable basis for timely and effective maintenance.
    Keywords: corrosion; reinforcing steel bars; capacitive method; ZigBee; wireless monitoring system.

  • Malicious Behaviour Identification for Android Based on an RBF Neural Network   Order a copy of this article
    by Tianwei Chen, Yongjun Qiang, Chunming Tang, Zairong Wang, Ping Luo, Lingxi Peng 
    Abstract: Traditional methods for the identification of malicious behaviour on Android cannot cope with the dynamic fluctuation of malicious behaviour characteristics. Therefore, a malicious behaviour identification approach for Android that is inspired by radial basis function neural networks is proposed. This method takes samples of the malicious behaviour on Android, extracts behaviour features, and integrates data, enabling the use of a radial basis function neural network for identification. Second, the characteristics of the radial basis function neural network's local approximation are used to improve the learning speed, which enhances the quality of the output result. Next, the minimum value of the distance is used to calculate the weights of the hidden layer node to the output layer node with the least squares recursive method. The experimental results fully demonstrate that our method improves the accuracy and efficiency of malicious behaviour recognition for Android.
    Keywords: RBF neural network; Android malicious behavior identification; feature sets; local approximation.

  • Bilinear Pairing Oriented User Privacy-Preserving Scheme Towards Secure Bitcoin Transaction   Order a copy of this article
    by Albert Kofi Kwansah Ansah, Daniel Adu-Gyamfi 
    Abstract: Despite the existing advances in research and education in cybersecurity and its applications, the field is still under discovery and new technologies are evolving. In recent years, Bitcoin as a cryptocurrency cyber application that records all financial transactions present on a blockchain where users can reach a secure and robust consensus on transactions emerges as the most popular peer-to-peer electronic payment system. Cryptocurrencies mostly rely on blockchain, as a secure decentralised append-only ledger to exchange digital currencies, and thereby attracting a billion-dollar economy. Bitcoin allows the inputs and outputs of cryptocurrencies to link to Bitcoin public address systems vulnerable to possible linkability and traceability of users identity. This obviously attracts privacy issues such as users information and identity leakage. Several existing techniques are found not satisfactory to fulfil practical and compatible anonymity requirements for users to transact with cryptocurrencies securely. In this paper, we focus on unlinkability and untraceability of users in bitcoin cryptocurrency transactions and present a secure privacy-preserving scheme based on bilinear pairing and other cryptographic primitives to curb users privacy breaches. Our proposed scheme has been theoretically analysed and evaluated. Simulation result indicated the average and total times as converged with appreciable times of 9?s at Type A internal. The overall evaluation has proven the correctness of our proposed scheme using pairing-based cryptography (PBC) Type A, A1 and E pairings internals, and suggesting it as secure and robust to implement for preserving users privacy in a bitcoin transaction.
    Keywords: user privacy-preservation; bitcoin transaction; bilinear pairing; cryptocurrency; blockchain.

  • A Hybrid Approach for Intrusion Detection Based on Machine Learning   Order a copy of this article
    by Rohit Singh, Mala Kalra, Shano Solanki 
    Abstract: With the evolution of Internet, network security has emerged as one of the key areas of research. Network security is to safeguard the privacy, availability and integrity of the system. Identification of intrusion is core component to attain overall network security success. Therefore, Intrusion Detection (ID) is broadly explored by researchers and idea of identification of intrusion has developed into a system, known as Intrusion Detection System (IDS). IDS focuses on investigation of attacks and offers desirable support for defense management along with information about the intrusion. Several intrusion detection approaches are already proposed to mitigate the impact of intrusion. In this paper, these techniques are discussed to highlight the state-of-the-art and a multilevel hybrid approach based on SVM-Na
    Keywords: Intrusion Detection; Intrusion Detection System; Network Security; Malicious traffic; Hybrid Classification; Multilevel Classifiers; Imbalanced Dataset.

  • Verification-Based Data Integrity Mechanism in Smart Grid Network   Order a copy of this article
    by DARI EL YAZID, BENDAHMANE AHMED, ESSAAIDI MOHAMED 
    Abstract: The integration of open communication infrastructures and bidirectional communication between smart meters and utilities in smart grids is very important to support vast amounts of data exchange. It also increases the openness and opportunity of resource sharing across smart grid users, which makes the network vulnerable to several cyber-attacks. These cyber-attacks target smart meters data integrity through several known threats. The most known threats are false data injection (FDI) attacks that manipulate, modify or destroy data by some malicious users. Therefore, these attacks make the smart meters behave maliciously to return false data and to sabotage the system functions. In this paper, we propose a new approach to improve the integrity of data generated by smart meters in a smart grid, namely, Verification-Based Data Integrity Mechanism (VBDIM). The performance of our approach is evaluated through simulation to investigate the effects of collusive smart meters on the correctness of their generated data. The obtained results show that our approach achieves a lower blacklisting error and error-rate, and better performance in terms of overhead and slowdown.
    Keywords: Smart Grid; Smart Meters; Cyber-security; Vulnerability; data-integrity.

  • A Model-based Approach for Multi-level Privacy Policies Derivation for Cloud Services   Order a copy of this article
    by Amal Ghorbel, Mahmoud Ghorbel, Mohamed Jmaiel 
    Abstract: To benefit from the advantages offered by the cloud services, a data owner must move his private data to external servers to be accessed and handled by unknown parties. This brings about several concerns such as lack of user control, data leakage, improper access, and use, unauthorized data storage location and retention, etc. Although extensive research efforts have been carried out to address data privacy issues in the cloud, this still requires many more efforts. Particularly, the privacy policy specification which presents the first step to ensure fine-grained data protection in such an untrusted environment. In this paper, we introduce a model-based approach that couples access, usage and storage policies specification in the context of cloud services. The approach stands on a high-level abstract model and a low-level concrete model to design the policies. Models refinement from top to bottom and automatic derivation of the final policies are introduced. The approach is demonstrated and evaluated through a case study.
    Keywords: Privacy policy specification; Cloud services; PIM; PSM.

  • A Survey on Access Control in IoT: Models, Architectures and Research Opportunities   Order a copy of this article
    by Seham Alnefaie, Suhair Alshehri, Asma Cherif 
    Abstract: The rapid growth of smart devices and sensors industry has revolutionized many fields such as smart cities, healthare, etc. These technological advances are nowaday part of the Internet of Things (IoT) where devices are interconnected to exchange data to improve the delivery of various services. Although IoT is considered a promising paradigm in almost all fields, the security of users\' data is still a significant issue that should be thoroughly addressed. This is mainly required where sensitive information is being used such as in Healthcare or military sectors. Access control is one of the main security mechanisms that should be applied to IoT-based applications in order to limit access to users data to only authorized individuals. However, due to the high mobility and huge number of devices, controlling access is challenging. In particular, using cloud data centers inevitably leads to high delays and network overhead. This research examines the growing literature on access control for IoT with respect to security requirements.
    Keywords: Access Control; Fog Computing; Internet of Things.