Visible to the public Biblio

Found 910 results

Filters: Keyword is policy-based governance  [Clear All Filters]
2022-04-19
Abdollahi, Sina, Mohajeri, Javad, Salmasizadeh, Mahmoud.  2021.  Highly Efficient and Revocable CP-ABE with Outsourcing Decryption for IoT. 2021 18th International ISC Conference on Information Security and Cryptology (ISCISC). :81–88.
In IoT scenarios, computational and communication costs on the user side are important problems. In most expressive ABE schemes, there is a linear relationship between the access structure size and the number of heavy pairing operations that are used in the decryption process. This property limits the application of ABE. We propose an expressive CP-ABE with the constant number of pairings in the decryption process. The simulation shows that the proposed scheme is highly efficient in encryption and decryption processes. In addition, we use the outsourcing method in decryption to get better performance on the user side. The main burden of decryption computations is done by the cloud without revealing any information about the plaintext. We introduce a new revocation method. In this method, the users' communication channels aren't used during the revocation process. These features significantly reduce the computational and communication costs on the user side that makes the proposed scheme suitable for applications such as IoT. The proposed scheme is selectively CPA-secure in the standard model.
Thushara, G A, Bhanu, S. Mary Saira.  2021.  A Survey on Secured Data Sharing Using Ciphertext Policy Attribute Based Encryption in Cloud. 2021 8th International Conference on Smart Computing and Communications (ICSCC). :170–177.
Cloud computing facilitates the access of applications and data from any location by using any device with an internet connection. It enables multiple applications and users to access the same data resources. Cloud based information sharing is a technique that allows researchers to communicate and collaborate, that leads to major new developments in the field. It also enables users to access data over the cloud easily and conveniently. Privacy, authenticity and confidentiality are the three main challenges while sharing data in cloud. There are many methods which support secure data sharing in cloud environment such as Attribute Based Encryption(ABE), Role Based Encryption, Hierarchical Based Encryption, and Identity Based Encryption. ABE provides secure access control mechanisms for integrity. It is classified as Key Policy Attribute Based Encryption(KP-ABE) and Ciphertext Policy Attribute Based Encryption(CP-ABE) based on access policy integration. In KPABE, access structure is incorporated with user's private key, and data are encrypted over a defined attributes. Moreover, in CPABE, access structure is embedded with ciphertext. This paper reviews CP-ABE methods that have been developed so far for achieving secured data sharing in cloud environment.
Guo, Rui, Yang, Geng, Shi, Huixian, Zhang, Yinghui, Zheng, Dong.  2021.  O3-R-CP-ABE: An Efficient and Revocable Attribute-Based Encryption Scheme in the Cloud-Assisted IoMT System. IEEE Internet of Things Journal. 8:8949–8963.
With the processes of collecting, analyzing, and transmitting the data in the Internet of Things (IoT), the Internet of Medical Things (IoMT) comprises the medical equipment and applications connected to the healthcare system and offers an entity with real time, remote measurement, and analysis of healthcare data. However, the IoMT ecosystem deals with some great challenges in terms of security, such as privacy leaking, eavesdropping, unauthorized access, delayed detection of life-threatening episodes, and so forth. All these negative effects seriously impede the implementation of the IoMT ecosystem. To overcome these obstacles, this article presents an efficient, outsourced online/offline revocable ciphertext policy attribute-based encryption scheme with the aid of cloud servers and blockchains in the IoMT ecosystem. Our proposal achieves the characteristics of fine-grained access control, fast encryption, outsourced decryption, user revocation, and ciphertext verification. It is noteworthy that based on the chameleon hash function, we construct the private key of the data user with collision resistance, semantically secure, and key-exposure free to achieve revocation. To the best of our knowledge, this is the first protocol for a revocation mechanism by means of the chameleon hash function. Through formal analysis, it is proven to be secure in a selectively replayable chosen-ciphertext attack (RCCA) game. Finally, this scheme is implemented with the Java pairing-based cryptography library, and the simulation results demonstrate that it enables high efficiency and practicality, as well as strong reliability for the IoMT ecosystem.
Conference Name: IEEE Internet of Things Journal
Zhang, Zhaoqian, Zhang, Jianbiao, Yuan, Yilin, Li, Zheng.  2021.  An Expressive Fully Policy-Hidden Ciphertext Policy Attribute-Based Encryption Scheme with Credible Verification Based on Blockchain. IEEE Internet of Things Journal. :1–1.
As the public cloud becomes one of the leading ways in data sharing nowadays, data confidentiality and user privacy are increasingly critical. Partially policy-hidden ciphertext policy attribute-based encryption (CP-ABE) can effectively protect data confidentiality while reducing privacy leakage by hiding part of the access structure. However, it cannot satisfy the need of data sharing in the public cloud with complex users and large amounts of data, both in terms of less expressive access structures and limited granularity of policy hiding. Moreover, the verification of access right to shared data and correctness of decryption are ignored or conducted by an untrusted third party, and the prime-order groups are seldom considered in the expressive policy-hidden schemes. This paper proposes a fully policy-hidden CP-ABE scheme constructed on LSSS access structure and prime-order groups for public cloud data sharing. To help users decrypt, HVE with a ``convert step'' is applied, which is more compatible with CP-ABE. Meanwhile, decentralized credible verification of access right to shared data and correctness of decryption based on blockchain are also provided. We prove the security of our scheme rigorously and compare the scheme with others comprehensively. The results show that our scheme performs better.
Conference Name: IEEE Internet of Things Journal
Wang, Chunbo, Li, Peipei, Zhang, Aowei, Qi, Hui, Cong, Ligang, Xie, Nannan, Di, Xiaoqiang.  2021.  Secure Data Deduplication And Sharing Method Based On UMLE And CP-ABE. 2021 International Conference on Electronic Information Engineering and Computer Science (EIECS). :127–132.
In the era of big data, more and more users store data in the cloud. Massive amounts of data have brought huge storage costs to cloud storage providers, and data deduplication technology has emerged. In order to protect the confidentiality of user data, user data should be encrypted and stored in the cloud. Therefore, deduplication of encrypted data has become a research hotspot. Cloud storage provides users with data sharing services, and the sharing of encrypted data is another research hotspot. The combination of encrypted data deduplication and sharing will inevitably become a future trend. The current better-performing updateable block-level message-locked encryption (UMLE) deduplication scheme does not support data sharing, and the performance of the encrypted data de-duplication scheme that introduces data sharing is not as good as that of UMLE. This paper introduces the ciphertext policy attribute based encryption (CP-ABE) system sharing mechanism on the basis of UMLE, applies the CP-ABE method to encrypt the master key generated by UMLE, to achieve secure and efficient data deduplication and sharing. In this paper, we propose a permission verification method based on bilinear mapping, and according to the definition of the security model proposed in the security analysis phase, we prove this permission verification method, showing that our scheme is secure. The comparison of theoretical analysis and simulation experiment results shows that this scheme has more complete functions and better performance than existing schemes, and the proposed authorization verification method is also secure.
Wang, Xi-Kun, Sun, Xin.  2021.  CP-ABE with Efficient Revocation Based on the KEK Tree in Data Outsourcing System. 2021 40th Chinese Control Conference (CCC). :8610–8615.
CP-ABE (ciphertext-policy attribute-based encryption) is a promising encryption scheme. In this paper, a highly expressive revocable scheme based on the key encryption keys (KEK) tree is proposed. In this method, the cloud server realizes the cancellation of attribute-level users and effectively reduces the computational burden of the data owner and attribute authority. This scheme embeds a unique random value associated with the user in the attribute group keys. The attribute group keys of each user are different, and it is impossible to initiate a collusion attack. Computing outsourcing makes most of the decryption work done by the cloud server, and the data user only need to perform an exponential operation; in terms of security, the security proof is completed under the standard model based on simple assumptions. Under the premise of ensuring security, the scheme in this paper has the functions of revocation and traceability, and the speed of decryption calculation is also improved.
Hwang, Yong-Woon, Lee, Im-Yeong.  2021.  A Study on CP-ABE Based Data Sharing System That Provides Signature-Based Verifiable Outsourcing. 2021 International Conference on Advanced Enterprise Information System (AEIS). :1–5.
Recently, with the development of the cloud environment, users can store their data or share it with other users. However, various security threats can occur in data sharing systems in the cloud environment. To solve this, data sharing systems and access control methods using the CP-ABE method are being studied, but the following problems may occur. First, in an outsourcing server that supports computation, it is not possible to prove that the computed result is a properly computed result when performing the partial decryption process of the ciphertext. Therefore, the user needs to verify the message obtained by performing the decryption process, and verify that the data is uploaded by the data owner through verification. As another problem, because the data owner encrypts data with attribute-based encryption, the number of attributes included in the access structure increases. This increases the size of the ciphertext, which can waste space in cloud storage. Therefore, a ciphertext of a constant size must be output regardless of the number of attributes when generating the ciphertext. In this paper, we proposes a CP-ABE based data sharing system that provides signature-based verifiable outsourcing. It aims at a system that allows multiple users to share data safely and efficiently in a cloud environment by satisfying verifiable outsourcing and constant-sized ciphertext output among various security requirements required by CP-ABE.
Mosteiro-Sanchez, Aintzane, Barcelo, Marc, Astorga, Jasone, Urbieta, Aitor.  2021.  Multi-Layered CP-ABE Scheme for Flexible Policy Update in Industry 4.0. 2021 10th Mediterranean Conference on Embedded Computing (MECO). :1–4.
Industry 4.0 connectivity requires ensuring end-to-end (E2E) security for industrial data. This requirement is critical when retrieving data from the OT network. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) guarantees E2E security by encrypting data according to a policy and generating user keys according to attributes. To use this encryption scheme in manufacturing environments, policies must be updatable. This paper proposes a Multi-Layered Policy Key Encapsulation Method for CP-ABE that allows flexible policy update and revocation without modifying the original CP-ABE scheme.
Lee, Taerim, Moon, Ho-Se, Jang, Juwook.  2021.  Data Encryption Method Using CP-ABE with Symmetric Key Algorithm in Blockchain Network. 2021 International Conference on Information and Communication Technology Convergence (ICTC). :1371–1373.
This paper proposes a method of encrypting data stored in the blockchain network by applying ciphertext-policy attribute-based encryption (CP-ABE) and symmetric key algorithm. This method protects the confidentiality and privacy of data that is not protected in blockchain networks, and stores data in a more efficient way than before. The proposed model has the same characteristics of CP-ABE and has a faster processing speed than when only CP-ABE is used.
Sethia, Divyashikha, Sahu, Raj, Yadav, Sandeep, Kumar, Ram.  2021.  Attribute Revocation in ECC-Based CP-ABE Scheme for Lightweight Resource-Constrained Devices. 2021 International Conference on Communication, Control and Information Sciences (ICCISc). 1:1–6.
Ciphertext Policy Attribute-Based Encryption (CPABE) has gained popularity in the research area among the many proposed security models for providing fine-grained access control of data. Lightweight ECC-based CP-ABE schemes can provide feasible selective sharing from resource-constrained devices. However, the existing schemes lack support for a complete revocation mechanism at the user and attribute levels. We propose a novel scheme called Ecc Proxy based Scalable Attribute Revocation (EPSAR-CP-ABE) scheme. It extends an existing ECC-based CP-ABE scheme for lightweight IoT and smart-card devices to implement scalable attribute revocation. The scheme does not require re-distribution of secret keys and re-encryption of ciphertext. It uses a proxy server to furnish a proxy component for decryption. The dependency of the proposed scheme is minimal on the proxy server compared to the other related schemes. The storage and computational overhead due to the attribute revocation feature are negligible. Hence, the proposed EPSAR-CP-ABE scheme can be deployed practically for resource-constrained devices.
2022-04-18
Disawal, Shekhar, Suman, Ugrasen.  2021.  An Analysis and Classification of Vulnerabilities in Web-Based Application Development. 2021 8th International Conference on Computing for Sustainable Global Development (INDIACom). :782–785.
Nowadays, web vulnerability is a critical issue in web applications. Web developers develop web applications, but sometimes they are not very well-versed with security concerns, thereby creating loopholes for the vulnerabilities. If a web application is developed without considering security, it is harmful for the client and the company. Different types of vulnerabilities encounter during the web application development process. Therefore, vulnerability identification is a crucial and critical task from a web application development perspective. It is vigorous to secure them from the earliest development life cycle process. In this paper, we have analyzed and classified vulnerabilities related to web application security during the development phases. Here, the concern is to identify a weakness, countermeasure, confidentiality impact, access complexity, and severity level, which affect the web application security.
Kang, Ji, Sun, Yi, Xie, Hui, Zhu, Xixi, Ding, Zhaoyun.  2021.  Analysis System for Security Situation in Cyberspace Based on Knowledge Graph. 2021 7th International Conference on Big Data and Information Analytics (BigDIA). :385–392.
With the booming of Internet technology, the continuous emergence of new technologies and new algorithms greatly expands the application boundaries of cyberspace. While enjoying the convenience brought by informatization, the society is also facing increasingly severe threats to the security of cyberspace. In cyber security defense, cyberspace operators rely on the discovered vulnerabilities, attack patterns, TTPs, and other knowledge to observe, analyze and determine the current threats to the network and security situation in cyberspace, and then make corresponding decisions. However, most of such open-source knowledge is distributed in different data sources in the form of text or web pages, which is not conducive to the understanding, query and correlation analysis of cyberspace operators. In this paper, a knowledge graph for cyber security is constructed to solve this problem. At first, in the process of obtaining security data from multi-source heterogeneous cyberspaces, we adopt efficient crawler to crawl the required data, paving the way for knowledge graph building. In order to establish the ontology required by the knowledge graph, we abstract the overall framework of security data sources in cyberspace, and depict in detail the correlations among various data sources. Then, based on the \$$\backslash$mathbfOWL +$\backslash$mathbfSWRL\$ language, we construct the cyber security knowledge graph. On this basis, we design an analysis system for situation in cyberspace based on knowledge graph and the Snort intrusion detection system (IDS), and study the rules in Snort. The system integrates and links various public resources from the Internet, including key information such as general platforms, vulnerabilities, weaknesses, attack patterns, tactics, techniques, etc. in real cyberspace, enabling the provision of comprehensive, systematic and rich cyber security knowledge to security researchers and professionals, with the expectation to provide a useful reference for cyber security defense.
Ahmed-Zaid, Said, Loo, Sin Ming, Valdepena-Delgado, Andres, Beam, Theron.  2021.  Cyber-Physical Security Assessment and Resilience of a Microgrid Testbed. 2021 Resilience Week (RWS). :1–3.
In order to identify potential weakness in communication and data in transit, a microgrid testbed is being developed at Boise State University. This testbed will be used to verify microgrid models and communication methods in an effort to increase the resiliency of these systems to cyber-attacks. If vulnerabilities are found in these communication methods, then risk mitigation techniques will be developed to address them.
Paul, Rajshakhar, Turzo, Asif Kamal, Bosu, Amiangshu.  2021.  Why Security Defects Go Unnoticed During Code Reviews? A Case-Control Study of the Chromium OS Project 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE). :1373–1385.
Peer code review has been found to be effective in identifying security vulnerabilities. However, despite practicing mandatory code reviews, many Open Source Software (OSS) projects still encounter a large number of post-release security vulnerabilities, as some security defects escape those. Therefore, a project manager may wonder if there was any weakness or inconsistency during a code review that missed a security vulnerability. Answers to this question may help a manager pinpointing areas of concern and taking measures to improve the effectiveness of his/her project's code reviews in identifying security defects. Therefore, this study aims to identify the factors that differentiate code reviews that successfully identified security defects from those that missed such defects. With this goal, we conduct a case-control study of Chromium OS project. Using multi-stage semi-automated approaches, we build a dataset of 516 code reviews that successfully identified security defects and 374 code reviews where security defects escaped. The results of our empirical study suggest that the are significant differences between the categories of security defects that are identified and that are missed during code reviews. A logistic regression model fitted on our dataset achieved an AUC score of 0.91 and has identified nine code review attributes that influence identifications of security defects. While time to complete a review, the number of mutual reviews between two developers, and if the review is for a bug fix have positive impacts on vulnerability identification, opposite effects are observed from the number of directories under review, the number of total reviews by a developer, and the total number of prior commits for the file under review.
Aivatoglou, Georgios, Anastasiadis, Mike, Spanos, Georgios, Voulgaridis, Antonis, Votis, Konstantinos, Tzovaras, Dimitrios.  2021.  A Tree-Based Machine Learning Methodology to Automatically Classify Software Vulnerabilities. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :312–317.
Software vulnerabilities have become a major problem for the security analysts, since the number of new vulnerabilities is constantly growing. Thus, there was a need for a categorization system, in order to group and handle these vulnerabilities in a more efficient way. Hence, the MITRE corporation introduced the Common Weakness Enumeration that is a list of the most common software and hardware vulnerabilities. However, the manual task of understanding and analyzing new vulnerabilities by security experts, is a very slow and exhausting process. For this reason, a new automated classification methodology is introduced in this paper, based on the vulnerability textual descriptions from National Vulnerability Database. The proposed methodology, combines textual analysis and tree-based machine learning techniques in order to classify vulnerabilities automatically. The results of the experiments showed that the proposed methodology performed pretty well achieving an overall accuracy close to 80%.
Yuan, Liu, Bai, Yude, Xing, Zhenchang, Chen, Sen, Li, Xiaohong, Deng, Zhidong.  2021.  Predicting Entity Relations across Different Security Databases by Using Graph Attention Network. 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC). :834–843.
Security databases such as Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Attack Pattern Enumeration and Classification (CAPEC) maintain diverse high-quality security concepts, which are treated as security entities. Meanwhile, security entities are documented with many potential relation types that profit for security analysis and comprehension across these three popular databases. To support reasoning security entity relationships, translation-based knowledge graph representation learning treats each triple independently for the entity prediction. However, it neglects the important semantic information about the neighbor entities around the triples. To address it, we propose a text-enhanced graph attention network model (text-enhanced GAT). This model highlights the importance of the knowledge in the 2-hop neighbors surrounding a triple, under the observation of the diversity of each entity. Thus, we can capture more structural and textual information from the knowledge graph about the security databases. Extensive experiments are designed to evaluate the effectiveness of our proposed model on the prediction of security entity relationships. Moreover, the experimental results outperform the state-of-the-art by Mean Reciprocal Rank (MRR) 0.132 for detecting the missing relationships.
Zhang, Junpeng, Li, Mengqian, Zeng, Shuiguang, Xie, Bin, Zhao, Dongmei.  2021.  A Survey on Security and Privacy Threats to Federated Learning. 2021 International Conference on Networking and Network Applications (NaNA). :319–326.
Federated learning (FL) has nourished a promising scheme to solve the data silo, which enables multiple clients to construct a joint model without centralizing data. The critical concerns for flourishing FL applications are that build a security and privacy-preserving learning environment. It is thus highly necessary to comprehensively identify and classify potential threats to utilize FL under security guarantees. This paper starts from the perspective of launched attacks with different computing participants to construct the unique threats classification, highlighting the significant attacks, e.g., poisoning attacks, inference attacks, and generative adversarial networks (GAN) attacks. Our study shows that existing FL protocols do not always provide sufficient security, containing various attacks from both clients and servers. GAN attacks lead to larger significant threats among the kinds of threats given the invisible of the attack process. Moreover, we summarize a detailed review of several defense mechanisms and approaches to resist privacy risks and security breaches. Then advantages and weaknesses are generalized, respectively. Finally, we conclude the paper to prospect the challenges and some potential research directions.
Helmiawan, Muhammad Agreindra, Julian, Eggi, Cahyan, Yavan, Saeppani, Asep.  2021.  Experimental Evaluation of Security Monitoring and Notification on Network Intrusion Detection System for Server Security. 2021 9th International Conference on Cyber and IT Service Management (CITSM). :1–6.
Security of data and information in servers connected to networks that provide services to user computers, is the most important thing to maintain data privacy and security in network security management mechanisms. Weaknesses in the server security system can be exploited by intruders to disrupt the security of the server. One way to maintain server security is to implement an intrusion detection system using the Intrusion Detection System. This research is experimenting to create a security system prototype, monitoring, and evaluating server security systems using Snort and alert notifications that can improve security monitoring for server security. The system can detect intrusion attacks and provide warning messages and attack information through the Intrusion Detection System monitoring system. The results show that snort and alert notifications on the security server can work well, efficiently, and can be handled quickly. Testing attacks with Secure Shell Protocol and File Transfer Protocol Brute Force, Ping of Death and scanning port attacks requires a detection time of no more than one second, and all detection test results are detected and send real-time notification alerts to the Administrator.
Shi, Pinyi, Song, Yongwook, Fei, Zongming, Griffioen, James.  2021.  Checking Network Security Policy Violations via Natural Language Questions. 2021 International Conference on Computer Communications and Networks (ICCCN). :1–9.
Network security policies provide high-level directives regarding acceptable and unacceptable use of the network. Organizations specify these high-level directives in policy documents written using human-readable natural language. The challenge is to convert these natural language policies to the network configurations/specifications needed to enforce the policy. Network administrators, who are responsible for enforcing the policies, typically translate the policies manually, which is a challenging and error-prone process. As a result, network operators (as well as the policy authors) often want to verify that network policies are being correctly enforced. In this paper, we propose Network Policy Conversation Engine (NPCE), a system designed to help network operators (or policy writers) interact with the network using natural language (similar to the language used in the network policy statements themselves) to understand whether policies are being correctly enforced. The system leverages emerging big data collection and analysis techniques to record flow and packet level activity throughout the network that can be used to answer users policy questions. The system also takes advantage of recent advances in Natural Language Processing (NLP) to translate natural language policy questions into the corresponding network queries. To evaluate our system, we demonstrate a wide range of policy questions – inspired by actual networks policies posted on university websites – that can be asked of the system to determine if a policy violation has occurred.
Miller, Lo\"ıc, Mérindol, Pascal, Gallais, Antoine, Pelsser, Cristel.  2021.  Verification of Cloud Security Policies. 2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR). :1–5.
Companies like Netflix increasingly use the cloud to deploy their business processes. Those processes often involve partnerships with other companies, and can be modeled as workflows where the owner of the data at risk interacts with contractors to realize a sequence of tasks on the data to be secured.In practice, access control is an essential building block to deploy these secured workflows. This component is generally managed by administrators using high-level policies meant to represent the requirements and restrictions put on the workflow. Handling access control with a high-level scheme comes with the benefit of separating the problem of specification, i.e. defining the desired behavior of the system, from the problem of implementation, i.e. enforcing this desired behavior. However, translating such high-level policies into a deployed implementation can be error-prone.Even though semi-automatic and automatic tools have been proposed to assist this translation, policy verification remains highly challenging in practice. In this paper, our aim is to define and propose structures assisting the checking and correction of potential errors introduced on the ground due to a faulty translation or corrupted deployments. In particular, we investigate structures with formal foundations able to naturally model policies. Metagraphs, a generalized graph theoretic structure, fulfill those requirements: their usage enables to compare high-level policies to their implementation. In practice, we consider Rego, a language used by companies like Netflix and Plex for their release process, as a valuable representative of most common policy languages. We propose a suite of tools transforming and checking policies as metagraphs, and use them in a global framework to show how policy verification can be achieved with such structures. Finally, we evaluate the performance of our verification method.
Bonatti, Piero A., Sauro, Luigi, Langens, Jonathan.  2021.  Representing Consent and Policies for Compliance. 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :283–291.
Being compliant with the GDPR (and data protection regulations in general) is a difficult task, that calls for manifold, computer-based automated support. In this context, several use cases related to the management and the enforcement of privacy policies and consent call for a machine-understandable policy language, equipped with reliable algorithms for compliance checking and explanations. In this paper, we outline a set of requirements for such languages and algorithms, and address such requirements with a framework based on a profile of OWL2 and a set of policy serializations based on popular formats such as ODRL and JSON. Such ``external'' policy syntax is translated into the ``internal'' OWL2 syntax, thereby enabling semantic compliance checking and explanations using specialized OWL2 reasoners. We provide a precise definition of both the OWL2 profile and the external policy language based on JSON.
Vijayalakshmi, K., Jayalakshmi, V..  2021.  Identifying Considerable Anomalies and Conflicts in ABAC Security Policies. 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS). :1273–1280.
Nowadays security of shared resources and big data is an important and critical issue. With the growth of information technology and social networks, data and resources are shared in the distributed environment such as cloud and fog computing. Various access control models protect the shared resources from unauthorized users or malicious intruders. Despite the attribute-based access control model that meets the complex security requirement of todays' new computing technologies, considerable anomalies and conflicts in ABAC policies affect the efficiency of the security system. One important and toughest task is policy validation thus to detect and eliminate anomalies and conflicts in policies. Though the previous researches identified anomalies, failed to detect and analyze all considerable anomalies that results vulnerable to hacks and attacks. The primary objective of this paper is to study and analyze the possible anomalies and conflicts in ABAC security policies. We have discussed and analyzed considerable conflicts in policies based on previous researches. This paper can provide a detailed review of anomalies and conflicts in security policies.
Toyeer-E-Ferdoush, Ghosh, Bikarna Kumar, Taher, Kazi Abu.  2021.  Security Policy Based Network Infrastructure for Effective Digital Service. 2021 International Conference on Information and Communication Technology for Sustainable Development (ICICT4SD). :136–140.
In this research a secured framework is developed to support effective digital service delivery for government to stakeholders. It is developed to provide secured network to the remote area of Bangladesh. The proposed framework has been tested through the rough simulation of the network infrastructure. Each and every part of the digital service network has been analyzed in the basis of security purpose. Through the simulation the security issues are identified and proposed a security policy framework for effective service. Basing on the findings the issues are included and the framework has designed as the solution of security issues. A complete security policy framework has prepared on the basis of the network topology. As the output the stakeholders will get a better and effective data service. This model is better than the other expected network infrastructure. Till now in Bangladesh none of the network infrastructure are security policy based. This is needed to provide the secured network to remote area from government.
Chin, Won Yoon, Chua, Hui Na.  2021.  Using the Theory of Interpersonal Behavior to Predict Information Security Policy Compliance. 2021 Eighth International Conference on eDemocracy eGovernment (ICEDEG). :80–87.
Employees' compliance with information security policies (ISP) which may minimize the information security threats has always been a major concern for organizations. Numerous research and theoretical models had been investigated in the related field of study to identify factors that influence ISP compliance behavior. The study presented in this paper is the first to apply the Theory of Interpersonal Behavior (TIB) for predicting ISP compliance, despite a few studies suggested its strong explanatory power. Taking on the prior results of the literature review, we adopt the TIB and aim to further the theoretical advancement in this field of study. Besides, previous studies had only focused on individuals as well as organizations in which the role of government, from the aspect of its effectiveness in enforcing data protection regulation, so far has not been tested on its influence on individuals' intention to comply with ISP. Hence, we propose an exploratory study to integrate government effectiveness with TIB to explain ISP compliance in a Malaysian context. Our results show a significant influence of government effectiveness in ISP compliance, and the TIB is a promising model as well as posing strong explanatory power in predicting ISP compliance.
Birrane, Edward J., Heiner, Sarah E..  2021.  Towards an Interoperable Security Policy for Space-Based Internetworks. 2021 IEEE Space Computing Conference (SCC). :84–94.

Renewed focus on spacecraft networking by government and private industry promises to establish interoperable communications infrastructures and enable distributed computing in multi-nodal systems. Planned near-Earth and cislunar missions by NASA and others evidence the start of building this networking vision. Working with space agencies, academia, and industry, NASA has developed a suite of communications protocols and algorithms collectively referred to as Delay-Tolerant Networking (DTN) to support an interoperable space network. Included in the DTN protocol suite is a security protocol - the Bundle Protocol Security Protocol - which provides the kind of delay-tolerant, transport-layer security needed for cislunar and deep-space trusted networking. We present an analysis of the lifecycle of security operations inherent in a space network with a focus on the DTN-enabled space networking paradigm. This analysis defines three security-related roles for spacecraft (Security Sources, verifiers, and acceptors) and associates a series of critical processing events with each of these roles. We then define the set of required and optional actions associated with these security events. Finally, we present a series of best practices associated with policy configurations that are unique to the space-network security problem. Framing space network security policy as a mapping of security actions to security events provides the details necessary for making trusted networks semantically interoperable. Finally, this method is flexible enough to allow for customization even while providing a unifying core set of mandatory security actions.