Research ArticleA Feasible Fuzzy-Extended Attribute-Based AccessControl Technique

Yang Xu 1 Wuqiang Gao1 Quanrun Zeng1 Guojun Wang2 Ju Ren1 and Yaoxue Zhang1

1School of Information Science and Engineering Central South University Changsha 410083 China2School of Computer Science and Educational Software Guangzhou University Guangzhou 510006 China

Correspondence should be addressed to Yang Xu xuyangcsucsueducn

Received 29 December 2017 Revised 19 April 2018 Accepted 29 April 2018 Published 5 June 2018

Academic Editor Debasis Giri

Copyright copy 2018 Yang Xu et al This is an open access article distributed under the Creative Commons Attribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Attribute-based access control (ABAC) is amaturing authorization techniquewith outstanding expressiveness and scalability whichshows its overwhelmingly competitive advantage especially in complicated dynamic environments Unfortunately the absenceof a flexible exceptional approval mechanism in ABAC impairs the resource usability and business time efficiency in currentpractice which could limit its growth In this paper we propose a feasible fuzzy-extended ABAC (FBAC) technique to improvethe flexibility in urgent exceptional authorizations and thereby improving the resource usability and business timeliness We usethe fuzzy assessment mechanism to evaluate the policy-matching degrees of the requests that do not comply with policies so thatthe system can make special approval decisions accordingly to achieve unattended exceptional authorizations We also designedan auxiliary credit mechanism accompanied by periodic credit adjustment auditing to regulate expediential authorizations formitigating risks Theoretical analyses and experimental evaluations show that the FBAC approach enhances resource immediacyand usability with controllable risk

1 Introduction

Theburgeoning communication and computing technologiessuch as the 5Gmobile Internet [1] andnetwork computing [2ndash5] have substantially enhanced the availability and usability ofresources to end users Consequently new evolutions includ-ing the popularity of telecommuting [6] and the generalacceptance of ldquobring your own devicerdquo [7] have inadvertentlydriven the emergence of more complex and diverse resourceaccess and usage scenarios However the developments inaccess control technologies have somewhat lagged behindThe typical role-based access control (RBAC) [8] model andolder paradigms such asmandatory access control (MAC) [9]and discretionary access control (DAC) [10] are insufficientto support dynamic distributed and unpredictable accessscenarios because of their inherent limitations in flexibilityscalability adaptability and control granularity More effec-tive solutions that consider additional relevant parameters(eg subject states object states and contextual information)have also been explored among which the attribute-based

access control (ABAC) is themost promising approach for thenew era It has successfully transitioned frompurely academicstudies [11ndash20] to the practical application phase [21ndash24]By enforcing attribute-formed policies on access requeststhis adjustive expressive and highly extensible authorizationmodel has an overwhelmingly competitive advantage espe-cially in dynamic and complicated environments

Unfortunately the ABAC ineluctably encounters practi-cal problems during the use in current dynamic and complexscenarios spawned by the latest communication and comput-ing techniques Due to the rigid policy-based access controlenforcement and the inability to automatically and efficientlyhandle exceptional access requests some urgent requestswhich may not fully comply with the original ABAC policieswould not be authorized in time due to the requirementsof inefficient human involved approval processes whichimpacts the resource availability and thereby affects thebusiness timeliness and even leads to irreversible unfortunateconsequences There is a particular negative example that aworldrsquos top chipmanufacturer once restricted its private cloud

HindawiSecurity and Communication NetworksVolume 2018 Article ID 6476315 11 pageshttpsdoiorg10115520186476315

2 Security and Communication Networks

services only accessible by on-site staffs within the workinghours for security purpose Nevertheless the staffs wereeasily frustrated in policy matching due to not only humanfactors but also technical reasons (The mobile positioningcan be unsteady or outdated due to the functional defects oroptimization reasons Besides the time limit obstructs lots ofworkflows in practice) In absence of a flexible and efficientexceptional request handling mechanism consequently theworking efficiency was severely affected as staffs could notget expected services in time when inefficient administratorinvolvements were often required for handling exceptionalrequests Undoubtedly the problem can be even worse insome time-sensitive cases such as the sudden and urgentneeds for classified information in stock or futures marketsthe remote patient privacy data requirements in emergencysurgeries and the interorganizational confidential informa-tion requests in critical intelligence analyses

Obviously a more flexible and efficient exceptional accessauthorization method is badly needed by the stock ABACparadigm to guarantee the business timeliness especially foremergency situations so as to make the ABACmore feasibleflexible and adaptive for fitting current dynamic distributedunexpectable and complicated situations

In a sense access control can be regarded as risk controlTherefore the concept of risk and the opposite concept oftrust have naturally been introduced as an effective andflexible assistive tool for the authorization decision-makingprocess For instance the risk assessmentmethod has alreadybeen integrated into classical models like RBAC andmultiplelevels of security (MLS) [25 26] By estimating the risk of thecertain request based on the specific involving informationand comparing the risk with some preset acceptance criteriaof risk these risk-oriented enhanced models have achievedflexible and efficient unattended authorizations for urgentrequests which do not comply with the basic access rulesin original models More recently risk and trust evaluationschemes are increasingly viable in access control when takingmore parameters (eg environment states) into accountwhich yields more expressive and flexible solutions [27ndash31]Because of these encouraging attempts we are reasonablyconfident that the ABAC paradigm will benefit from riskevaluation schemes as well especially the more flexible andefficient decision-making ability to deal with exceptionalurgent access requests in dynamic and complex access envi-ronments In this context fuzzy logic [32] as one of the mostrecognizedmath tools for assessment that reasons probabilityfrom vague knowledge is a viable option to determine thesemantic matching degree of access requests and ABACpolicies

Focusing on the situations described above in thisarticle we propose a feasible ABAC-based access controlparadigm named fuzzy-extended ABAC (FBAC) to improvethe flexibility and time efficiency when tackling low-riskexceptional authorizations for the emergency cases We usethe fuzzy assessment mechanism to evaluate the policy-matching degrees of requests failed to meet policies and thenmake authorization decisions according to both the denialthreshold and the credit available to the requesters to achieveunattended temporary authorization for the exceptional

urgent access requests which are initiated by reputable users(reflected by credit values) but slightly violate the predefinedABAC policies Furthermore we designed an auxiliary creditsystem to impose restrictions on special authorizations andperform periodic credit adjustment auditing to reduce thepotential for abuse of expediential approvals In addition wedescribe a detailed case study to help readers understandthe FBAC better and finally demonstrate our improvementsfrom the perspectives of usability security and performancetheoretically and experimentally

The major contributions of our work are summarized asfollows

(1) We introduce the matching-degree-based fuzzy eval-uation method into the original ABAC paradigm whichenables more efficient and flexible unattended approvalfor exceptional urgent authorization cases to increase theresource usability and thereby the business timeliness

(2) We keep the risk of special authorization abuse undercontrol by not only using the configurable threshold tointercept high-risk requests directly but also by building acredit system combinedwith periodic credit adjustment auditmechanism

(3) We analyzed the FBAC model theoretically for itsusability risk and complexity and then implemented aprototype system to evaluate its effectiveness and efficiency byexperiments to demonstrate our enhancements in usabilityand immediacy as well as the acceptance of security risks

The remainder of this article is organized as follows Weintroduce some articles related to our work in Section 2 InSection 3 we review several basic concepts of fuzzy logicIn Section 4 we propose our fuzzy-extended ABAC (FBAC)paradigm and detail it in the case study Section 5 gives abrief discussion of FBACrsquos usability risk and complexityThen in Section 6 we evaluate our prototype and analyze theexperimental results The last section summarizes this paperand describes possible improvements

2 Related Work

Access control is an indispensable security technology forpreventing sensitive resources from illegal access A variety ofaccess control models have been studied over the years anddifferent ones are designed for addressing discrete challengesfocusing on confidentiality integrity scalability manageabil-ity etc Some typical patterns like DAC [10] MAC [9] andRBAC [8] have emerged Nonetheless these classical modelsabove are not expressive enough to take into account theeffects of other additional factors (eg time of the day or userIP) As a result they are gradually unable to meet the newrequirements of geographical temporal and context-awareinformation systems

Breaking the limitation of the subject-object patternmore revealing access control paradigms are well studied

One inspiring endeavor is bringing in risk factor to strikebalance between system security and usability The conceptof ldquofuzzyrdquo has been introduced to the RBAC for achievingbetter flexibility in handling exceptional requests [25] Thefuzzy RBAC carried out the more relaxed assignments of

Security and Communication Networks 3

user-role and role-permission compared with the originalRBAC model And the assignment degrees were subjectivelyassigned to represent the accompanying uncertainties andrisks of corresponding assignments Then the access controlenforcement was based on the risks of requests reflectedby the overall assignment degrees However this conceptualsolution did not provide a practical and detailed calculationmethod of assignment degrees Cheng et al [26] proposedthe fuzzy MLS a risk self-adjusting access control techniquewhich can quantify the potential risks associated with theexceptional access and thereby optimize the risk-benefittrade-off In this model the risk of the request was quan-titatively assessed according to both the value of the objectand the empirical illegal disclosure probability determinedby the MLS tags (security level etc) of the involving subjectand object and then made the access decision by comparingthe risk with a preset risk scale and asking the user toprovide corresponding risk tokens assigned by the admin-istrator Meanwhile trust mechanism closely connected tothe concept of risk has also been ushered in Dimmocket al expanded the existing access control framework andcombined the trust-based assessment with reasoning to forma dynamic model that can manage risk more intelligently[27] Liu combined the dynamic hierarchical fuzzy systemwith trust evaluation then introduced a fuzzy multiattributetrust access control scheme for cloud manufacturing sys-tem [28] Mahalle et al [29] developed a trust-extendedfuzzy authorization scheme and put forward the conceptof trust rating for identity management Context awarenessis a significant precondition for accurately perceiving andproperly handling risks Feng et al [30] integrated userbehaviors and operating environment to propose a scalabletrust-based and context-aware access control technique forlarge-scale widely distributed networks Taking into accountboth factors of trust and environmental perception Bhatti etal [31] constructed a trust-enhanced environment-sensitiveauthorizationmodel for network traffic based onX-GTRBAC(XML-based generalized temporal RBAC) framework

As cross-organizational multisectoral cooperationsbecome integral parts of current business processes toovercome the drawbacks of the mainstream access controlmodels while unifying their advantages there has beenconsiderable interest in a more general model namelyABAC [11 12] which is considered as ldquonext generationrdquoauthorization model for its dynamic context-aware andfine-grained features defines a multidimensional accesscontrol paradigm where access requests are accepted orrejected based on all kinds of assigned attributes includingsubject attributes (eg age department job title) actionattributes (eg read write append) object attributes (egowner size classification) and contextual attributes (egtime location) and a set of policies ABAC empowersmore precise access control facilitating the generation ofexpressive and flexible policies through the combination of awide range of factors

Determined attempts have been made not only by stan-dards organizations [11] but also by many IT giants suchas IBM and Cisco [21 22] which contributes much to thedevelopment and widespread deployment of ABAC tech-niqueMeanwhile the academic community has also invested

significant effort in this research area [13] Li et al [14] con-ducted in-depth discussions on the inherent logical relationsand system architecture of ABAC Jin [15] has formalizedthe ABAC scheme and achieved the simulation of otherclassical models Sookhak et al [16] carried out an exhaustivesurvey on ABAC techniques befitting cloud and distributedenvironment Based on the authorization requirements ofgrid systems Bo et al [17] developed an efficient multipolicyABAC technique suitable for grid computing based on thethird-party authorization framework

Regardless the benefits of ABAC its rigid policy-enforcement mechanism as well as the guideless policy-configuration process may somehow lead to the reductionof resource usability and then the time efficiency of busi-ness Demchenko and Ngo [18] mitigated this problem byproposing a specific ABAC solution for the cloud tenantswhich enables hierarchical delegations to support the efficientcollaborations among tenants Although this approach con-tributes to yield a more flexible ABAC paradigm it is nota general solution which can only fit for limited scenariosIn a more intrinsic view it reflects the fact that ABAC isthoughtless in how to efficiently deal with exceptional accessrequests

Considering all these challenges and even more complexand urgent application scenarios in our previous conferencepaper [19] we put forward a rough fuzzy ABAC frameworkconceptually aiming to achieve flexible special authorizationsfor exceptional urgent requests with low risks However itdid not consider the effects of benign usersrsquo unintentionalmisoperations and ignored the differences in importanceamong attributes Besides its credit managementmechanismis not reasonable enough while the experimental evaluationand analysis are not included This research is inclinedto make up for the past deficiencies so as to achieve aninnovative approach with the auxiliary exceptional requestshandling functionality for enhancing the resource usabilityand thereby business timeliness in highly dynamic andunexpectable environments

3 Preliminary

This section goes through some necessary concepts of thefuzzy theory [32]

Fuzzy Set Fuzzy set is an extension of sets whose elementshave degrees of membership A fuzzy set can be definedas a pair (119880 120583) in which 119880 is the universe set of elementsand 120583 is the membership function that mapping elements tocorresponding membership degree as follows

119909 isin 119880 997888rarr 120583 (119909) isin [0 1] (1)

Fuzzy Logic The fuzzy logic is one type of multivalue logicwhich is based on fuzzy set theory In fuzzy logic thetruefalse value is replaced with membership values whichare real numbers between 0 and 1 A possible definition ofoperations in fuzzy logic is based on maxmin function [33]inwhich theANDoperatormeans taking theminimumvalueamong membership values while the OR operator meanstaking the maximum

4 Security and Communication Networks

Table 1 The major notations and definitions

Notations Definitions119902119894 the 119894th request119901119895 the 119895th clause in policy set119886119895119896 the 119896th attribute involved in the clause 119901119895119908119895119896 the weight of 119886119895119896 in the 119901119895120585119895119896(119902119894) The fuzzy membership function for calculating the membership degree of the 119902119894 to the constraint range of attribute 119886119895119896]119895(119902119894) The fuzzy membership function for calculating the membership degree of the 119902119894 to the clause 119901119895120583(119902119894) The fuzzy membership function for calculating the membership degree of the 119902119894 to the policies119888119900119904119905(119902119894) The credit cost of special approval for the 119902119894119867 The rejection threshold (a rational number in (0 1))119888119898119886119909 The credit-line (a rational number in (0 1))119888119909 The credit value of the subject 119909 (a rational number in (0 119888119898119886119909))119903 The credit recover ratio (a rational number in (0 1))

4 FBAC

In this section we define several necessary notations at thebeginning Then we introduce the architecture of FBACbriefly and describe its workflow step by step Further wedemonstrate its essential components in detail And finallywe study a detailed case to help readers understand the FBACbetter

For convenience we only adopt granting policies(Although the policies in ABAC can be granting or denyingones they are mutually transformable) in this paper andemploy a refusal precedence principle for the decision-making process ie a granted decision would be madewhen the request meets at least one clause in the policyset

41 FBAC Model The FBAC model wraps the standardABAC as a preliminary screening module and integratesadditional decision support components for improving theresource usability thereby gaining better business timeliness

Notations Throughout this paper we use the notations inTable 1 for simplified description purpose

Architecture and Workflow As seen in Figure 1 the FBAC isbuilt upon the standard ABAC model with additional fuzzyevaluation component and credit component The first com-ponent is developed to support unattended special authoriza-tions while the second is a security remedial measure Theseadditional components are independent to standard ABACwhich contributes to the effortless integration

When a request is reached the FBAC firstly collectsthe states of related attributes of that request including theattributes of subject object context and action (Steps 1-2) After applying the policies if this request is not grantedby the standard ABAC process it will be delivered to ourfuzzy evaluation component for a further decision basedon the membership degree calculation and the rejectionthreshold filter (Step 3) The credit component will check theavailable credits of the requester and denies the request if therequester is unable to afford the credit cost for approving this

Input 119902119894 119888119909Output 119863119890119888119894119904119894119900119899 isin granted denied(1) if match any policy then(2) return granted(3) end if(4) 120583(119902119894) larr max119899119894=1(]119894(119902119894))(5) 119888119900119904119905(119902119894) larr 1 minus 120583(119902119894)(6) if 120583(119902119894) lt 119867 or 119888119909 lt 119888119900119904119905(119902119894) then(7) return denied(8) end if(9) 119888119909 larr (119888119909 minus 119888119900119904119905(119902119894))(10) return granted

Algorithm 1 The FBAC Decision-Making Procedure

exceptional request (Step 4) If the corresponding subject hassufficient credits to pay the credit cost the credit componentwill issue a prompt to ask the requester to confirm the creditconsumption (Step 5) Once confirmed by the requesterthe request will be granted and logged at the expense ofcorresponding credit consumption Note that part of theconsumed credit will be restored after audit if the subject isnot malicious Otherwise this request will be denied (Step6) The final decision is delivered to the enforcement facilitywhich will mediate the corresponding access to the objectaccordingly (Step 7) The major decision-making process isillustrated in Algorithm 1

Apart from the major decision-making process there isan audit process which will router the recorded exceptionalaccess authorizations to administrators for review periodi-cally And then the credit audit system will restore a part ofthe usersrsquo credit according to the auditing results (Step a)

Fuzzy Evaluation Component When a request 119902119894 is rejectedby the standard ABAC module because it can not exactlymatch any policy the FBAC system will turn to fuzzyevaluation component for further judgments This compo-nent will evaluate the matching degree of the 119902119894 to policiesthrough membership degree calculation Specifically for the

Security and Communication Networks 5

Confirmation Process

Subject

SAttributes

Context

CAttributes

Object

OAttributes EnforcementFacility

Result

Audit Mechanism

AcAttributes

Request

Credit

Credit Component

7

264

1

3

a

Unmatched Fuzzy EvaluationComponent

Matched

Decision Making Mechanism

StandardABAC

5

Figure 1 Architecture and workflow of FBAC

119895th clause in the policy set this component will calculate themembership degree of the request 119902119894 to that clause as follows

]119895 (119902119894) = sum119899119896=1 119908119895119896120585119895119896 (119902119894)sum119899119896=1 119908119895119896 (2)

In formula (2) 120585119895119896(119902119894) is the membership subfunctionthat maps 119902119894 to a certain membership degree according tothe matching degree of 119902119894 to the constraint range of the119896th attribute in the 119895th clause The design of 120585119895119896 is closelyrelated to the meaning of the corresponding attribute andpolicy clause and also depends on administrators subjectivelyThere exist several primary guidelines for determining themembership subfunction [34] And the most commonlyrecommended function templates include the trapezoidsubordinate function the trigonometric membership func-tion the step function etc In this paper we select thetrapezoid subordinate function and the step function fordifferent policy clauses respectively (cf Section 42) TheFBAC gives the administrators greater freedom to determinethe attributes which should be fuzzy processed based onpractical administrative needs In general the continuousattributes can be fuzzy processed while the discrete ones(eg users names) should be fully matched for obtainingfinal authorizations Additionally if the discrete attributescan be somehow transformed into continuous ones based onpartial ordered relations they can also be fuzzy processedsimilarly eg converting the discrete and hierarchical jobtitles to continuous level numbers 119908119895119896 is the weight of the

corresponding attribute Introducing weight factor enablesadministrators to adjust the influence of each attribute inthe policies so as to provide more flexible and expressivemanageability

Since there usually exist more than one clause in thepolicy set the holistic matching degree is synthesized withmaximum synthesis rules [33] as shown in the followingformula

120583 (119902119894) = 119899max119895=1

]119895 (119902119894) (3)

After obtaining the matching degree 120583(119902119894) the FBAC willcompare 120583(119902119894) with the rejection threshold 119867 If 120583(119902119894) lt 119867the request 119902119894 will be denied by FBAC Otherwise the creditcomponentwill be invoked for supporting further judgments

Credit Component and Audit Mechanism The fuzzy evalu-ation component provides users with extra access oppor-tunities without manual reviews However in spite of thebenefits in the resource usability and business timelinessthis fuzzy evaluation module poses potential threats suchas abuse issues unintentionally Therefore we build a creditcomponent combined with periodic credit adjustment audit-ing mechanism as the countermeasure to mitigate the risk ofabuse

Our credit component maintains a credit value 119888119909lowast

(119888119909lowast

isin[0 119888119898119886119909] where 119888119898119886119909 isin (0 1) is the preset credit line) foreach subject 119909lowast When the FBAC is initialized every 119888119909

lowast

willbe set as 119888119898119886119909 without discrimination During the use the

6 Security and Communication Networks

credit component will be invoked to provide further decisionsupport for the request 119902119894 if its matching degree 120583(119902119894) exceedsthe rejection threshold 119867 We define 119888119900119904119905(119902119894) = 1 minus 120583(119902119894) asthe special approval cost for the request 119902119894 with the matchingdegree 120583(119902119894) because the 119888119900119904119905(119902119894) can reflect the gap betweenthe states of the 119902119894 and the precise requirements of policiesThus the credit component will compare the credit 119888119909 ofthe requester 119909 with the corresponding special approval cost119888119900119904119905(119902119894) If 119888119909 lt 119888119900119904119905(119902119894) then a denial suggestion will beissued for the 119902119894 as the requester does not have enough creditto afford the cost Otherwise the FBAC will ask the requesterfor confirmation to consume that 119888119900119904119905(119902119894) and enforce therequester to comment reasons for the unusual request Thisadditional prompt scheme is quite useful to avoid usermisuseand is also helpful for future audits Then if the requester 119909replies in the affirmative to that credit consumption promptthe FBAC will grant the request 119902119894 by charging the requestercorresponding fee ie deducting 119888119900119904119905(119902119894) from 119888119909 In factfor individuals the FBAC would degrade to standard ABACwhen they max out their credits

Furthermore for achieving better creditmanagement andthereby controlling credit abuse risks a periodic manualaudit mechanism is also integrated into the FBAC modelDuring an audit the unusual authorization records will bereviewed by the system administrators according to all therelevant information in the system including corresponding

explanatory comments typed by requesters in the confirma-tion process Based on auditing results the audit routine willrestore credits for the users who pass checks successfullywhile disables such recovery for the suspects unless provedinnocent (More tougher punishments can be given whenthe suspect is finally proven guilty) to ensure the creditsystem works well thereby providing enough flexibility withcontrollable abuse risks

Note that the credit recovery strategy depends on theadministrator For instance our approach gives the pro-portional credit back (119903 in 100) of the margin betweenthe credit line 119888119898119886119909 and the current credit value 119888119909 (ie119888119898119886119909 minus 119888119909) after each audit process This is because wehold a conservative opinion that the special approval is acompromise for improving business timeliness which shouldnot be encouraged in routineworkTherefore the formula forcalculating new credit value 1198881015840119909 is as follows

1198881015840119909 = 119903 (119888119898119886119909 minus 119888119909) + 119888119909 where 119903 isin (0 100] (4)

42 Case Study This subsection provides a case study ofFBAC to help people understand how it works in detail

Assuming there exists an FBAC systemwith the threshold119867 = 08 119888119898119886119909 = 03 119903 = 05 and two clauses in the policy setas follows

119901119900119897119894119888119910

(1) IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 000001 2895117119873 plusmn 000001))and (119895119900119887 119905119894119905119897119890 is119898119886119899119886119892119890119903) THEN granted

(2) IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 000001 2895117119873 plusmn 000001))and (119905119894119898119890 isin [8 00 18 00]) and (119895119900119887 119905119894119905119897119890 is 119904119905119886119891119891) THEN granted

(5)

We can see that there are 3 types of attributes involvedin the policy set 119905119894119898119890 is the timestamp of the request119897119900119888119886119905119894119900119899denotes the requesterrsquos location (given in latitude andlongitude) and 119895119900119887 119905119894119905119897119890 denotes the 119904119906119887119895119890119888119905rsquos job positionThen we define the membership functions as follows

120583 (119902119894) = max (]1 (119902119894) ]2 (119902119894))]1 (119902119894) = sum

2119895=1 11990811198951205851119895 (119902119894)sum2119895=1 1199081119895

]2 (119902119894) = sum3119895=1 11990821198951205852119895 (119902119894)sum3119895=1 1199082119895

(6)

In this case we set all the attributes in the same policy tothe same weight as shown below

]1 (119902119894) = sum2119895=1 1205851119895 (119902119894)2

]2 (119902119894) = sum3119895=1 1205852119895 (119902119894)3

(7)

In order to describe 120585119894119895 we firstly predefine a function119889119894119904119905119886119899119888119890(119909 119910) to describe the distance between 119909 and 119910 inmeters Then we give the definitions of 120585119894119895 as follows12058511 (119902119894) = max(1 minus 119889119894119904119905119886119899119888119890 (119897119900119888119886119905119894119900119899 119900119891119891119894119888119890)100 0)

12058512 (119902119894) = 1 119895119900119887 119905119894119905119897119890 is1198981198861198991198861198921198901199030 otherwise

12058521 (119902119894) = 12058511 (119902119894)

12058522 (119902119894) =

2 sdot 119905119894119898119890 minus 16 119905119894119898119890 isin (75 8]1 119905119894119898119890 isin (8 18]37 minus 2 sdot 119905119894119898119890 119905119894119898119890 isin (18 185]0 otherwise

12058523 (119902119894) = 1 119895119900119887 119905119894119905119897119890 is 1199041199051198861198911198910 otherwise

(8)

Security and Communication Networks 7

Then we assume that a subject 119878 initiates a request 1199021 asfollows

1199021 =

119905119894119898119890 = 18 35119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254180119864 2895117119873)

(9)

When request 1199021 is initiated the FBAC attempts to match1199021 with policies but failsThen it turns to the fuzzy evaluationprocess As the credit cost of the 1199021 is 119888119900119904119905(1199021) asymp 1 minus 085 =015 then 015 is going to be consumed from 119888119878 for making 1199021be grantedThe systemwill ask subject 119878 for the consumptionconfirmation in order to make sure whether 119878 is willing toconsume required credits to continue Suppose that 119878 choosesto spend his credits then 1199021 is granted and 119888119878 is decreased to015

Next when 119878 try to initiate another request 1199022 later asfollows

1199022 =

119905119894119898119890 = 23 03119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254187119864 2895117119873) (10)

in the same way we get that 119888119900119904119905(1199022) asymp 019 Since 119888119878 =015 after the request 1199021 119878 can not afford the cost of the 1199022 so1199022 will be rejected directlyIn addition if 119878 passes the audit with his credit value 119888119878 =015 then 119888119878 will be restored to 0225 according to expression

(4)

5 Discussion

In this section we will briefly analyze the effect on usabilityand security of FBAC followed by complexity analyses

Usability and Security To describe the enhancive effect on theoverall resource usability of FBAC we chose the granted ratewhich is defined as the rate of the granted requests to totalrequests per unit time as a reflection of usability

Let 119880 denote the usability and 119877 denote the granted ratethen we get the following expression in which 119877119899119900119903119898119886119897 and119877119904119901119890119888119894119886119897 denote the granted rates of requests matching or notmatching policies respectively while notation ldquoproprdquo denotesthe relationship of positive correlation

119880 prop (119877 = 119877119899119900119903119898119886119897 + 119877119904119901119890119888119894119886119897) (11)

Since FBAC shares the same 119877119899119900119903119898119886119897 with its elder siblingABAC obviously the FBAC obtains extra usability improve-ment Δ119880 which is positively correlated with 119877119904119901119890119888119894119886119897 whencompared with ordinary ABAC namely

Δ119880 prop 119877119904119901119890119888119894119886119897 (12)

Naturally the configurable threshold119867 is closely associ-ated with the usability For any request 119902lowast failed in policiesmatching with overall matching degree 120583(119902lowast) we supposethat 120583(119902lowast) = 119909 obeys a probability density distribution 119891(119909)

while the probability of available credit of requester 119888lowast ge120583(119902lowast) obeys another probability density distribution ℎ(119909)then we can deduce the following relational expression

119877119904119901119890119888119894119886119897 prop int119872119886119909

119867ℎ (119909) 119891 (119909) 119889119909 (13)

Since ℎ(119909) and 119891(119909) are commonsensically positive wefind an inverse correlation between the incremental usabilityΔ119880 and the threshold119867 in expression (13) that is a lower119867leads to more approvals on requests Apparently the FBACwould deteriorate to standard ABAC if119867 tends to the upperbound ie the value 1 in our case

Not surprisingly the usability improvement also comeswith security risks As the FBAC may authorize exceptionalaccess requests which do not fully comply with the currentpolicies in some cases this feature can be abused by indiscreetusers or even be exploited by malicious users for accessingextra resources and thereby bringing additional risks to thesystem Here the deviation between the overall matchingdegree of the exceptional request (ie 120583(119902lowast)) and the closestmatching policy (the standard normalization value ldquo1rdquo) isused as the risk indicator of each exceptional authorization

Correspondingly the FBAC has effective countermea-sures to mitigate the risks induced by the fuzzy assessmentmechanism to the acceptable level Firstly as a general andindiscriminate defense the reject threshold is used to screenout high-risk requests deviating far from current policiesie any request 119902lowast with overall matching degree 120583(119902lowast) lowerthan the threshold 119867 would be declined directly becausethe FBAC is aiming at improving the flexibility and effi-ciency of exceptional authorizations rather than invalids thesecurity policies Thus the security risk of each exceptionalauthorization is limited within the controllable range 1 minus 119867Secondly the credit mechanism is used as the individualizedconstraint against the abuse attacks on the FBAC As for eachrequester each exceptional authorization definitely comeswith corresponding credit cost which is determined by therisk of that request 119902lowast (ie 119888119900119904119905(119902lowast) = 1 minus 120583(119902lowast)) In otherwords a request 119902lowast will be declined if the correspondingrequester 119909lowast does not have enough credit to afford the creditcost 119888119900119904119905(119902lowast) of the exceptional request ie 119888119909

lowast

lt 119888119900119904119905(119902lowast)Therefore the immoderate and even malicious exceptionalaccess behaviors are mitigated due to the limitation ofcredit According to the analysis above then the maximumsecurity risk of one exceptional authorization associated witha requester 119909lowast is further limited within Minimum(1 minus 119867119888119909lowast

) Meanwhile within each audit cycle the total securityrisk which can be caused by the exceptional authorizationsrelated to each single requester 119909lowast is limited below his creditvalue 119888119909

lowast

(the value at the beginning of the audit cycle) Inaddition for each subject 119909lowast the credit consumption has theadditive restrictive effect on future requests because only aportion of the already consumed credits could be restoredaccording to credit recovery mechanism Briefly the morecredits the requester used in one audit cycle the less totalamount he will have in the future which further reducesthe abuse risks of the exceptional authorizations Finallythe FBAC integrates a periodic manual audit mechanism as

8 Security and Communication Networks

Table 2 The parameter configuration

Case 119862119898119886119909 119903 119867 Time weight Location weight1 080 050 080 050 0502 080 050 085 050 0503 080 050 090 050 0504 080 050 080 040 0605 080 050 080 020 080

the post-security mechanism to review all the exceptionalauthorizations As for the suspects their credit restorationswould be suspended until proven innocent As a result theywould lose the privileges to obtain instant approvals for theirexceptional requests as their credits will keep reducing andcan not get replenished Therefore the entire risk which canbe caused by the exceptional authorizations granted for asingle suspect identified during the audits is limited withinthe credit line 119888119898119886119909

Summarily the FBAC broadens the granting bounds toa certain extent for all the requests with the help of fuzzyevaluation mechanism and limits the special approval rateof each individual requester with the help of credit andaudit mechanism thereby achieving better timely usabil-ity than standard ABAC with the controllable sacrifice ofsecurity

Complexity The complexity of access control is related tothe number of concurrent requests policies and attributescontained in each policyThemore the attributes are involvedin a policy the higher the computational complexity of thispolicy will be Generally as the granularity of access controlbecomes finer the complexity of policy increases and the timecost of decision-making process also grows slightly and tendsto flatten out

Assuming there are 119898 policies and 119899 attributes thenumber of requests that occur at the same time in thesystem is 119896 the computational complexity of a basicmatchingprocess is 119874(1) in original ABAC model In the worst caseeach policy and attribute needs a matching calculation andthus the complexity of a single decision is 119874(119898119899) Becausecomplexity is proportional to the number of requests made

simultaneously the total computational complexity of thewhole system is 119874(119896119898119899)

Correspondingly the computational complexity of both abasic matching process and credit evaluation process in ourFBAC model is also 119874(1) that is to say the complexity of asingle decision is still 119874(119898119899) thus the total computationalcomplexity remains at 119874(119896119898119899)

Compared with the standard ABAC model our FBACmodel has two additional processes the credit-based judg-ment and the fuzzy assessment which is a little com-plex than the simple yesno decision And the over-head of both parts can be considered of the same orderof magnitude as the former This explains why bothmodels (ie ABAC and FBAC) have the same com-putational complexity It also shows that the impact ofFBAC in terms of performance is within an acceptablerange

6 Experimental Evaluation

We developed an FBAC prototype to evaluate its availabilitysecurity and performance through several experiments

61 Test Scenarios By modifying the ABAC source codes ofDeter Project [35] we implemented a prototype of FBACand deployed it to 5 virtual servers on a single physicalmachine (64-bit CentOS 7 4vCPUs (i5-7500 34GHz) 16GBRAM 1TB Storage supported by OpenStack (Pike v3120))for experiments

In our FBAC systems we firstly configured the followingpolicy set and set the audit time interval to one weekuniformly

119901119900119897119894119888119910 IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 00001 2895117119873 plusmn 00001))and (119905119894119898119890 isin [8 00 18 00]) THEN granted

(14)

And then we conducted four experiments with respectiveFBAC configuration parameters shown in Table 2 And ineach experiment we simulated 500 users to initiate requeststo FBAC servers These users follows Poisson distributionin time and move around according to Random Way Point(RWP) [36] model to fit the mobile features The simulationsystem will randomly regenerate the destination and themoving speed for each user every 30 minutes Addition-ally we also introduced small noises (plusmn10m) randomly to

usersrsquo location coordinate data for simulating the fluctuationsin the real positioning system These users were set asldquobenignrdquo or ldquomaliciousrdquo separately with several different userbehavioral patterns correspondingly to generate requestingdata Furthermore we set that benign users will aborttheir requests randomly in responding to credit misuseprompts whereas malicious users will not according to theknowledge that benign users are more compliance withrules

Security and Communication Networks 9

0

10

20

30G

rant

ed R

atio

7 14 21 280Time (day)

Figure 2 The average granted ratio of requests

benign usersmalicious users

0

10

20

30

40

Gra

nted

Rat

io

7 14 21 280Time (day)

Figure 3 119877119904119901119890119888119894119886119897 of benign and malicious users

Note that in the fourth and fifth cases we forced all theusers to obey the time restriction to articulate the effect ofattribute weights

The experiments last for four weeks and each audit periodis 5 days long All the access histories are recorded in accesslogs for further analyses

62 Analysis

Usability As the granted ratio of requests which fail to meetpolicies (denoted by 119877119904119901119890119888119894119886119897) reflects the extra improvementon immediate resource usability we count up such averagegranted rate based on the Case 1 as shown in Figure 2We canlearn that the average granting rate of exceptional requests ismaintained in a positive range during the experiment whichillustrates the usability increment of FBAC compared withABAC through the employment of fuzzy evaluation method

Security Again based on Case 1 we evaluated the resistanceof FBAC against security risks Figure 3 shows the granted

Table 3 The time cost of the decision-making process

Model Average time (ms) Best time (ms) Worse time (ms)FBAC 0033 0019 0245ABAC 0017 0002 0081

ratios of both benign and malicious user respectively It isclear that 119877119904119901119890119888119894119886119897 of benign users is limited to a certain upperbound by the threshold particularly below 35 in Case 1while that of malicious users is even far lower throughout thetest duration Furthermore it also illustrates that such ratesof both benign and malicious users are further constrainedby credit mechanism With the consumption and partialrecovery of credits controlled by credit and audit mechanism119877119904119901119890119888119894119886119897 of benign users reveals a hysteretic declined trendwithin each audit cycle and will fluctuate along with auditcycles during the testing period When it comes to malicioususers this ratio is decreasing continuously over audit cyclesand is gradually converging to 0

Such results demonstrate that the threshold providesa general and coarse-grained restriction on requests whilecredit system supplies additive restrictive effect on therequests in each audit cycle In addition the auditmechanismis effective in limiting 119877119904119901119890119888119894119886119897 of users with malicious orabnormal behaviors as their credits will be used up easilyand can hardly be restored because of the audit mechanismTherefore the FBAC is sufficient to defend against abuseattacks

Parameter Effects We have tuned two major regulativeparameters in FBAC to explore their potential influence

(1) Threshold To study the impact of the reject threshold weincreased the threshold119867 by 005 in Case 1 Case 2 and Case3 gradually Unsurprisingly Figure 4 illustrates that 119877119904119901119890119888119894119886119897 inFBAC is closely related to the threshold 119867 ie the higher119867 is the lower the granted rate will be Besides although alow119867may accelerate the credit consumption which in turnaffects the granted rate due to the rejection cases caused bycredit insufficiency this side effect is unable to impact themain trend on a macroscale

(2) Attribute Weight When it comes to the attribute weights Cases 4 and 5 were selected for comparison as theyset the time variable to fixed value by obeying the timerestriction and share the same 119862119898119886119909 and 119867 parametersAs seen in Figure 5 the bigger weight coefficient for thelocation attribute in Case 5 leads to a lower granted rate whencompared with that of Case 4 This shows that the weightmechanism can effectively adjust the overall impact of eachattribute on the decision-making process

PerformanceWe evaluated the time cost of decision-makingprocesses of both FBAC and ABAC to measure the per-formance According to the results in Table 3 althoughFBAC wraps ABAC and adds additional mechanisms formaking authorization decisions it only incurs quite light and

10 Security and Communication Networks

0

10

20

30

7 14 21 280Time (day)

(a) 119867 = 080

0

10

20

30

7 14 21 280Time (day)

(b) 119867 = 085

0

10

20

30

7 14 21 280Time (day)

(c) 119867 = 090

Figure 4 119877119904119901119890119888119894119886119897 under different thresholds

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(a) 119908119905 = 04 119908119897 = 06

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(b) 119908119905 = 02 119908119897 = 08

Figure 5 119877119904119901119890119888119894119886119897 under different attribute weights

acceptable overhead in average compared with ABAC whichis almost imperceptible to requesters

7 Conclusion

In this paper a feasible FBAC technique is proposed thatimproves upon the standard ABAC paradigmwith good flex-ibility and time efficiency in dealing with exceptional urgentrequests which do not comfort to policies in the dynamic andunpredictable environment Beyond ABAC we use a fuzzyevaluation method to do unattended special authorizationsfor exceptional requests that failed in policy matching Wealso use credit and corresponding audit mechanisms to limitthe abuse risk of special approvals A tangible example is givento explain the working details which indicates the suitabilityof FBAC in mobile and dynamic scenarios In additionthe theoretical analyses and experimental evaluations showthat the FBAC paradigm reinforces the system in favor oftime efficiency and usability with the controllable expense ofsecurity

In future work we would like to further refine theauthorization decision-making scheme with the support ofthe latest deep learning techniques (eg neural network)to discover benign and riskful access patterns based onthe access behavior mining for helping the FBAC betterdistinguish between benign and malicious requests thereby

enabling more intelligent and accurate handling for excep-tional access cases Moreover we also believe that deployingthe FBAC system in Chinarsquos current Xiangyamedical big datasystemwould havemore practical and exploratorymeanings

Disclosure

This work was presented in part at the SpaCCS 2017Guangzhou China 12ndash15 December 2017

Conflicts of Interest

The authors declare that there are no conflicts of interest

Acknowledgments

This work was supported in part by the National NaturalScience Foundation of China under Grants 61702562 and61472451 the Mobile Health Ministry of Education-ChinaMobile Joint Laboratory the Hunan Provincial Innova-tion Foundation for Postgraduate under Grant CX2015B047the China Scholarship Council Foundation under Grant201506370106 the Guangdong Provincial Natural ScienceFoundation under Grant 2017A030308006 and the JointResearch Project between Tencent andCentral SouthUniver-sity

Security and Communication Networks 11

References

[1] G Fettweis and S Alamouti ldquo5G personal mobile internetbeyond what cellular did to telephonyrdquo IEEE CommunicationsMagazine vol 52 no 2 pp 140ndash145 2014

[2] Y Zhang K Guo J Ren J Wang and J Chen ldquoTransparentcomputing A promising network computing paradigmrdquo Com-puting in Science Engineering vol 19 no 1 p 20 2017

[3] Y Zhang J Ren J Liu C Xu H Guo and Y Liu ldquoA surveyon emerging computing paradigms for big datardquo Journal ofElectronics vol 26 no 1 pp 1ndash12 2017

[4] J He Y Zhang J Lu M Wu and F Huang ldquoBlock-Stream as aService A More Secure Nimble and Dynamically BalancedCloud Service Model for Ambient Computingrdquo IEEE Networkvol 32 no 1 pp 126ndash132 2018

[5] T Peng Q Liu and G Wang ldquoA multilevel access controlscheme for data security in transparent computingrdquo Computingin Science amp Engineering vol 19 no 1 Article ID 7802524 pp46ndash53 2017

[6] I Hardill and A Green ldquoRemote working - Altering the spatialcontours of work and home in the new economyrdquoNew Technol-ogy Work and Employment vol 18 no 3 pp 212ndash222 2003

[7] AM French C Guo and J P Shim ldquoCurrent status issues andfuture of bring your own device (BYOD)rdquo CAIS vol 35 pp 1ndash10 2014

[8] D F Ferraiolo R S Sandhu S Gavrila D R Kuhn and RChandramouli ldquoProposed NIST standard for role-based accesscontrolrdquoACMTransactions on Information and System Securityvol 4 no 3 pp 224ndash274 2001

[9] S Upadhyaya ldquoMandatory access controlrdquo in Encyclopedia ofCryptography and Security pp 756ndash758 Springer 2011

[10] L Liu and M Tamer Ozsu ldquoDiscretionary access controlrdquo inEncyclopedia of Database Systems pp 864ndash866 Springer 2009

[11] V C Hu D Ferraiolo R Kuhn et al ldquoGuide to Attribute BasedAccess Control (ABAC) Definition and Considerationsrdquo Na-tional Institute of Standards and Technology NIST SP 800-1622014

[12] V C Hu D R Kuhn and D F Ferraiolo ldquoAttribute-basedaccess controlrdquoThe Computer Journal vol 48 no 2 Article ID7042715 pp 85ndash88 2015

[13] D Servos and S L Osborn ldquoCurrent research and openproblems in attribute-based access controlrdquo ACM ComputingSurveys vol 49 no 4 article no 65 2017

[14] X Li D Feng Z Chen and Z Fang ldquoModel for attribute basedaccess controlrdquo Journal on Communications vol 29 no 4 pp90ndash98 2008

[15] X JinAttribute-based access control models and implementationin cloud infrastructure as a service [PhD thesis] The Universityof Texas at San Antonio 2014 PhD dissertation

[16] M Sookhak F R Yu M K Khan Y Xiang and R BuyyaldquoAttribute-based data access control in mobile cloud comput-ing Taxonomy and open issuesrdquo Future Generation ComputerSystems vol 72 pp 273ndash287 2017

[17] B Lang I Foster F Siebenlist R Ananthakrishnan andT Free-man ldquoA flexible attribute based access control method for gridcomputingrdquo Journal of GridComputing vol 7 no 2 pp 169ndash1802009

[18] C Ngo Y Demchenko and C De Laat ldquoMulti-tenant attribute-based access control for cloud infrastructure servicesrdquo Journalof Information Security and Applications vol 27-28 pp 65ndash842016

[19] Y XuWGaoQ Zeng GWang J Ren andY Zhang ldquoFABACA flexible fuzzy attribute-based access control mechanismrdquo inProceedings of the Proc 10th International Conference on Secu-rity Privacy and Anonymity in Computation Communicationand Storage pp 332ndash343 Springer 2017 pp 332-343

[20] X Liu Q Liu T Peng and J Wu ldquoDynamic access policy incloud-based personal health record (PHR) systemsrdquo Informa-tion Sciences vol 379 pp 62ndash81 2017

[21] IBM Corporation httpswwwibmcomsupportknowledge-centerenSSNGTE 700comibmtspmdoc 70installconceptAttributeBasedAccessControlhtm

[22] ldquoCisco Systems Incrdquo httpswwwciscocomcenustddocssecurityasaasa97asdm77firewallasdm-77-firewall-configvirtual-access-vm-attributespdf

[23] Axiomatics httpswwwaxiomaticscom[24] Jericho SystemsCorporation httpswwwjerichosystemscom

technologyglossarytermsattribute based access controlhtml[25] C Martnez-Garca G Navarro-Arribas and J Borrell Fuzzy

role-based access control vol 111 of Information ProcessingLetters Elsevier 2011 pp 483-487

[26] P-C Cheng P Rohatgi C Keser P A Karger G M Wagnerand A S Reninger ldquoFuzzy multi-level security an experimenton quantified risk-adaptive access controlrdquo in Proceedings of theIEEE Symposium on Security and Privacy (SP rsquo07) pp 222ndash230IEEE Berkeley Calif USA May 2007

[27] N Dimmock A Belokosztolszki D Eyers J Bacon and KMoody ldquoUsing trust and risk in role-based access controlpoliciesrdquo in Proceedings of the Proceedings on the Ninth ACMSymposium on Access Control Models and Technologies SAC-MAT 2004 pp 156ndash162 usa June 2004

[28] Y LiThe research of access control mechanism based on attiubuteand trust evaluation Masters thesis [Master thesis] SouthwestJiaotong University 2016

[29] P NMahalle P AThakre N R Prasad and R Prasad ldquoA fuzzyapproach to trust based access control in internet of thingsrdquo inProceedings of the Proc 3rd International Conference onWirelessCommunications Vehicular Technology InformationTheory andAerospace Electronic Systems (VITAE pp 1ndash5 2013

[30] F Feng C Lin D Peng and J Li ldquoA trust and context basedaccess control model for distributed systemsrdquo in Proceedingsof the Proc 10th IEEE International Conference on High Perfor-mance Computing and Communications pp 629ndash634 2008

[31] R Bhatti E Bertino and A Ghafoor ldquoA trust-based context-aware access control model for web-servicesrdquo Distributed andParallel Databases vol 18 no 1 pp 83ndash105 2005

[32] F J Pelletier ldquoMetamathematics of fuzzy logics by Petr HajekrdquoBulletin of Symbolic Logic vol 6 no 3 pp 342ndash346 2000

[33] E H Mamdani and S Assilian ldquoAn experiment in linguisticsynthesis with a fuzzy logic controllerrdquo International Journal ofMan-Machine Studies vol 7 no 1 pp 1ndash13 1975

[34] J Dombi ldquoMembership function as an evaluationrdquo Fuzzy Setsand Systems vol 35 no 1 pp 1ndash21 1990

[35] DETER Project httpsabacdeterlabnet[36] D Johnson and D Maltz ldquoDynamic source routing in Ad

Hoc wireless networksrdquo in The Kluwer International Series inEngineering and Computer Science vol 353 pp 153ndash181 1996

Security and Communication Networks 3

user-role and role-permission compared with the originalRBAC model And the assignment degrees were subjectivelyassigned to represent the accompanying uncertainties andrisks of corresponding assignments Then the access controlenforcement was based on the risks of requests reflectedby the overall assignment degrees However this conceptualsolution did not provide a practical and detailed calculationmethod of assignment degrees Cheng et al [26] proposedthe fuzzy MLS a risk self-adjusting access control techniquewhich can quantify the potential risks associated with theexceptional access and thereby optimize the risk-benefittrade-off In this model the risk of the request was quan-titatively assessed according to both the value of the objectand the empirical illegal disclosure probability determinedby the MLS tags (security level etc) of the involving subjectand object and then made the access decision by comparingthe risk with a preset risk scale and asking the user toprovide corresponding risk tokens assigned by the admin-istrator Meanwhile trust mechanism closely connected tothe concept of risk has also been ushered in Dimmocket al expanded the existing access control framework andcombined the trust-based assessment with reasoning to forma dynamic model that can manage risk more intelligently[27] Liu combined the dynamic hierarchical fuzzy systemwith trust evaluation then introduced a fuzzy multiattributetrust access control scheme for cloud manufacturing sys-tem [28] Mahalle et al [29] developed a trust-extendedfuzzy authorization scheme and put forward the conceptof trust rating for identity management Context awarenessis a significant precondition for accurately perceiving andproperly handling risks Feng et al [30] integrated userbehaviors and operating environment to propose a scalabletrust-based and context-aware access control technique forlarge-scale widely distributed networks Taking into accountboth factors of trust and environmental perception Bhatti etal [31] constructed a trust-enhanced environment-sensitiveauthorizationmodel for network traffic based onX-GTRBAC(XML-based generalized temporal RBAC) framework

As cross-organizational multisectoral cooperationsbecome integral parts of current business processes toovercome the drawbacks of the mainstream access controlmodels while unifying their advantages there has beenconsiderable interest in a more general model namelyABAC [11 12] which is considered as ldquonext generationrdquoauthorization model for its dynamic context-aware andfine-grained features defines a multidimensional accesscontrol paradigm where access requests are accepted orrejected based on all kinds of assigned attributes includingsubject attributes (eg age department job title) actionattributes (eg read write append) object attributes (egowner size classification) and contextual attributes (egtime location) and a set of policies ABAC empowersmore precise access control facilitating the generation ofexpressive and flexible policies through the combination of awide range of factors

Determined attempts have been made not only by stan-dards organizations [11] but also by many IT giants suchas IBM and Cisco [21 22] which contributes much to thedevelopment and widespread deployment of ABAC tech-niqueMeanwhile the academic community has also invested

significant effort in this research area [13] Li et al [14] con-ducted in-depth discussions on the inherent logical relationsand system architecture of ABAC Jin [15] has formalizedthe ABAC scheme and achieved the simulation of otherclassical models Sookhak et al [16] carried out an exhaustivesurvey on ABAC techniques befitting cloud and distributedenvironment Based on the authorization requirements ofgrid systems Bo et al [17] developed an efficient multipolicyABAC technique suitable for grid computing based on thethird-party authorization framework

Regardless the benefits of ABAC its rigid policy-enforcement mechanism as well as the guideless policy-configuration process may somehow lead to the reductionof resource usability and then the time efficiency of busi-ness Demchenko and Ngo [18] mitigated this problem byproposing a specific ABAC solution for the cloud tenantswhich enables hierarchical delegations to support the efficientcollaborations among tenants Although this approach con-tributes to yield a more flexible ABAC paradigm it is nota general solution which can only fit for limited scenariosIn a more intrinsic view it reflects the fact that ABAC isthoughtless in how to efficiently deal with exceptional accessrequests

Considering all these challenges and even more complexand urgent application scenarios in our previous conferencepaper [19] we put forward a rough fuzzy ABAC frameworkconceptually aiming to achieve flexible special authorizationsfor exceptional urgent requests with low risks However itdid not consider the effects of benign usersrsquo unintentionalmisoperations and ignored the differences in importanceamong attributes Besides its credit managementmechanismis not reasonable enough while the experimental evaluationand analysis are not included This research is inclinedto make up for the past deficiencies so as to achieve aninnovative approach with the auxiliary exceptional requestshandling functionality for enhancing the resource usabilityand thereby business timeliness in highly dynamic andunexpectable environments

3 Preliminary

This section goes through some necessary concepts of thefuzzy theory [32]

Fuzzy Set Fuzzy set is an extension of sets whose elementshave degrees of membership A fuzzy set can be definedas a pair (119880 120583) in which 119880 is the universe set of elementsand 120583 is the membership function that mapping elements tocorresponding membership degree as follows

119909 isin 119880 997888rarr 120583 (119909) isin [0 1] (1)

Fuzzy Logic The fuzzy logic is one type of multivalue logicwhich is based on fuzzy set theory In fuzzy logic thetruefalse value is replaced with membership values whichare real numbers between 0 and 1 A possible definition ofoperations in fuzzy logic is based on maxmin function [33]inwhich theANDoperatormeans taking theminimumvalueamong membership values while the OR operator meanstaking the maximum

4 Security and Communication Networks

Table 1 The major notations and definitions

Notations Definitions119902119894 the 119894th request119901119895 the 119895th clause in policy set119886119895119896 the 119896th attribute involved in the clause 119901119895119908119895119896 the weight of 119886119895119896 in the 119901119895120585119895119896(119902119894) The fuzzy membership function for calculating the membership degree of the 119902119894 to the constraint range of attribute 119886119895119896]119895(119902119894) The fuzzy membership function for calculating the membership degree of the 119902119894 to the clause 119901119895120583(119902119894) The fuzzy membership function for calculating the membership degree of the 119902119894 to the policies119888119900119904119905(119902119894) The credit cost of special approval for the 119902119894119867 The rejection threshold (a rational number in (0 1))119888119898119886119909 The credit-line (a rational number in (0 1))119888119909 The credit value of the subject 119909 (a rational number in (0 119888119898119886119909))119903 The credit recover ratio (a rational number in (0 1))

4 FBAC

In this section we define several necessary notations at thebeginning Then we introduce the architecture of FBACbriefly and describe its workflow step by step Further wedemonstrate its essential components in detail And finallywe study a detailed case to help readers understand the FBACbetter

For convenience we only adopt granting policies(Although the policies in ABAC can be granting or denyingones they are mutually transformable) in this paper andemploy a refusal precedence principle for the decision-making process ie a granted decision would be madewhen the request meets at least one clause in the policyset

41 FBAC Model The FBAC model wraps the standardABAC as a preliminary screening module and integratesadditional decision support components for improving theresource usability thereby gaining better business timeliness

Notations Throughout this paper we use the notations inTable 1 for simplified description purpose

Architecture and Workflow As seen in Figure 1 the FBAC isbuilt upon the standard ABAC model with additional fuzzyevaluation component and credit component The first com-ponent is developed to support unattended special authoriza-tions while the second is a security remedial measure Theseadditional components are independent to standard ABACwhich contributes to the effortless integration

When a request is reached the FBAC firstly collectsthe states of related attributes of that request including theattributes of subject object context and action (Steps 1-2) After applying the policies if this request is not grantedby the standard ABAC process it will be delivered to ourfuzzy evaluation component for a further decision basedon the membership degree calculation and the rejectionthreshold filter (Step 3) The credit component will check theavailable credits of the requester and denies the request if therequester is unable to afford the credit cost for approving this

Input 119902119894 119888119909Output 119863119890119888119894119904119894119900119899 isin granted denied(1) if match any policy then(2) return granted(3) end if(4) 120583(119902119894) larr max119899119894=1(]119894(119902119894))(5) 119888119900119904119905(119902119894) larr 1 minus 120583(119902119894)(6) if 120583(119902119894) lt 119867 or 119888119909 lt 119888119900119904119905(119902119894) then(7) return denied(8) end if(9) 119888119909 larr (119888119909 minus 119888119900119904119905(119902119894))(10) return granted

Algorithm 1 The FBAC Decision-Making Procedure

exceptional request (Step 4) If the corresponding subject hassufficient credits to pay the credit cost the credit componentwill issue a prompt to ask the requester to confirm the creditconsumption (Step 5) Once confirmed by the requesterthe request will be granted and logged at the expense ofcorresponding credit consumption Note that part of theconsumed credit will be restored after audit if the subject isnot malicious Otherwise this request will be denied (Step6) The final decision is delivered to the enforcement facilitywhich will mediate the corresponding access to the objectaccordingly (Step 7) The major decision-making process isillustrated in Algorithm 1

Apart from the major decision-making process there isan audit process which will router the recorded exceptionalaccess authorizations to administrators for review periodi-cally And then the credit audit system will restore a part ofthe usersrsquo credit according to the auditing results (Step a)

Fuzzy Evaluation Component When a request 119902119894 is rejectedby the standard ABAC module because it can not exactlymatch any policy the FBAC system will turn to fuzzyevaluation component for further judgments This compo-nent will evaluate the matching degree of the 119902119894 to policiesthrough membership degree calculation Specifically for the

Security and Communication Networks 5

Confirmation Process

Subject

SAttributes

Context

CAttributes

Object

OAttributes EnforcementFacility

Result

Audit Mechanism

AcAttributes

Request

Credit

Credit Component

7

264

1

3

a

Unmatched Fuzzy EvaluationComponent

Matched

Decision Making Mechanism

StandardABAC

5

Figure 1 Architecture and workflow of FBAC

119895th clause in the policy set this component will calculate themembership degree of the request 119902119894 to that clause as follows

]119895 (119902119894) = sum119899119896=1 119908119895119896120585119895119896 (119902119894)sum119899119896=1 119908119895119896 (2)

In formula (2) 120585119895119896(119902119894) is the membership subfunctionthat maps 119902119894 to a certain membership degree according tothe matching degree of 119902119894 to the constraint range of the119896th attribute in the 119895th clause The design of 120585119895119896 is closelyrelated to the meaning of the corresponding attribute andpolicy clause and also depends on administrators subjectivelyThere exist several primary guidelines for determining themembership subfunction [34] And the most commonlyrecommended function templates include the trapezoidsubordinate function the trigonometric membership func-tion the step function etc In this paper we select thetrapezoid subordinate function and the step function fordifferent policy clauses respectively (cf Section 42) TheFBAC gives the administrators greater freedom to determinethe attributes which should be fuzzy processed based onpractical administrative needs In general the continuousattributes can be fuzzy processed while the discrete ones(eg users names) should be fully matched for obtainingfinal authorizations Additionally if the discrete attributescan be somehow transformed into continuous ones based onpartial ordered relations they can also be fuzzy processedsimilarly eg converting the discrete and hierarchical jobtitles to continuous level numbers 119908119895119896 is the weight of the

corresponding attribute Introducing weight factor enablesadministrators to adjust the influence of each attribute inthe policies so as to provide more flexible and expressivemanageability

Since there usually exist more than one clause in thepolicy set the holistic matching degree is synthesized withmaximum synthesis rules [33] as shown in the followingformula

120583 (119902119894) = 119899max119895=1

]119895 (119902119894) (3)

After obtaining the matching degree 120583(119902119894) the FBAC willcompare 120583(119902119894) with the rejection threshold 119867 If 120583(119902119894) lt 119867the request 119902119894 will be denied by FBAC Otherwise the creditcomponentwill be invoked for supporting further judgments

Credit Component and Audit Mechanism The fuzzy evalu-ation component provides users with extra access oppor-tunities without manual reviews However in spite of thebenefits in the resource usability and business timelinessthis fuzzy evaluation module poses potential threats suchas abuse issues unintentionally Therefore we build a creditcomponent combined with periodic credit adjustment audit-ing mechanism as the countermeasure to mitigate the risk ofabuse

Our credit component maintains a credit value 119888119909lowast

(119888119909lowast

isin[0 119888119898119886119909] where 119888119898119886119909 isin (0 1) is the preset credit line) foreach subject 119909lowast When the FBAC is initialized every 119888119909

lowast

willbe set as 119888119898119886119909 without discrimination During the use the

6 Security and Communication Networks

credit component will be invoked to provide further decisionsupport for the request 119902119894 if its matching degree 120583(119902119894) exceedsthe rejection threshold 119867 We define 119888119900119904119905(119902119894) = 1 minus 120583(119902119894) asthe special approval cost for the request 119902119894 with the matchingdegree 120583(119902119894) because the 119888119900119904119905(119902119894) can reflect the gap betweenthe states of the 119902119894 and the precise requirements of policiesThus the credit component will compare the credit 119888119909 ofthe requester 119909 with the corresponding special approval cost119888119900119904119905(119902119894) If 119888119909 lt 119888119900119904119905(119902119894) then a denial suggestion will beissued for the 119902119894 as the requester does not have enough creditto afford the cost Otherwise the FBAC will ask the requesterfor confirmation to consume that 119888119900119904119905(119902119894) and enforce therequester to comment reasons for the unusual request Thisadditional prompt scheme is quite useful to avoid usermisuseand is also helpful for future audits Then if the requester 119909replies in the affirmative to that credit consumption promptthe FBAC will grant the request 119902119894 by charging the requestercorresponding fee ie deducting 119888119900119904119905(119902119894) from 119888119909 In factfor individuals the FBAC would degrade to standard ABACwhen they max out their credits

Furthermore for achieving better creditmanagement andthereby controlling credit abuse risks a periodic manualaudit mechanism is also integrated into the FBAC modelDuring an audit the unusual authorization records will bereviewed by the system administrators according to all therelevant information in the system including corresponding

explanatory comments typed by requesters in the confirma-tion process Based on auditing results the audit routine willrestore credits for the users who pass checks successfullywhile disables such recovery for the suspects unless provedinnocent (More tougher punishments can be given whenthe suspect is finally proven guilty) to ensure the creditsystem works well thereby providing enough flexibility withcontrollable abuse risks

Note that the credit recovery strategy depends on theadministrator For instance our approach gives the pro-portional credit back (119903 in 100) of the margin betweenthe credit line 119888119898119886119909 and the current credit value 119888119909 (ie119888119898119886119909 minus 119888119909) after each audit process This is because wehold a conservative opinion that the special approval is acompromise for improving business timeliness which shouldnot be encouraged in routineworkTherefore the formula forcalculating new credit value 1198881015840119909 is as follows

1198881015840119909 = 119903 (119888119898119886119909 minus 119888119909) + 119888119909 where 119903 isin (0 100] (4)

42 Case Study This subsection provides a case study ofFBAC to help people understand how it works in detail

Assuming there exists an FBAC systemwith the threshold119867 = 08 119888119898119886119909 = 03 119903 = 05 and two clauses in the policy setas follows

119901119900119897119894119888119910

(1) IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 000001 2895117119873 plusmn 000001))and (119895119900119887 119905119894119905119897119890 is119898119886119899119886119892119890119903) THEN granted

(2) IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 000001 2895117119873 plusmn 000001))and (119905119894119898119890 isin [8 00 18 00]) and (119895119900119887 119905119894119905119897119890 is 119904119905119886119891119891) THEN granted

(5)

We can see that there are 3 types of attributes involvedin the policy set 119905119894119898119890 is the timestamp of the request119897119900119888119886119905119894119900119899denotes the requesterrsquos location (given in latitude andlongitude) and 119895119900119887 119905119894119905119897119890 denotes the 119904119906119887119895119890119888119905rsquos job positionThen we define the membership functions as follows

120583 (119902119894) = max (]1 (119902119894) ]2 (119902119894))]1 (119902119894) = sum

2119895=1 11990811198951205851119895 (119902119894)sum2119895=1 1199081119895

]2 (119902119894) = sum3119895=1 11990821198951205852119895 (119902119894)sum3119895=1 1199082119895

(6)

In this case we set all the attributes in the same policy tothe same weight as shown below

]1 (119902119894) = sum2119895=1 1205851119895 (119902119894)2

]2 (119902119894) = sum3119895=1 1205852119895 (119902119894)3

(7)

In order to describe 120585119894119895 we firstly predefine a function119889119894119904119905119886119899119888119890(119909 119910) to describe the distance between 119909 and 119910 inmeters Then we give the definitions of 120585119894119895 as follows12058511 (119902119894) = max(1 minus 119889119894119904119905119886119899119888119890 (119897119900119888119886119905119894119900119899 119900119891119891119894119888119890)100 0)

12058512 (119902119894) = 1 119895119900119887 119905119894119905119897119890 is1198981198861198991198861198921198901199030 otherwise

12058521 (119902119894) = 12058511 (119902119894)

12058522 (119902119894) =

2 sdot 119905119894119898119890 minus 16 119905119894119898119890 isin (75 8]1 119905119894119898119890 isin (8 18]37 minus 2 sdot 119905119894119898119890 119905119894119898119890 isin (18 185]0 otherwise

12058523 (119902119894) = 1 119895119900119887 119905119894119905119897119890 is 1199041199051198861198911198910 otherwise

(8)

Security and Communication Networks 7

Then we assume that a subject 119878 initiates a request 1199021 asfollows

1199021 =

119905119894119898119890 = 18 35119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254180119864 2895117119873)

(9)

When request 1199021 is initiated the FBAC attempts to match1199021 with policies but failsThen it turns to the fuzzy evaluationprocess As the credit cost of the 1199021 is 119888119900119904119905(1199021) asymp 1 minus 085 =015 then 015 is going to be consumed from 119888119878 for making 1199021be grantedThe systemwill ask subject 119878 for the consumptionconfirmation in order to make sure whether 119878 is willing toconsume required credits to continue Suppose that 119878 choosesto spend his credits then 1199021 is granted and 119888119878 is decreased to015

Next when 119878 try to initiate another request 1199022 later asfollows

1199022 =

119905119894119898119890 = 23 03119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254187119864 2895117119873) (10)

in the same way we get that 119888119900119904119905(1199022) asymp 019 Since 119888119878 =015 after the request 1199021 119878 can not afford the cost of the 1199022 so1199022 will be rejected directlyIn addition if 119878 passes the audit with his credit value 119888119878 =015 then 119888119878 will be restored to 0225 according to expression

(4)

5 Discussion

In this section we will briefly analyze the effect on usabilityand security of FBAC followed by complexity analyses

Usability and Security To describe the enhancive effect on theoverall resource usability of FBAC we chose the granted ratewhich is defined as the rate of the granted requests to totalrequests per unit time as a reflection of usability

Let 119880 denote the usability and 119877 denote the granted ratethen we get the following expression in which 119877119899119900119903119898119886119897 and119877119904119901119890119888119894119886119897 denote the granted rates of requests matching or notmatching policies respectively while notation ldquoproprdquo denotesthe relationship of positive correlation

119880 prop (119877 = 119877119899119900119903119898119886119897 + 119877119904119901119890119888119894119886119897) (11)

Since FBAC shares the same 119877119899119900119903119898119886119897 with its elder siblingABAC obviously the FBAC obtains extra usability improve-ment Δ119880 which is positively correlated with 119877119904119901119890119888119894119886119897 whencompared with ordinary ABAC namely

Δ119880 prop 119877119904119901119890119888119894119886119897 (12)

Naturally the configurable threshold119867 is closely associ-ated with the usability For any request 119902lowast failed in policiesmatching with overall matching degree 120583(119902lowast) we supposethat 120583(119902lowast) = 119909 obeys a probability density distribution 119891(119909)

while the probability of available credit of requester 119888lowast ge120583(119902lowast) obeys another probability density distribution ℎ(119909)then we can deduce the following relational expression

119877119904119901119890119888119894119886119897 prop int119872119886119909

119867ℎ (119909) 119891 (119909) 119889119909 (13)

Since ℎ(119909) and 119891(119909) are commonsensically positive wefind an inverse correlation between the incremental usabilityΔ119880 and the threshold119867 in expression (13) that is a lower119867leads to more approvals on requests Apparently the FBACwould deteriorate to standard ABAC if119867 tends to the upperbound ie the value 1 in our case

Not surprisingly the usability improvement also comeswith security risks As the FBAC may authorize exceptionalaccess requests which do not fully comply with the currentpolicies in some cases this feature can be abused by indiscreetusers or even be exploited by malicious users for accessingextra resources and thereby bringing additional risks to thesystem Here the deviation between the overall matchingdegree of the exceptional request (ie 120583(119902lowast)) and the closestmatching policy (the standard normalization value ldquo1rdquo) isused as the risk indicator of each exceptional authorization

Correspondingly the FBAC has effective countermea-sures to mitigate the risks induced by the fuzzy assessmentmechanism to the acceptable level Firstly as a general andindiscriminate defense the reject threshold is used to screenout high-risk requests deviating far from current policiesie any request 119902lowast with overall matching degree 120583(119902lowast) lowerthan the threshold 119867 would be declined directly becausethe FBAC is aiming at improving the flexibility and effi-ciency of exceptional authorizations rather than invalids thesecurity policies Thus the security risk of each exceptionalauthorization is limited within the controllable range 1 minus 119867Secondly the credit mechanism is used as the individualizedconstraint against the abuse attacks on the FBAC As for eachrequester each exceptional authorization definitely comeswith corresponding credit cost which is determined by therisk of that request 119902lowast (ie 119888119900119904119905(119902lowast) = 1 minus 120583(119902lowast)) In otherwords a request 119902lowast will be declined if the correspondingrequester 119909lowast does not have enough credit to afford the creditcost 119888119900119904119905(119902lowast) of the exceptional request ie 119888119909

lowast

lt 119888119900119904119905(119902lowast)Therefore the immoderate and even malicious exceptionalaccess behaviors are mitigated due to the limitation ofcredit According to the analysis above then the maximumsecurity risk of one exceptional authorization associated witha requester 119909lowast is further limited within Minimum(1 minus 119867119888119909lowast

) Meanwhile within each audit cycle the total securityrisk which can be caused by the exceptional authorizationsrelated to each single requester 119909lowast is limited below his creditvalue 119888119909

lowast

(the value at the beginning of the audit cycle) Inaddition for each subject 119909lowast the credit consumption has theadditive restrictive effect on future requests because only aportion of the already consumed credits could be restoredaccording to credit recovery mechanism Briefly the morecredits the requester used in one audit cycle the less totalamount he will have in the future which further reducesthe abuse risks of the exceptional authorizations Finallythe FBAC integrates a periodic manual audit mechanism as

8 Security and Communication Networks

Table 2 The parameter configuration

Case 119862119898119886119909 119903 119867 Time weight Location weight1 080 050 080 050 0502 080 050 085 050 0503 080 050 090 050 0504 080 050 080 040 0605 080 050 080 020 080

the post-security mechanism to review all the exceptionalauthorizations As for the suspects their credit restorationswould be suspended until proven innocent As a result theywould lose the privileges to obtain instant approvals for theirexceptional requests as their credits will keep reducing andcan not get replenished Therefore the entire risk which canbe caused by the exceptional authorizations granted for asingle suspect identified during the audits is limited withinthe credit line 119888119898119886119909

Summarily the FBAC broadens the granting bounds toa certain extent for all the requests with the help of fuzzyevaluation mechanism and limits the special approval rateof each individual requester with the help of credit andaudit mechanism thereby achieving better timely usabil-ity than standard ABAC with the controllable sacrifice ofsecurity

Complexity The complexity of access control is related tothe number of concurrent requests policies and attributescontained in each policyThemore the attributes are involvedin a policy the higher the computational complexity of thispolicy will be Generally as the granularity of access controlbecomes finer the complexity of policy increases and the timecost of decision-making process also grows slightly and tendsto flatten out

Assuming there are 119898 policies and 119899 attributes thenumber of requests that occur at the same time in thesystem is 119896 the computational complexity of a basicmatchingprocess is 119874(1) in original ABAC model In the worst caseeach policy and attribute needs a matching calculation andthus the complexity of a single decision is 119874(119898119899) Becausecomplexity is proportional to the number of requests made

simultaneously the total computational complexity of thewhole system is 119874(119896119898119899)

Correspondingly the computational complexity of both abasic matching process and credit evaluation process in ourFBAC model is also 119874(1) that is to say the complexity of asingle decision is still 119874(119898119899) thus the total computationalcomplexity remains at 119874(119896119898119899)

Compared with the standard ABAC model our FBACmodel has two additional processes the credit-based judg-ment and the fuzzy assessment which is a little com-plex than the simple yesno decision And the over-head of both parts can be considered of the same orderof magnitude as the former This explains why bothmodels (ie ABAC and FBAC) have the same com-putational complexity It also shows that the impact ofFBAC in terms of performance is within an acceptablerange

6 Experimental Evaluation

We developed an FBAC prototype to evaluate its availabilitysecurity and performance through several experiments

61 Test Scenarios By modifying the ABAC source codes ofDeter Project [35] we implemented a prototype of FBACand deployed it to 5 virtual servers on a single physicalmachine (64-bit CentOS 7 4vCPUs (i5-7500 34GHz) 16GBRAM 1TB Storage supported by OpenStack (Pike v3120))for experiments

In our FBAC systems we firstly configured the followingpolicy set and set the audit time interval to one weekuniformly

119901119900119897119894119888119910 IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 00001 2895117119873 plusmn 00001))and (119905119894119898119890 isin [8 00 18 00]) THEN granted

(14)

And then we conducted four experiments with respectiveFBAC configuration parameters shown in Table 2 And ineach experiment we simulated 500 users to initiate requeststo FBAC servers These users follows Poisson distributionin time and move around according to Random Way Point(RWP) [36] model to fit the mobile features The simulationsystem will randomly regenerate the destination and themoving speed for each user every 30 minutes Addition-ally we also introduced small noises (plusmn10m) randomly to

usersrsquo location coordinate data for simulating the fluctuationsin the real positioning system These users were set asldquobenignrdquo or ldquomaliciousrdquo separately with several different userbehavioral patterns correspondingly to generate requestingdata Furthermore we set that benign users will aborttheir requests randomly in responding to credit misuseprompts whereas malicious users will not according to theknowledge that benign users are more compliance withrules

Security and Communication Networks 9

0

10

20

30G

rant

ed R

atio

7 14 21 280Time (day)

Figure 2 The average granted ratio of requests

benign usersmalicious users

0

10

20

30

40

Gra

nted

Rat

io

7 14 21 280Time (day)

Figure 3 119877119904119901119890119888119894119886119897 of benign and malicious users

Note that in the fourth and fifth cases we forced all theusers to obey the time restriction to articulate the effect ofattribute weights

The experiments last for four weeks and each audit periodis 5 days long All the access histories are recorded in accesslogs for further analyses

62 Analysis

Usability As the granted ratio of requests which fail to meetpolicies (denoted by 119877119904119901119890119888119894119886119897) reflects the extra improvementon immediate resource usability we count up such averagegranted rate based on the Case 1 as shown in Figure 2We canlearn that the average granting rate of exceptional requests ismaintained in a positive range during the experiment whichillustrates the usability increment of FBAC compared withABAC through the employment of fuzzy evaluation method

Security Again based on Case 1 we evaluated the resistanceof FBAC against security risks Figure 3 shows the granted

Table 3 The time cost of the decision-making process

Model Average time (ms) Best time (ms) Worse time (ms)FBAC 0033 0019 0245ABAC 0017 0002 0081

ratios of both benign and malicious user respectively It isclear that 119877119904119901119890119888119894119886119897 of benign users is limited to a certain upperbound by the threshold particularly below 35 in Case 1while that of malicious users is even far lower throughout thetest duration Furthermore it also illustrates that such ratesof both benign and malicious users are further constrainedby credit mechanism With the consumption and partialrecovery of credits controlled by credit and audit mechanism119877119904119901119890119888119894119886119897 of benign users reveals a hysteretic declined trendwithin each audit cycle and will fluctuate along with auditcycles during the testing period When it comes to malicioususers this ratio is decreasing continuously over audit cyclesand is gradually converging to 0

Such results demonstrate that the threshold providesa general and coarse-grained restriction on requests whilecredit system supplies additive restrictive effect on therequests in each audit cycle In addition the auditmechanismis effective in limiting 119877119904119901119890119888119894119886119897 of users with malicious orabnormal behaviors as their credits will be used up easilyand can hardly be restored because of the audit mechanismTherefore the FBAC is sufficient to defend against abuseattacks

Parameter Effects We have tuned two major regulativeparameters in FBAC to explore their potential influence

(1) Threshold To study the impact of the reject threshold weincreased the threshold119867 by 005 in Case 1 Case 2 and Case3 gradually Unsurprisingly Figure 4 illustrates that 119877119904119901119890119888119894119886119897 inFBAC is closely related to the threshold 119867 ie the higher119867 is the lower the granted rate will be Besides although alow119867may accelerate the credit consumption which in turnaffects the granted rate due to the rejection cases caused bycredit insufficiency this side effect is unable to impact themain trend on a macroscale

(2) Attribute Weight When it comes to the attribute weights Cases 4 and 5 were selected for comparison as theyset the time variable to fixed value by obeying the timerestriction and share the same 119862119898119886119909 and 119867 parametersAs seen in Figure 5 the bigger weight coefficient for thelocation attribute in Case 5 leads to a lower granted rate whencompared with that of Case 4 This shows that the weightmechanism can effectively adjust the overall impact of eachattribute on the decision-making process

PerformanceWe evaluated the time cost of decision-makingprocesses of both FBAC and ABAC to measure the per-formance According to the results in Table 3 althoughFBAC wraps ABAC and adds additional mechanisms formaking authorization decisions it only incurs quite light and

10 Security and Communication Networks

0

10

20

30

7 14 21 280Time (day)

(a) 119867 = 080

0

10

20

30

7 14 21 280Time (day)

(b) 119867 = 085

0

10

20

30

7 14 21 280Time (day)

(c) 119867 = 090

Figure 4 119877119904119901119890119888119894119886119897 under different thresholds

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(a) 119908119905 = 04 119908119897 = 06

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(b) 119908119905 = 02 119908119897 = 08

Figure 5 119877119904119901119890119888119894119886119897 under different attribute weights

acceptable overhead in average compared with ABAC whichis almost imperceptible to requesters

7 Conclusion

In this paper a feasible FBAC technique is proposed thatimproves upon the standard ABAC paradigmwith good flex-ibility and time efficiency in dealing with exceptional urgentrequests which do not comfort to policies in the dynamic andunpredictable environment Beyond ABAC we use a fuzzyevaluation method to do unattended special authorizationsfor exceptional requests that failed in policy matching Wealso use credit and corresponding audit mechanisms to limitthe abuse risk of special approvals A tangible example is givento explain the working details which indicates the suitabilityof FBAC in mobile and dynamic scenarios In additionthe theoretical analyses and experimental evaluations showthat the FBAC paradigm reinforces the system in favor oftime efficiency and usability with the controllable expense ofsecurity

In future work we would like to further refine theauthorization decision-making scheme with the support ofthe latest deep learning techniques (eg neural network)to discover benign and riskful access patterns based onthe access behavior mining for helping the FBAC betterdistinguish between benign and malicious requests thereby

enabling more intelligent and accurate handling for excep-tional access cases Moreover we also believe that deployingthe FBAC system in Chinarsquos current Xiangyamedical big datasystemwould havemore practical and exploratorymeanings

Disclosure

This work was presented in part at the SpaCCS 2017Guangzhou China 12ndash15 December 2017

Conflicts of Interest

The authors declare that there are no conflicts of interest

Acknowledgments

This work was supported in part by the National NaturalScience Foundation of China under Grants 61702562 and61472451 the Mobile Health Ministry of Education-ChinaMobile Joint Laboratory the Hunan Provincial Innova-tion Foundation for Postgraduate under Grant CX2015B047the China Scholarship Council Foundation under Grant201506370106 the Guangdong Provincial Natural ScienceFoundation under Grant 2017A030308006 and the JointResearch Project between Tencent andCentral SouthUniver-sity

Security and Communication Networks 11

References

[1] G Fettweis and S Alamouti ldquo5G personal mobile internetbeyond what cellular did to telephonyrdquo IEEE CommunicationsMagazine vol 52 no 2 pp 140ndash145 2014

[2] Y Zhang K Guo J Ren J Wang and J Chen ldquoTransparentcomputing A promising network computing paradigmrdquo Com-puting in Science Engineering vol 19 no 1 p 20 2017

[3] Y Zhang J Ren J Liu C Xu H Guo and Y Liu ldquoA surveyon emerging computing paradigms for big datardquo Journal ofElectronics vol 26 no 1 pp 1ndash12 2017

[4] J He Y Zhang J Lu M Wu and F Huang ldquoBlock-Stream as aService A More Secure Nimble and Dynamically BalancedCloud Service Model for Ambient Computingrdquo IEEE Networkvol 32 no 1 pp 126ndash132 2018

[5] T Peng Q Liu and G Wang ldquoA multilevel access controlscheme for data security in transparent computingrdquo Computingin Science amp Engineering vol 19 no 1 Article ID 7802524 pp46ndash53 2017

[6] I Hardill and A Green ldquoRemote working - Altering the spatialcontours of work and home in the new economyrdquoNew Technol-ogy Work and Employment vol 18 no 3 pp 212ndash222 2003

[7] AM French C Guo and J P Shim ldquoCurrent status issues andfuture of bring your own device (BYOD)rdquo CAIS vol 35 pp 1ndash10 2014

[8] D F Ferraiolo R S Sandhu S Gavrila D R Kuhn and RChandramouli ldquoProposed NIST standard for role-based accesscontrolrdquoACMTransactions on Information and System Securityvol 4 no 3 pp 224ndash274 2001

[9] S Upadhyaya ldquoMandatory access controlrdquo in Encyclopedia ofCryptography and Security pp 756ndash758 Springer 2011

[10] L Liu and M Tamer Ozsu ldquoDiscretionary access controlrdquo inEncyclopedia of Database Systems pp 864ndash866 Springer 2009

[11] V C Hu D Ferraiolo R Kuhn et al ldquoGuide to Attribute BasedAccess Control (ABAC) Definition and Considerationsrdquo Na-tional Institute of Standards and Technology NIST SP 800-1622014

[12] V C Hu D R Kuhn and D F Ferraiolo ldquoAttribute-basedaccess controlrdquoThe Computer Journal vol 48 no 2 Article ID7042715 pp 85ndash88 2015

[13] D Servos and S L Osborn ldquoCurrent research and openproblems in attribute-based access controlrdquo ACM ComputingSurveys vol 49 no 4 article no 65 2017

[14] X Li D Feng Z Chen and Z Fang ldquoModel for attribute basedaccess controlrdquo Journal on Communications vol 29 no 4 pp90ndash98 2008

[15] X JinAttribute-based access control models and implementationin cloud infrastructure as a service [PhD thesis] The Universityof Texas at San Antonio 2014 PhD dissertation

[16] M Sookhak F R Yu M K Khan Y Xiang and R BuyyaldquoAttribute-based data access control in mobile cloud comput-ing Taxonomy and open issuesrdquo Future Generation ComputerSystems vol 72 pp 273ndash287 2017

[17] B Lang I Foster F Siebenlist R Ananthakrishnan andT Free-man ldquoA flexible attribute based access control method for gridcomputingrdquo Journal of GridComputing vol 7 no 2 pp 169ndash1802009

[18] C Ngo Y Demchenko and C De Laat ldquoMulti-tenant attribute-based access control for cloud infrastructure servicesrdquo Journalof Information Security and Applications vol 27-28 pp 65ndash842016

[19] Y XuWGaoQ Zeng GWang J Ren andY Zhang ldquoFABACA flexible fuzzy attribute-based access control mechanismrdquo inProceedings of the Proc 10th International Conference on Secu-rity Privacy and Anonymity in Computation Communicationand Storage pp 332ndash343 Springer 2017 pp 332-343

[20] X Liu Q Liu T Peng and J Wu ldquoDynamic access policy incloud-based personal health record (PHR) systemsrdquo Informa-tion Sciences vol 379 pp 62ndash81 2017

[21] IBM Corporation httpswwwibmcomsupportknowledge-centerenSSNGTE 700comibmtspmdoc 70installconceptAttributeBasedAccessControlhtm

[22] ldquoCisco Systems Incrdquo httpswwwciscocomcenustddocssecurityasaasa97asdm77firewallasdm-77-firewall-configvirtual-access-vm-attributespdf

[23] Axiomatics httpswwwaxiomaticscom[24] Jericho SystemsCorporation httpswwwjerichosystemscom

technologyglossarytermsattribute based access controlhtml[25] C Martnez-Garca G Navarro-Arribas and J Borrell Fuzzy

role-based access control vol 111 of Information ProcessingLetters Elsevier 2011 pp 483-487

[26] P-C Cheng P Rohatgi C Keser P A Karger G M Wagnerand A S Reninger ldquoFuzzy multi-level security an experimenton quantified risk-adaptive access controlrdquo in Proceedings of theIEEE Symposium on Security and Privacy (SP rsquo07) pp 222ndash230IEEE Berkeley Calif USA May 2007

[27] N Dimmock A Belokosztolszki D Eyers J Bacon and KMoody ldquoUsing trust and risk in role-based access controlpoliciesrdquo in Proceedings of the Proceedings on the Ninth ACMSymposium on Access Control Models and Technologies SAC-MAT 2004 pp 156ndash162 usa June 2004

[28] Y LiThe research of access control mechanism based on attiubuteand trust evaluation Masters thesis [Master thesis] SouthwestJiaotong University 2016

[29] P NMahalle P AThakre N R Prasad and R Prasad ldquoA fuzzyapproach to trust based access control in internet of thingsrdquo inProceedings of the Proc 3rd International Conference onWirelessCommunications Vehicular Technology InformationTheory andAerospace Electronic Systems (VITAE pp 1ndash5 2013

[30] F Feng C Lin D Peng and J Li ldquoA trust and context basedaccess control model for distributed systemsrdquo in Proceedingsof the Proc 10th IEEE International Conference on High Perfor-mance Computing and Communications pp 629ndash634 2008

[31] R Bhatti E Bertino and A Ghafoor ldquoA trust-based context-aware access control model for web-servicesrdquo Distributed andParallel Databases vol 18 no 1 pp 83ndash105 2005

[32] F J Pelletier ldquoMetamathematics of fuzzy logics by Petr HajekrdquoBulletin of Symbolic Logic vol 6 no 3 pp 342ndash346 2000

[33] E H Mamdani and S Assilian ldquoAn experiment in linguisticsynthesis with a fuzzy logic controllerrdquo International Journal ofMan-Machine Studies vol 7 no 1 pp 1ndash13 1975

[34] J Dombi ldquoMembership function as an evaluationrdquo Fuzzy Setsand Systems vol 35 no 1 pp 1ndash21 1990

[35] DETER Project httpsabacdeterlabnet[36] D Johnson and D Maltz ldquoDynamic source routing in Ad

Hoc wireless networksrdquo in The Kluwer International Series inEngineering and Computer Science vol 353 pp 153ndash181 1996

4 Security and Communication Networks

Table 1 The major notations and definitions

Notations Definitions119902119894 the 119894th request119901119895 the 119895th clause in policy set119886119895119896 the 119896th attribute involved in the clause 119901119895119908119895119896 the weight of 119886119895119896 in the 119901119895120585119895119896(119902119894) The fuzzy membership function for calculating the membership degree of the 119902119894 to the constraint range of attribute 119886119895119896]119895(119902119894) The fuzzy membership function for calculating the membership degree of the 119902119894 to the clause 119901119895120583(119902119894) The fuzzy membership function for calculating the membership degree of the 119902119894 to the policies119888119900119904119905(119902119894) The credit cost of special approval for the 119902119894119867 The rejection threshold (a rational number in (0 1))119888119898119886119909 The credit-line (a rational number in (0 1))119888119909 The credit value of the subject 119909 (a rational number in (0 119888119898119886119909))119903 The credit recover ratio (a rational number in (0 1))

4 FBAC

In this section we define several necessary notations at thebeginning Then we introduce the architecture of FBACbriefly and describe its workflow step by step Further wedemonstrate its essential components in detail And finallywe study a detailed case to help readers understand the FBACbetter

For convenience we only adopt granting policies(Although the policies in ABAC can be granting or denyingones they are mutually transformable) in this paper andemploy a refusal precedence principle for the decision-making process ie a granted decision would be madewhen the request meets at least one clause in the policyset

41 FBAC Model The FBAC model wraps the standardABAC as a preliminary screening module and integratesadditional decision support components for improving theresource usability thereby gaining better business timeliness

Notations Throughout this paper we use the notations inTable 1 for simplified description purpose

Architecture and Workflow As seen in Figure 1 the FBAC isbuilt upon the standard ABAC model with additional fuzzyevaluation component and credit component The first com-ponent is developed to support unattended special authoriza-tions while the second is a security remedial measure Theseadditional components are independent to standard ABACwhich contributes to the effortless integration

When a request is reached the FBAC firstly collectsthe states of related attributes of that request including theattributes of subject object context and action (Steps 1-2) After applying the policies if this request is not grantedby the standard ABAC process it will be delivered to ourfuzzy evaluation component for a further decision basedon the membership degree calculation and the rejectionthreshold filter (Step 3) The credit component will check theavailable credits of the requester and denies the request if therequester is unable to afford the credit cost for approving this

Input 119902119894 119888119909Output 119863119890119888119894119904119894119900119899 isin granted denied(1) if match any policy then(2) return granted(3) end if(4) 120583(119902119894) larr max119899119894=1(]119894(119902119894))(5) 119888119900119904119905(119902119894) larr 1 minus 120583(119902119894)(6) if 120583(119902119894) lt 119867 or 119888119909 lt 119888119900119904119905(119902119894) then(7) return denied(8) end if(9) 119888119909 larr (119888119909 minus 119888119900119904119905(119902119894))(10) return granted

Algorithm 1 The FBAC Decision-Making Procedure

exceptional request (Step 4) If the corresponding subject hassufficient credits to pay the credit cost the credit componentwill issue a prompt to ask the requester to confirm the creditconsumption (Step 5) Once confirmed by the requesterthe request will be granted and logged at the expense ofcorresponding credit consumption Note that part of theconsumed credit will be restored after audit if the subject isnot malicious Otherwise this request will be denied (Step6) The final decision is delivered to the enforcement facilitywhich will mediate the corresponding access to the objectaccordingly (Step 7) The major decision-making process isillustrated in Algorithm 1

Apart from the major decision-making process there isan audit process which will router the recorded exceptionalaccess authorizations to administrators for review periodi-cally And then the credit audit system will restore a part ofthe usersrsquo credit according to the auditing results (Step a)

Fuzzy Evaluation Component When a request 119902119894 is rejectedby the standard ABAC module because it can not exactlymatch any policy the FBAC system will turn to fuzzyevaluation component for further judgments This compo-nent will evaluate the matching degree of the 119902119894 to policiesthrough membership degree calculation Specifically for the

Security and Communication Networks 5

Confirmation Process

Subject

SAttributes

Context

CAttributes

Object

OAttributes EnforcementFacility

Result

Audit Mechanism

AcAttributes

Request

Credit

Credit Component

7

264

1

3

a

Unmatched Fuzzy EvaluationComponent

Matched

Decision Making Mechanism

StandardABAC

5

Figure 1 Architecture and workflow of FBAC

119895th clause in the policy set this component will calculate themembership degree of the request 119902119894 to that clause as follows

]119895 (119902119894) = sum119899119896=1 119908119895119896120585119895119896 (119902119894)sum119899119896=1 119908119895119896 (2)

In formula (2) 120585119895119896(119902119894) is the membership subfunctionthat maps 119902119894 to a certain membership degree according tothe matching degree of 119902119894 to the constraint range of the119896th attribute in the 119895th clause The design of 120585119895119896 is closelyrelated to the meaning of the corresponding attribute andpolicy clause and also depends on administrators subjectivelyThere exist several primary guidelines for determining themembership subfunction [34] And the most commonlyrecommended function templates include the trapezoidsubordinate function the trigonometric membership func-tion the step function etc In this paper we select thetrapezoid subordinate function and the step function fordifferent policy clauses respectively (cf Section 42) TheFBAC gives the administrators greater freedom to determinethe attributes which should be fuzzy processed based onpractical administrative needs In general the continuousattributes can be fuzzy processed while the discrete ones(eg users names) should be fully matched for obtainingfinal authorizations Additionally if the discrete attributescan be somehow transformed into continuous ones based onpartial ordered relations they can also be fuzzy processedsimilarly eg converting the discrete and hierarchical jobtitles to continuous level numbers 119908119895119896 is the weight of the

corresponding attribute Introducing weight factor enablesadministrators to adjust the influence of each attribute inthe policies so as to provide more flexible and expressivemanageability

Since there usually exist more than one clause in thepolicy set the holistic matching degree is synthesized withmaximum synthesis rules [33] as shown in the followingformula

120583 (119902119894) = 119899max119895=1

]119895 (119902119894) (3)

After obtaining the matching degree 120583(119902119894) the FBAC willcompare 120583(119902119894) with the rejection threshold 119867 If 120583(119902119894) lt 119867the request 119902119894 will be denied by FBAC Otherwise the creditcomponentwill be invoked for supporting further judgments

Credit Component and Audit Mechanism The fuzzy evalu-ation component provides users with extra access oppor-tunities without manual reviews However in spite of thebenefits in the resource usability and business timelinessthis fuzzy evaluation module poses potential threats suchas abuse issues unintentionally Therefore we build a creditcomponent combined with periodic credit adjustment audit-ing mechanism as the countermeasure to mitigate the risk ofabuse

Our credit component maintains a credit value 119888119909lowast

(119888119909lowast

isin[0 119888119898119886119909] where 119888119898119886119909 isin (0 1) is the preset credit line) foreach subject 119909lowast When the FBAC is initialized every 119888119909

lowast

willbe set as 119888119898119886119909 without discrimination During the use the

6 Security and Communication Networks

credit component will be invoked to provide further decisionsupport for the request 119902119894 if its matching degree 120583(119902119894) exceedsthe rejection threshold 119867 We define 119888119900119904119905(119902119894) = 1 minus 120583(119902119894) asthe special approval cost for the request 119902119894 with the matchingdegree 120583(119902119894) because the 119888119900119904119905(119902119894) can reflect the gap betweenthe states of the 119902119894 and the precise requirements of policiesThus the credit component will compare the credit 119888119909 ofthe requester 119909 with the corresponding special approval cost119888119900119904119905(119902119894) If 119888119909 lt 119888119900119904119905(119902119894) then a denial suggestion will beissued for the 119902119894 as the requester does not have enough creditto afford the cost Otherwise the FBAC will ask the requesterfor confirmation to consume that 119888119900119904119905(119902119894) and enforce therequester to comment reasons for the unusual request Thisadditional prompt scheme is quite useful to avoid usermisuseand is also helpful for future audits Then if the requester 119909replies in the affirmative to that credit consumption promptthe FBAC will grant the request 119902119894 by charging the requestercorresponding fee ie deducting 119888119900119904119905(119902119894) from 119888119909 In factfor individuals the FBAC would degrade to standard ABACwhen they max out their credits

Furthermore for achieving better creditmanagement andthereby controlling credit abuse risks a periodic manualaudit mechanism is also integrated into the FBAC modelDuring an audit the unusual authorization records will bereviewed by the system administrators according to all therelevant information in the system including corresponding

explanatory comments typed by requesters in the confirma-tion process Based on auditing results the audit routine willrestore credits for the users who pass checks successfullywhile disables such recovery for the suspects unless provedinnocent (More tougher punishments can be given whenthe suspect is finally proven guilty) to ensure the creditsystem works well thereby providing enough flexibility withcontrollable abuse risks

Note that the credit recovery strategy depends on theadministrator For instance our approach gives the pro-portional credit back (119903 in 100) of the margin betweenthe credit line 119888119898119886119909 and the current credit value 119888119909 (ie119888119898119886119909 minus 119888119909) after each audit process This is because wehold a conservative opinion that the special approval is acompromise for improving business timeliness which shouldnot be encouraged in routineworkTherefore the formula forcalculating new credit value 1198881015840119909 is as follows

1198881015840119909 = 119903 (119888119898119886119909 minus 119888119909) + 119888119909 where 119903 isin (0 100] (4)

42 Case Study This subsection provides a case study ofFBAC to help people understand how it works in detail

Assuming there exists an FBAC systemwith the threshold119867 = 08 119888119898119886119909 = 03 119903 = 05 and two clauses in the policy setas follows

119901119900119897119894119888119910

(1) IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 000001 2895117119873 plusmn 000001))and (119895119900119887 119905119894119905119897119890 is119898119886119899119886119892119890119903) THEN granted

(2) IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 000001 2895117119873 plusmn 000001))and (119905119894119898119890 isin [8 00 18 00]) and (119895119900119887 119905119894119905119897119890 is 119904119905119886119891119891) THEN granted

(5)

We can see that there are 3 types of attributes involvedin the policy set 119905119894119898119890 is the timestamp of the request119897119900119888119886119905119894119900119899denotes the requesterrsquos location (given in latitude andlongitude) and 119895119900119887 119905119894119905119897119890 denotes the 119904119906119887119895119890119888119905rsquos job positionThen we define the membership functions as follows

120583 (119902119894) = max (]1 (119902119894) ]2 (119902119894))]1 (119902119894) = sum

2119895=1 11990811198951205851119895 (119902119894)sum2119895=1 1199081119895

]2 (119902119894) = sum3119895=1 11990821198951205852119895 (119902119894)sum3119895=1 1199082119895

(6)

In this case we set all the attributes in the same policy tothe same weight as shown below

]1 (119902119894) = sum2119895=1 1205851119895 (119902119894)2

]2 (119902119894) = sum3119895=1 1205852119895 (119902119894)3

(7)

In order to describe 120585119894119895 we firstly predefine a function119889119894119904119905119886119899119888119890(119909 119910) to describe the distance between 119909 and 119910 inmeters Then we give the definitions of 120585119894119895 as follows12058511 (119902119894) = max(1 minus 119889119894119904119905119886119899119888119890 (119897119900119888119886119905119894119900119899 119900119891119891119894119888119890)100 0)

12058512 (119902119894) = 1 119895119900119887 119905119894119905119897119890 is1198981198861198991198861198921198901199030 otherwise

12058521 (119902119894) = 12058511 (119902119894)

12058522 (119902119894) =

2 sdot 119905119894119898119890 minus 16 119905119894119898119890 isin (75 8]1 119905119894119898119890 isin (8 18]37 minus 2 sdot 119905119894119898119890 119905119894119898119890 isin (18 185]0 otherwise

12058523 (119902119894) = 1 119895119900119887 119905119894119905119897119890 is 1199041199051198861198911198910 otherwise

(8)

Security and Communication Networks 7

Then we assume that a subject 119878 initiates a request 1199021 asfollows

1199021 =

119905119894119898119890 = 18 35119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254180119864 2895117119873)

(9)

When request 1199021 is initiated the FBAC attempts to match1199021 with policies but failsThen it turns to the fuzzy evaluationprocess As the credit cost of the 1199021 is 119888119900119904119905(1199021) asymp 1 minus 085 =015 then 015 is going to be consumed from 119888119878 for making 1199021be grantedThe systemwill ask subject 119878 for the consumptionconfirmation in order to make sure whether 119878 is willing toconsume required credits to continue Suppose that 119878 choosesto spend his credits then 1199021 is granted and 119888119878 is decreased to015

Next when 119878 try to initiate another request 1199022 later asfollows

1199022 =

119905119894119898119890 = 23 03119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254187119864 2895117119873) (10)

in the same way we get that 119888119900119904119905(1199022) asymp 019 Since 119888119878 =015 after the request 1199021 119878 can not afford the cost of the 1199022 so1199022 will be rejected directlyIn addition if 119878 passes the audit with his credit value 119888119878 =015 then 119888119878 will be restored to 0225 according to expression

(4)

5 Discussion

In this section we will briefly analyze the effect on usabilityand security of FBAC followed by complexity analyses

Usability and Security To describe the enhancive effect on theoverall resource usability of FBAC we chose the granted ratewhich is defined as the rate of the granted requests to totalrequests per unit time as a reflection of usability

Let 119880 denote the usability and 119877 denote the granted ratethen we get the following expression in which 119877119899119900119903119898119886119897 and119877119904119901119890119888119894119886119897 denote the granted rates of requests matching or notmatching policies respectively while notation ldquoproprdquo denotesthe relationship of positive correlation

119880 prop (119877 = 119877119899119900119903119898119886119897 + 119877119904119901119890119888119894119886119897) (11)

Since FBAC shares the same 119877119899119900119903119898119886119897 with its elder siblingABAC obviously the FBAC obtains extra usability improve-ment Δ119880 which is positively correlated with 119877119904119901119890119888119894119886119897 whencompared with ordinary ABAC namely

Δ119880 prop 119877119904119901119890119888119894119886119897 (12)

Naturally the configurable threshold119867 is closely associ-ated with the usability For any request 119902lowast failed in policiesmatching with overall matching degree 120583(119902lowast) we supposethat 120583(119902lowast) = 119909 obeys a probability density distribution 119891(119909)

while the probability of available credit of requester 119888lowast ge120583(119902lowast) obeys another probability density distribution ℎ(119909)then we can deduce the following relational expression

119877119904119901119890119888119894119886119897 prop int119872119886119909

119867ℎ (119909) 119891 (119909) 119889119909 (13)

Since ℎ(119909) and 119891(119909) are commonsensically positive wefind an inverse correlation between the incremental usabilityΔ119880 and the threshold119867 in expression (13) that is a lower119867leads to more approvals on requests Apparently the FBACwould deteriorate to standard ABAC if119867 tends to the upperbound ie the value 1 in our case

Not surprisingly the usability improvement also comeswith security risks As the FBAC may authorize exceptionalaccess requests which do not fully comply with the currentpolicies in some cases this feature can be abused by indiscreetusers or even be exploited by malicious users for accessingextra resources and thereby bringing additional risks to thesystem Here the deviation between the overall matchingdegree of the exceptional request (ie 120583(119902lowast)) and the closestmatching policy (the standard normalization value ldquo1rdquo) isused as the risk indicator of each exceptional authorization

Correspondingly the FBAC has effective countermea-sures to mitigate the risks induced by the fuzzy assessmentmechanism to the acceptable level Firstly as a general andindiscriminate defense the reject threshold is used to screenout high-risk requests deviating far from current policiesie any request 119902lowast with overall matching degree 120583(119902lowast) lowerthan the threshold 119867 would be declined directly becausethe FBAC is aiming at improving the flexibility and effi-ciency of exceptional authorizations rather than invalids thesecurity policies Thus the security risk of each exceptionalauthorization is limited within the controllable range 1 minus 119867Secondly the credit mechanism is used as the individualizedconstraint against the abuse attacks on the FBAC As for eachrequester each exceptional authorization definitely comeswith corresponding credit cost which is determined by therisk of that request 119902lowast (ie 119888119900119904119905(119902lowast) = 1 minus 120583(119902lowast)) In otherwords a request 119902lowast will be declined if the correspondingrequester 119909lowast does not have enough credit to afford the creditcost 119888119900119904119905(119902lowast) of the exceptional request ie 119888119909

lowast

lt 119888119900119904119905(119902lowast)Therefore the immoderate and even malicious exceptionalaccess behaviors are mitigated due to the limitation ofcredit According to the analysis above then the maximumsecurity risk of one exceptional authorization associated witha requester 119909lowast is further limited within Minimum(1 minus 119867119888119909lowast

) Meanwhile within each audit cycle the total securityrisk which can be caused by the exceptional authorizationsrelated to each single requester 119909lowast is limited below his creditvalue 119888119909

lowast

(the value at the beginning of the audit cycle) Inaddition for each subject 119909lowast the credit consumption has theadditive restrictive effect on future requests because only aportion of the already consumed credits could be restoredaccording to credit recovery mechanism Briefly the morecredits the requester used in one audit cycle the less totalamount he will have in the future which further reducesthe abuse risks of the exceptional authorizations Finallythe FBAC integrates a periodic manual audit mechanism as

8 Security and Communication Networks

Table 2 The parameter configuration

Case 119862119898119886119909 119903 119867 Time weight Location weight1 080 050 080 050 0502 080 050 085 050 0503 080 050 090 050 0504 080 050 080 040 0605 080 050 080 020 080

the post-security mechanism to review all the exceptionalauthorizations As for the suspects their credit restorationswould be suspended until proven innocent As a result theywould lose the privileges to obtain instant approvals for theirexceptional requests as their credits will keep reducing andcan not get replenished Therefore the entire risk which canbe caused by the exceptional authorizations granted for asingle suspect identified during the audits is limited withinthe credit line 119888119898119886119909

Summarily the FBAC broadens the granting bounds toa certain extent for all the requests with the help of fuzzyevaluation mechanism and limits the special approval rateof each individual requester with the help of credit andaudit mechanism thereby achieving better timely usabil-ity than standard ABAC with the controllable sacrifice ofsecurity

Complexity The complexity of access control is related tothe number of concurrent requests policies and attributescontained in each policyThemore the attributes are involvedin a policy the higher the computational complexity of thispolicy will be Generally as the granularity of access controlbecomes finer the complexity of policy increases and the timecost of decision-making process also grows slightly and tendsto flatten out

Assuming there are 119898 policies and 119899 attributes thenumber of requests that occur at the same time in thesystem is 119896 the computational complexity of a basicmatchingprocess is 119874(1) in original ABAC model In the worst caseeach policy and attribute needs a matching calculation andthus the complexity of a single decision is 119874(119898119899) Becausecomplexity is proportional to the number of requests made

simultaneously the total computational complexity of thewhole system is 119874(119896119898119899)

Correspondingly the computational complexity of both abasic matching process and credit evaluation process in ourFBAC model is also 119874(1) that is to say the complexity of asingle decision is still 119874(119898119899) thus the total computationalcomplexity remains at 119874(119896119898119899)

Compared with the standard ABAC model our FBACmodel has two additional processes the credit-based judg-ment and the fuzzy assessment which is a little com-plex than the simple yesno decision And the over-head of both parts can be considered of the same orderof magnitude as the former This explains why bothmodels (ie ABAC and FBAC) have the same com-putational complexity It also shows that the impact ofFBAC in terms of performance is within an acceptablerange

6 Experimental Evaluation

We developed an FBAC prototype to evaluate its availabilitysecurity and performance through several experiments

61 Test Scenarios By modifying the ABAC source codes ofDeter Project [35] we implemented a prototype of FBACand deployed it to 5 virtual servers on a single physicalmachine (64-bit CentOS 7 4vCPUs (i5-7500 34GHz) 16GBRAM 1TB Storage supported by OpenStack (Pike v3120))for experiments

In our FBAC systems we firstly configured the followingpolicy set and set the audit time interval to one weekuniformly

119901119900119897119894119888119910 IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 00001 2895117119873 plusmn 00001))and (119905119894119898119890 isin [8 00 18 00]) THEN granted

(14)

And then we conducted four experiments with respectiveFBAC configuration parameters shown in Table 2 And ineach experiment we simulated 500 users to initiate requeststo FBAC servers These users follows Poisson distributionin time and move around according to Random Way Point(RWP) [36] model to fit the mobile features The simulationsystem will randomly regenerate the destination and themoving speed for each user every 30 minutes Addition-ally we also introduced small noises (plusmn10m) randomly to

usersrsquo location coordinate data for simulating the fluctuationsin the real positioning system These users were set asldquobenignrdquo or ldquomaliciousrdquo separately with several different userbehavioral patterns correspondingly to generate requestingdata Furthermore we set that benign users will aborttheir requests randomly in responding to credit misuseprompts whereas malicious users will not according to theknowledge that benign users are more compliance withrules

Security and Communication Networks 9

0

10

20

30G

rant

ed R

atio

7 14 21 280Time (day)

Figure 2 The average granted ratio of requests

benign usersmalicious users

0

10

20

30

40

Gra

nted

Rat

io

7 14 21 280Time (day)

Figure 3 119877119904119901119890119888119894119886119897 of benign and malicious users

Note that in the fourth and fifth cases we forced all theusers to obey the time restriction to articulate the effect ofattribute weights

The experiments last for four weeks and each audit periodis 5 days long All the access histories are recorded in accesslogs for further analyses

62 Analysis

Usability As the granted ratio of requests which fail to meetpolicies (denoted by 119877119904119901119890119888119894119886119897) reflects the extra improvementon immediate resource usability we count up such averagegranted rate based on the Case 1 as shown in Figure 2We canlearn that the average granting rate of exceptional requests ismaintained in a positive range during the experiment whichillustrates the usability increment of FBAC compared withABAC through the employment of fuzzy evaluation method

Security Again based on Case 1 we evaluated the resistanceof FBAC against security risks Figure 3 shows the granted

Table 3 The time cost of the decision-making process

Model Average time (ms) Best time (ms) Worse time (ms)FBAC 0033 0019 0245ABAC 0017 0002 0081

ratios of both benign and malicious user respectively It isclear that 119877119904119901119890119888119894119886119897 of benign users is limited to a certain upperbound by the threshold particularly below 35 in Case 1while that of malicious users is even far lower throughout thetest duration Furthermore it also illustrates that such ratesof both benign and malicious users are further constrainedby credit mechanism With the consumption and partialrecovery of credits controlled by credit and audit mechanism119877119904119901119890119888119894119886119897 of benign users reveals a hysteretic declined trendwithin each audit cycle and will fluctuate along with auditcycles during the testing period When it comes to malicioususers this ratio is decreasing continuously over audit cyclesand is gradually converging to 0

Such results demonstrate that the threshold providesa general and coarse-grained restriction on requests whilecredit system supplies additive restrictive effect on therequests in each audit cycle In addition the auditmechanismis effective in limiting 119877119904119901119890119888119894119886119897 of users with malicious orabnormal behaviors as their credits will be used up easilyand can hardly be restored because of the audit mechanismTherefore the FBAC is sufficient to defend against abuseattacks

Parameter Effects We have tuned two major regulativeparameters in FBAC to explore their potential influence

(1) Threshold To study the impact of the reject threshold weincreased the threshold119867 by 005 in Case 1 Case 2 and Case3 gradually Unsurprisingly Figure 4 illustrates that 119877119904119901119890119888119894119886119897 inFBAC is closely related to the threshold 119867 ie the higher119867 is the lower the granted rate will be Besides although alow119867may accelerate the credit consumption which in turnaffects the granted rate due to the rejection cases caused bycredit insufficiency this side effect is unable to impact themain trend on a macroscale

(2) Attribute Weight When it comes to the attribute weights Cases 4 and 5 were selected for comparison as theyset the time variable to fixed value by obeying the timerestriction and share the same 119862119898119886119909 and 119867 parametersAs seen in Figure 5 the bigger weight coefficient for thelocation attribute in Case 5 leads to a lower granted rate whencompared with that of Case 4 This shows that the weightmechanism can effectively adjust the overall impact of eachattribute on the decision-making process

PerformanceWe evaluated the time cost of decision-makingprocesses of both FBAC and ABAC to measure the per-formance According to the results in Table 3 althoughFBAC wraps ABAC and adds additional mechanisms formaking authorization decisions it only incurs quite light and

10 Security and Communication Networks

0

10

20

30

7 14 21 280Time (day)

(a) 119867 = 080

0

10

20

30

7 14 21 280Time (day)

(b) 119867 = 085

0

10

20

30

7 14 21 280Time (day)

(c) 119867 = 090

Figure 4 119877119904119901119890119888119894119886119897 under different thresholds

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(a) 119908119905 = 04 119908119897 = 06

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(b) 119908119905 = 02 119908119897 = 08

Figure 5 119877119904119901119890119888119894119886119897 under different attribute weights

acceptable overhead in average compared with ABAC whichis almost imperceptible to requesters

7 Conclusion

In this paper a feasible FBAC technique is proposed thatimproves upon the standard ABAC paradigmwith good flex-ibility and time efficiency in dealing with exceptional urgentrequests which do not comfort to policies in the dynamic andunpredictable environment Beyond ABAC we use a fuzzyevaluation method to do unattended special authorizationsfor exceptional requests that failed in policy matching Wealso use credit and corresponding audit mechanisms to limitthe abuse risk of special approvals A tangible example is givento explain the working details which indicates the suitabilityof FBAC in mobile and dynamic scenarios In additionthe theoretical analyses and experimental evaluations showthat the FBAC paradigm reinforces the system in favor oftime efficiency and usability with the controllable expense ofsecurity

In future work we would like to further refine theauthorization decision-making scheme with the support ofthe latest deep learning techniques (eg neural network)to discover benign and riskful access patterns based onthe access behavior mining for helping the FBAC betterdistinguish between benign and malicious requests thereby

enabling more intelligent and accurate handling for excep-tional access cases Moreover we also believe that deployingthe FBAC system in Chinarsquos current Xiangyamedical big datasystemwould havemore practical and exploratorymeanings

Disclosure

This work was presented in part at the SpaCCS 2017Guangzhou China 12ndash15 December 2017

Conflicts of Interest

The authors declare that there are no conflicts of interest

Acknowledgments

This work was supported in part by the National NaturalScience Foundation of China under Grants 61702562 and61472451 the Mobile Health Ministry of Education-ChinaMobile Joint Laboratory the Hunan Provincial Innova-tion Foundation for Postgraduate under Grant CX2015B047the China Scholarship Council Foundation under Grant201506370106 the Guangdong Provincial Natural ScienceFoundation under Grant 2017A030308006 and the JointResearch Project between Tencent andCentral SouthUniver-sity

Security and Communication Networks 11

References

[1] G Fettweis and S Alamouti ldquo5G personal mobile internetbeyond what cellular did to telephonyrdquo IEEE CommunicationsMagazine vol 52 no 2 pp 140ndash145 2014

[2] Y Zhang K Guo J Ren J Wang and J Chen ldquoTransparentcomputing A promising network computing paradigmrdquo Com-puting in Science Engineering vol 19 no 1 p 20 2017

[3] Y Zhang J Ren J Liu C Xu H Guo and Y Liu ldquoA surveyon emerging computing paradigms for big datardquo Journal ofElectronics vol 26 no 1 pp 1ndash12 2017

[4] J He Y Zhang J Lu M Wu and F Huang ldquoBlock-Stream as aService A More Secure Nimble and Dynamically BalancedCloud Service Model for Ambient Computingrdquo IEEE Networkvol 32 no 1 pp 126ndash132 2018

[5] T Peng Q Liu and G Wang ldquoA multilevel access controlscheme for data security in transparent computingrdquo Computingin Science amp Engineering vol 19 no 1 Article ID 7802524 pp46ndash53 2017

[6] I Hardill and A Green ldquoRemote working - Altering the spatialcontours of work and home in the new economyrdquoNew Technol-ogy Work and Employment vol 18 no 3 pp 212ndash222 2003

[7] AM French C Guo and J P Shim ldquoCurrent status issues andfuture of bring your own device (BYOD)rdquo CAIS vol 35 pp 1ndash10 2014

[8] D F Ferraiolo R S Sandhu S Gavrila D R Kuhn and RChandramouli ldquoProposed NIST standard for role-based accesscontrolrdquoACMTransactions on Information and System Securityvol 4 no 3 pp 224ndash274 2001

[9] S Upadhyaya ldquoMandatory access controlrdquo in Encyclopedia ofCryptography and Security pp 756ndash758 Springer 2011

[10] L Liu and M Tamer Ozsu ldquoDiscretionary access controlrdquo inEncyclopedia of Database Systems pp 864ndash866 Springer 2009

[11] V C Hu D Ferraiolo R Kuhn et al ldquoGuide to Attribute BasedAccess Control (ABAC) Definition and Considerationsrdquo Na-tional Institute of Standards and Technology NIST SP 800-1622014

[12] V C Hu D R Kuhn and D F Ferraiolo ldquoAttribute-basedaccess controlrdquoThe Computer Journal vol 48 no 2 Article ID7042715 pp 85ndash88 2015

[13] D Servos and S L Osborn ldquoCurrent research and openproblems in attribute-based access controlrdquo ACM ComputingSurveys vol 49 no 4 article no 65 2017

[14] X Li D Feng Z Chen and Z Fang ldquoModel for attribute basedaccess controlrdquo Journal on Communications vol 29 no 4 pp90ndash98 2008

[15] X JinAttribute-based access control models and implementationin cloud infrastructure as a service [PhD thesis] The Universityof Texas at San Antonio 2014 PhD dissertation

[16] M Sookhak F R Yu M K Khan Y Xiang and R BuyyaldquoAttribute-based data access control in mobile cloud comput-ing Taxonomy and open issuesrdquo Future Generation ComputerSystems vol 72 pp 273ndash287 2017

[17] B Lang I Foster F Siebenlist R Ananthakrishnan andT Free-man ldquoA flexible attribute based access control method for gridcomputingrdquo Journal of GridComputing vol 7 no 2 pp 169ndash1802009

[18] C Ngo Y Demchenko and C De Laat ldquoMulti-tenant attribute-based access control for cloud infrastructure servicesrdquo Journalof Information Security and Applications vol 27-28 pp 65ndash842016

[19] Y XuWGaoQ Zeng GWang J Ren andY Zhang ldquoFABACA flexible fuzzy attribute-based access control mechanismrdquo inProceedings of the Proc 10th International Conference on Secu-rity Privacy and Anonymity in Computation Communicationand Storage pp 332ndash343 Springer 2017 pp 332-343

[20] X Liu Q Liu T Peng and J Wu ldquoDynamic access policy incloud-based personal health record (PHR) systemsrdquo Informa-tion Sciences vol 379 pp 62ndash81 2017

[21] IBM Corporation httpswwwibmcomsupportknowledge-centerenSSNGTE 700comibmtspmdoc 70installconceptAttributeBasedAccessControlhtm

[22] ldquoCisco Systems Incrdquo httpswwwciscocomcenustddocssecurityasaasa97asdm77firewallasdm-77-firewall-configvirtual-access-vm-attributespdf

[23] Axiomatics httpswwwaxiomaticscom[24] Jericho SystemsCorporation httpswwwjerichosystemscom

technologyglossarytermsattribute based access controlhtml[25] C Martnez-Garca G Navarro-Arribas and J Borrell Fuzzy

role-based access control vol 111 of Information ProcessingLetters Elsevier 2011 pp 483-487

[26] P-C Cheng P Rohatgi C Keser P A Karger G M Wagnerand A S Reninger ldquoFuzzy multi-level security an experimenton quantified risk-adaptive access controlrdquo in Proceedings of theIEEE Symposium on Security and Privacy (SP rsquo07) pp 222ndash230IEEE Berkeley Calif USA May 2007

[27] N Dimmock A Belokosztolszki D Eyers J Bacon and KMoody ldquoUsing trust and risk in role-based access controlpoliciesrdquo in Proceedings of the Proceedings on the Ninth ACMSymposium on Access Control Models and Technologies SAC-MAT 2004 pp 156ndash162 usa June 2004

[28] Y LiThe research of access control mechanism based on attiubuteand trust evaluation Masters thesis [Master thesis] SouthwestJiaotong University 2016

[29] P NMahalle P AThakre N R Prasad and R Prasad ldquoA fuzzyapproach to trust based access control in internet of thingsrdquo inProceedings of the Proc 3rd International Conference onWirelessCommunications Vehicular Technology InformationTheory andAerospace Electronic Systems (VITAE pp 1ndash5 2013

[30] F Feng C Lin D Peng and J Li ldquoA trust and context basedaccess control model for distributed systemsrdquo in Proceedingsof the Proc 10th IEEE International Conference on High Perfor-mance Computing and Communications pp 629ndash634 2008

[31] R Bhatti E Bertino and A Ghafoor ldquoA trust-based context-aware access control model for web-servicesrdquo Distributed andParallel Databases vol 18 no 1 pp 83ndash105 2005

[32] F J Pelletier ldquoMetamathematics of fuzzy logics by Petr HajekrdquoBulletin of Symbolic Logic vol 6 no 3 pp 342ndash346 2000

[33] E H Mamdani and S Assilian ldquoAn experiment in linguisticsynthesis with a fuzzy logic controllerrdquo International Journal ofMan-Machine Studies vol 7 no 1 pp 1ndash13 1975

[34] J Dombi ldquoMembership function as an evaluationrdquo Fuzzy Setsand Systems vol 35 no 1 pp 1ndash21 1990

[35] DETER Project httpsabacdeterlabnet[36] D Johnson and D Maltz ldquoDynamic source routing in Ad

Hoc wireless networksrdquo in The Kluwer International Series inEngineering and Computer Science vol 353 pp 153ndash181 1996

Security and Communication Networks 5

Confirmation Process

Subject

SAttributes

Context

CAttributes

Object

OAttributes EnforcementFacility

Result

Audit Mechanism

AcAttributes

Request

Credit

Credit Component

7

264

1

3

a

Unmatched Fuzzy EvaluationComponent

Matched

Decision Making Mechanism

StandardABAC

5

Figure 1 Architecture and workflow of FBAC

119895th clause in the policy set this component will calculate themembership degree of the request 119902119894 to that clause as follows

]119895 (119902119894) = sum119899119896=1 119908119895119896120585119895119896 (119902119894)sum119899119896=1 119908119895119896 (2)

In formula (2) 120585119895119896(119902119894) is the membership subfunctionthat maps 119902119894 to a certain membership degree according tothe matching degree of 119902119894 to the constraint range of the119896th attribute in the 119895th clause The design of 120585119895119896 is closelyrelated to the meaning of the corresponding attribute andpolicy clause and also depends on administrators subjectivelyThere exist several primary guidelines for determining themembership subfunction [34] And the most commonlyrecommended function templates include the trapezoidsubordinate function the trigonometric membership func-tion the step function etc In this paper we select thetrapezoid subordinate function and the step function fordifferent policy clauses respectively (cf Section 42) TheFBAC gives the administrators greater freedom to determinethe attributes which should be fuzzy processed based onpractical administrative needs In general the continuousattributes can be fuzzy processed while the discrete ones(eg users names) should be fully matched for obtainingfinal authorizations Additionally if the discrete attributescan be somehow transformed into continuous ones based onpartial ordered relations they can also be fuzzy processedsimilarly eg converting the discrete and hierarchical jobtitles to continuous level numbers 119908119895119896 is the weight of the

corresponding attribute Introducing weight factor enablesadministrators to adjust the influence of each attribute inthe policies so as to provide more flexible and expressivemanageability

Since there usually exist more than one clause in thepolicy set the holistic matching degree is synthesized withmaximum synthesis rules [33] as shown in the followingformula

120583 (119902119894) = 119899max119895=1

]119895 (119902119894) (3)

After obtaining the matching degree 120583(119902119894) the FBAC willcompare 120583(119902119894) with the rejection threshold 119867 If 120583(119902119894) lt 119867the request 119902119894 will be denied by FBAC Otherwise the creditcomponentwill be invoked for supporting further judgments

Credit Component and Audit Mechanism The fuzzy evalu-ation component provides users with extra access oppor-tunities without manual reviews However in spite of thebenefits in the resource usability and business timelinessthis fuzzy evaluation module poses potential threats suchas abuse issues unintentionally Therefore we build a creditcomponent combined with periodic credit adjustment audit-ing mechanism as the countermeasure to mitigate the risk ofabuse

Our credit component maintains a credit value 119888119909lowast

(119888119909lowast

isin[0 119888119898119886119909] where 119888119898119886119909 isin (0 1) is the preset credit line) foreach subject 119909lowast When the FBAC is initialized every 119888119909

lowast

willbe set as 119888119898119886119909 without discrimination During the use the

6 Security and Communication Networks

credit component will be invoked to provide further decisionsupport for the request 119902119894 if its matching degree 120583(119902119894) exceedsthe rejection threshold 119867 We define 119888119900119904119905(119902119894) = 1 minus 120583(119902119894) asthe special approval cost for the request 119902119894 with the matchingdegree 120583(119902119894) because the 119888119900119904119905(119902119894) can reflect the gap betweenthe states of the 119902119894 and the precise requirements of policiesThus the credit component will compare the credit 119888119909 ofthe requester 119909 with the corresponding special approval cost119888119900119904119905(119902119894) If 119888119909 lt 119888119900119904119905(119902119894) then a denial suggestion will beissued for the 119902119894 as the requester does not have enough creditto afford the cost Otherwise the FBAC will ask the requesterfor confirmation to consume that 119888119900119904119905(119902119894) and enforce therequester to comment reasons for the unusual request Thisadditional prompt scheme is quite useful to avoid usermisuseand is also helpful for future audits Then if the requester 119909replies in the affirmative to that credit consumption promptthe FBAC will grant the request 119902119894 by charging the requestercorresponding fee ie deducting 119888119900119904119905(119902119894) from 119888119909 In factfor individuals the FBAC would degrade to standard ABACwhen they max out their credits

Furthermore for achieving better creditmanagement andthereby controlling credit abuse risks a periodic manualaudit mechanism is also integrated into the FBAC modelDuring an audit the unusual authorization records will bereviewed by the system administrators according to all therelevant information in the system including corresponding

explanatory comments typed by requesters in the confirma-tion process Based on auditing results the audit routine willrestore credits for the users who pass checks successfullywhile disables such recovery for the suspects unless provedinnocent (More tougher punishments can be given whenthe suspect is finally proven guilty) to ensure the creditsystem works well thereby providing enough flexibility withcontrollable abuse risks

Note that the credit recovery strategy depends on theadministrator For instance our approach gives the pro-portional credit back (119903 in 100) of the margin betweenthe credit line 119888119898119886119909 and the current credit value 119888119909 (ie119888119898119886119909 minus 119888119909) after each audit process This is because wehold a conservative opinion that the special approval is acompromise for improving business timeliness which shouldnot be encouraged in routineworkTherefore the formula forcalculating new credit value 1198881015840119909 is as follows

1198881015840119909 = 119903 (119888119898119886119909 minus 119888119909) + 119888119909 where 119903 isin (0 100] (4)

42 Case Study This subsection provides a case study ofFBAC to help people understand how it works in detail

Assuming there exists an FBAC systemwith the threshold119867 = 08 119888119898119886119909 = 03 119903 = 05 and two clauses in the policy setas follows

119901119900119897119894119888119910

(1) IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 000001 2895117119873 plusmn 000001))and (119895119900119887 119905119894119905119897119890 is119898119886119899119886119892119890119903) THEN granted

(2) IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 000001 2895117119873 plusmn 000001))and (119905119894119898119890 isin [8 00 18 00]) and (119895119900119887 119905119894119905119897119890 is 119904119905119886119891119891) THEN granted

(5)

We can see that there are 3 types of attributes involvedin the policy set 119905119894119898119890 is the timestamp of the request119897119900119888119886119905119894119900119899denotes the requesterrsquos location (given in latitude andlongitude) and 119895119900119887 119905119894119905119897119890 denotes the 119904119906119887119895119890119888119905rsquos job positionThen we define the membership functions as follows

120583 (119902119894) = max (]1 (119902119894) ]2 (119902119894))]1 (119902119894) = sum

2119895=1 11990811198951205851119895 (119902119894)sum2119895=1 1199081119895

]2 (119902119894) = sum3119895=1 11990821198951205852119895 (119902119894)sum3119895=1 1199082119895

(6)

In this case we set all the attributes in the same policy tothe same weight as shown below

]1 (119902119894) = sum2119895=1 1205851119895 (119902119894)2

]2 (119902119894) = sum3119895=1 1205852119895 (119902119894)3

(7)

In order to describe 120585119894119895 we firstly predefine a function119889119894119904119905119886119899119888119890(119909 119910) to describe the distance between 119909 and 119910 inmeters Then we give the definitions of 120585119894119895 as follows12058511 (119902119894) = max(1 minus 119889119894119904119905119886119899119888119890 (119897119900119888119886119905119894119900119899 119900119891119891119894119888119890)100 0)

12058512 (119902119894) = 1 119895119900119887 119905119894119905119897119890 is1198981198861198991198861198921198901199030 otherwise

12058521 (119902119894) = 12058511 (119902119894)

12058522 (119902119894) =

2 sdot 119905119894119898119890 minus 16 119905119894119898119890 isin (75 8]1 119905119894119898119890 isin (8 18]37 minus 2 sdot 119905119894119898119890 119905119894119898119890 isin (18 185]0 otherwise

12058523 (119902119894) = 1 119895119900119887 119905119894119905119897119890 is 1199041199051198861198911198910 otherwise

(8)

Security and Communication Networks 7

Then we assume that a subject 119878 initiates a request 1199021 asfollows

1199021 =

119905119894119898119890 = 18 35119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254180119864 2895117119873)

(9)

When request 1199021 is initiated the FBAC attempts to match1199021 with policies but failsThen it turns to the fuzzy evaluationprocess As the credit cost of the 1199021 is 119888119900119904119905(1199021) asymp 1 minus 085 =015 then 015 is going to be consumed from 119888119878 for making 1199021be grantedThe systemwill ask subject 119878 for the consumptionconfirmation in order to make sure whether 119878 is willing toconsume required credits to continue Suppose that 119878 choosesto spend his credits then 1199021 is granted and 119888119878 is decreased to015

Next when 119878 try to initiate another request 1199022 later asfollows

1199022 =

119905119894119898119890 = 23 03119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254187119864 2895117119873) (10)

in the same way we get that 119888119900119904119905(1199022) asymp 019 Since 119888119878 =015 after the request 1199021 119878 can not afford the cost of the 1199022 so1199022 will be rejected directlyIn addition if 119878 passes the audit with his credit value 119888119878 =015 then 119888119878 will be restored to 0225 according to expression

(4)

5 Discussion

In this section we will briefly analyze the effect on usabilityand security of FBAC followed by complexity analyses

Usability and Security To describe the enhancive effect on theoverall resource usability of FBAC we chose the granted ratewhich is defined as the rate of the granted requests to totalrequests per unit time as a reflection of usability

Let 119880 denote the usability and 119877 denote the granted ratethen we get the following expression in which 119877119899119900119903119898119886119897 and119877119904119901119890119888119894119886119897 denote the granted rates of requests matching or notmatching policies respectively while notation ldquoproprdquo denotesthe relationship of positive correlation

119880 prop (119877 = 119877119899119900119903119898119886119897 + 119877119904119901119890119888119894119886119897) (11)

Since FBAC shares the same 119877119899119900119903119898119886119897 with its elder siblingABAC obviously the FBAC obtains extra usability improve-ment Δ119880 which is positively correlated with 119877119904119901119890119888119894119886119897 whencompared with ordinary ABAC namely

Δ119880 prop 119877119904119901119890119888119894119886119897 (12)

Naturally the configurable threshold119867 is closely associ-ated with the usability For any request 119902lowast failed in policiesmatching with overall matching degree 120583(119902lowast) we supposethat 120583(119902lowast) = 119909 obeys a probability density distribution 119891(119909)

while the probability of available credit of requester 119888lowast ge120583(119902lowast) obeys another probability density distribution ℎ(119909)then we can deduce the following relational expression

119877119904119901119890119888119894119886119897 prop int119872119886119909

119867ℎ (119909) 119891 (119909) 119889119909 (13)

Since ℎ(119909) and 119891(119909) are commonsensically positive wefind an inverse correlation between the incremental usabilityΔ119880 and the threshold119867 in expression (13) that is a lower119867leads to more approvals on requests Apparently the FBACwould deteriorate to standard ABAC if119867 tends to the upperbound ie the value 1 in our case

Not surprisingly the usability improvement also comeswith security risks As the FBAC may authorize exceptionalaccess requests which do not fully comply with the currentpolicies in some cases this feature can be abused by indiscreetusers or even be exploited by malicious users for accessingextra resources and thereby bringing additional risks to thesystem Here the deviation between the overall matchingdegree of the exceptional request (ie 120583(119902lowast)) and the closestmatching policy (the standard normalization value ldquo1rdquo) isused as the risk indicator of each exceptional authorization

Correspondingly the FBAC has effective countermea-sures to mitigate the risks induced by the fuzzy assessmentmechanism to the acceptable level Firstly as a general andindiscriminate defense the reject threshold is used to screenout high-risk requests deviating far from current policiesie any request 119902lowast with overall matching degree 120583(119902lowast) lowerthan the threshold 119867 would be declined directly becausethe FBAC is aiming at improving the flexibility and effi-ciency of exceptional authorizations rather than invalids thesecurity policies Thus the security risk of each exceptionalauthorization is limited within the controllable range 1 minus 119867Secondly the credit mechanism is used as the individualizedconstraint against the abuse attacks on the FBAC As for eachrequester each exceptional authorization definitely comeswith corresponding credit cost which is determined by therisk of that request 119902lowast (ie 119888119900119904119905(119902lowast) = 1 minus 120583(119902lowast)) In otherwords a request 119902lowast will be declined if the correspondingrequester 119909lowast does not have enough credit to afford the creditcost 119888119900119904119905(119902lowast) of the exceptional request ie 119888119909

lowast

lt 119888119900119904119905(119902lowast)Therefore the immoderate and even malicious exceptionalaccess behaviors are mitigated due to the limitation ofcredit According to the analysis above then the maximumsecurity risk of one exceptional authorization associated witha requester 119909lowast is further limited within Minimum(1 minus 119867119888119909lowast

) Meanwhile within each audit cycle the total securityrisk which can be caused by the exceptional authorizationsrelated to each single requester 119909lowast is limited below his creditvalue 119888119909

lowast

(the value at the beginning of the audit cycle) Inaddition for each subject 119909lowast the credit consumption has theadditive restrictive effect on future requests because only aportion of the already consumed credits could be restoredaccording to credit recovery mechanism Briefly the morecredits the requester used in one audit cycle the less totalamount he will have in the future which further reducesthe abuse risks of the exceptional authorizations Finallythe FBAC integrates a periodic manual audit mechanism as

8 Security and Communication Networks

Table 2 The parameter configuration

Case 119862119898119886119909 119903 119867 Time weight Location weight1 080 050 080 050 0502 080 050 085 050 0503 080 050 090 050 0504 080 050 080 040 0605 080 050 080 020 080

the post-security mechanism to review all the exceptionalauthorizations As for the suspects their credit restorationswould be suspended until proven innocent As a result theywould lose the privileges to obtain instant approvals for theirexceptional requests as their credits will keep reducing andcan not get replenished Therefore the entire risk which canbe caused by the exceptional authorizations granted for asingle suspect identified during the audits is limited withinthe credit line 119888119898119886119909

Summarily the FBAC broadens the granting bounds toa certain extent for all the requests with the help of fuzzyevaluation mechanism and limits the special approval rateof each individual requester with the help of credit andaudit mechanism thereby achieving better timely usabil-ity than standard ABAC with the controllable sacrifice ofsecurity

Complexity The complexity of access control is related tothe number of concurrent requests policies and attributescontained in each policyThemore the attributes are involvedin a policy the higher the computational complexity of thispolicy will be Generally as the granularity of access controlbecomes finer the complexity of policy increases and the timecost of decision-making process also grows slightly and tendsto flatten out

Assuming there are 119898 policies and 119899 attributes thenumber of requests that occur at the same time in thesystem is 119896 the computational complexity of a basicmatchingprocess is 119874(1) in original ABAC model In the worst caseeach policy and attribute needs a matching calculation andthus the complexity of a single decision is 119874(119898119899) Becausecomplexity is proportional to the number of requests made

simultaneously the total computational complexity of thewhole system is 119874(119896119898119899)

Correspondingly the computational complexity of both abasic matching process and credit evaluation process in ourFBAC model is also 119874(1) that is to say the complexity of asingle decision is still 119874(119898119899) thus the total computationalcomplexity remains at 119874(119896119898119899)

Compared with the standard ABAC model our FBACmodel has two additional processes the credit-based judg-ment and the fuzzy assessment which is a little com-plex than the simple yesno decision And the over-head of both parts can be considered of the same orderof magnitude as the former This explains why bothmodels (ie ABAC and FBAC) have the same com-putational complexity It also shows that the impact ofFBAC in terms of performance is within an acceptablerange

6 Experimental Evaluation

We developed an FBAC prototype to evaluate its availabilitysecurity and performance through several experiments

61 Test Scenarios By modifying the ABAC source codes ofDeter Project [35] we implemented a prototype of FBACand deployed it to 5 virtual servers on a single physicalmachine (64-bit CentOS 7 4vCPUs (i5-7500 34GHz) 16GBRAM 1TB Storage supported by OpenStack (Pike v3120))for experiments

In our FBAC systems we firstly configured the followingpolicy set and set the audit time interval to one weekuniformly

119901119900119897119894119888119910 IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 00001 2895117119873 plusmn 00001))and (119905119894119898119890 isin [8 00 18 00]) THEN granted

(14)

And then we conducted four experiments with respectiveFBAC configuration parameters shown in Table 2 And ineach experiment we simulated 500 users to initiate requeststo FBAC servers These users follows Poisson distributionin time and move around according to Random Way Point(RWP) [36] model to fit the mobile features The simulationsystem will randomly regenerate the destination and themoving speed for each user every 30 minutes Addition-ally we also introduced small noises (plusmn10m) randomly to

usersrsquo location coordinate data for simulating the fluctuationsin the real positioning system These users were set asldquobenignrdquo or ldquomaliciousrdquo separately with several different userbehavioral patterns correspondingly to generate requestingdata Furthermore we set that benign users will aborttheir requests randomly in responding to credit misuseprompts whereas malicious users will not according to theknowledge that benign users are more compliance withrules

Security and Communication Networks 9

0

10

20

30G

rant

ed R

atio

7 14 21 280Time (day)

Figure 2 The average granted ratio of requests

benign usersmalicious users

0

10

20

30

40

Gra

nted

Rat

io

7 14 21 280Time (day)

Figure 3 119877119904119901119890119888119894119886119897 of benign and malicious users

Note that in the fourth and fifth cases we forced all theusers to obey the time restriction to articulate the effect ofattribute weights

The experiments last for four weeks and each audit periodis 5 days long All the access histories are recorded in accesslogs for further analyses

62 Analysis

Usability As the granted ratio of requests which fail to meetpolicies (denoted by 119877119904119901119890119888119894119886119897) reflects the extra improvementon immediate resource usability we count up such averagegranted rate based on the Case 1 as shown in Figure 2We canlearn that the average granting rate of exceptional requests ismaintained in a positive range during the experiment whichillustrates the usability increment of FBAC compared withABAC through the employment of fuzzy evaluation method

Security Again based on Case 1 we evaluated the resistanceof FBAC against security risks Figure 3 shows the granted

Table 3 The time cost of the decision-making process

Model Average time (ms) Best time (ms) Worse time (ms)FBAC 0033 0019 0245ABAC 0017 0002 0081

ratios of both benign and malicious user respectively It isclear that 119877119904119901119890119888119894119886119897 of benign users is limited to a certain upperbound by the threshold particularly below 35 in Case 1while that of malicious users is even far lower throughout thetest duration Furthermore it also illustrates that such ratesof both benign and malicious users are further constrainedby credit mechanism With the consumption and partialrecovery of credits controlled by credit and audit mechanism119877119904119901119890119888119894119886119897 of benign users reveals a hysteretic declined trendwithin each audit cycle and will fluctuate along with auditcycles during the testing period When it comes to malicioususers this ratio is decreasing continuously over audit cyclesand is gradually converging to 0

Such results demonstrate that the threshold providesa general and coarse-grained restriction on requests whilecredit system supplies additive restrictive effect on therequests in each audit cycle In addition the auditmechanismis effective in limiting 119877119904119901119890119888119894119886119897 of users with malicious orabnormal behaviors as their credits will be used up easilyand can hardly be restored because of the audit mechanismTherefore the FBAC is sufficient to defend against abuseattacks

Parameter Effects We have tuned two major regulativeparameters in FBAC to explore their potential influence

(1) Threshold To study the impact of the reject threshold weincreased the threshold119867 by 005 in Case 1 Case 2 and Case3 gradually Unsurprisingly Figure 4 illustrates that 119877119904119901119890119888119894119886119897 inFBAC is closely related to the threshold 119867 ie the higher119867 is the lower the granted rate will be Besides although alow119867may accelerate the credit consumption which in turnaffects the granted rate due to the rejection cases caused bycredit insufficiency this side effect is unable to impact themain trend on a macroscale

(2) Attribute Weight When it comes to the attribute weights Cases 4 and 5 were selected for comparison as theyset the time variable to fixed value by obeying the timerestriction and share the same 119862119898119886119909 and 119867 parametersAs seen in Figure 5 the bigger weight coefficient for thelocation attribute in Case 5 leads to a lower granted rate whencompared with that of Case 4 This shows that the weightmechanism can effectively adjust the overall impact of eachattribute on the decision-making process

PerformanceWe evaluated the time cost of decision-makingprocesses of both FBAC and ABAC to measure the per-formance According to the results in Table 3 althoughFBAC wraps ABAC and adds additional mechanisms formaking authorization decisions it only incurs quite light and

10 Security and Communication Networks

0

10

20

30

7 14 21 280Time (day)

(a) 119867 = 080

0

10

20

30

7 14 21 280Time (day)

(b) 119867 = 085

0

10

20

30

7 14 21 280Time (day)

(c) 119867 = 090

Figure 4 119877119904119901119890119888119894119886119897 under different thresholds

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(a) 119908119905 = 04 119908119897 = 06

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(b) 119908119905 = 02 119908119897 = 08

Figure 5 119877119904119901119890119888119894119886119897 under different attribute weights

acceptable overhead in average compared with ABAC whichis almost imperceptible to requesters

7 Conclusion

In this paper a feasible FBAC technique is proposed thatimproves upon the standard ABAC paradigmwith good flex-ibility and time efficiency in dealing with exceptional urgentrequests which do not comfort to policies in the dynamic andunpredictable environment Beyond ABAC we use a fuzzyevaluation method to do unattended special authorizationsfor exceptional requests that failed in policy matching Wealso use credit and corresponding audit mechanisms to limitthe abuse risk of special approvals A tangible example is givento explain the working details which indicates the suitabilityof FBAC in mobile and dynamic scenarios In additionthe theoretical analyses and experimental evaluations showthat the FBAC paradigm reinforces the system in favor oftime efficiency and usability with the controllable expense ofsecurity

In future work we would like to further refine theauthorization decision-making scheme with the support ofthe latest deep learning techniques (eg neural network)to discover benign and riskful access patterns based onthe access behavior mining for helping the FBAC betterdistinguish between benign and malicious requests thereby

enabling more intelligent and accurate handling for excep-tional access cases Moreover we also believe that deployingthe FBAC system in Chinarsquos current Xiangyamedical big datasystemwould havemore practical and exploratorymeanings

Disclosure

This work was presented in part at the SpaCCS 2017Guangzhou China 12ndash15 December 2017

Conflicts of Interest

The authors declare that there are no conflicts of interest

Acknowledgments

This work was supported in part by the National NaturalScience Foundation of China under Grants 61702562 and61472451 the Mobile Health Ministry of Education-ChinaMobile Joint Laboratory the Hunan Provincial Innova-tion Foundation for Postgraduate under Grant CX2015B047the China Scholarship Council Foundation under Grant201506370106 the Guangdong Provincial Natural ScienceFoundation under Grant 2017A030308006 and the JointResearch Project between Tencent andCentral SouthUniver-sity

Security and Communication Networks 11

References

[1] G Fettweis and S Alamouti ldquo5G personal mobile internetbeyond what cellular did to telephonyrdquo IEEE CommunicationsMagazine vol 52 no 2 pp 140ndash145 2014

[2] Y Zhang K Guo J Ren J Wang and J Chen ldquoTransparentcomputing A promising network computing paradigmrdquo Com-puting in Science Engineering vol 19 no 1 p 20 2017

[3] Y Zhang J Ren J Liu C Xu H Guo and Y Liu ldquoA surveyon emerging computing paradigms for big datardquo Journal ofElectronics vol 26 no 1 pp 1ndash12 2017

[4] J He Y Zhang J Lu M Wu and F Huang ldquoBlock-Stream as aService A More Secure Nimble and Dynamically BalancedCloud Service Model for Ambient Computingrdquo IEEE Networkvol 32 no 1 pp 126ndash132 2018

[5] T Peng Q Liu and G Wang ldquoA multilevel access controlscheme for data security in transparent computingrdquo Computingin Science amp Engineering vol 19 no 1 Article ID 7802524 pp46ndash53 2017

[6] I Hardill and A Green ldquoRemote working - Altering the spatialcontours of work and home in the new economyrdquoNew Technol-ogy Work and Employment vol 18 no 3 pp 212ndash222 2003

[7] AM French C Guo and J P Shim ldquoCurrent status issues andfuture of bring your own device (BYOD)rdquo CAIS vol 35 pp 1ndash10 2014

[8] D F Ferraiolo R S Sandhu S Gavrila D R Kuhn and RChandramouli ldquoProposed NIST standard for role-based accesscontrolrdquoACMTransactions on Information and System Securityvol 4 no 3 pp 224ndash274 2001

[9] S Upadhyaya ldquoMandatory access controlrdquo in Encyclopedia ofCryptography and Security pp 756ndash758 Springer 2011

[10] L Liu and M Tamer Ozsu ldquoDiscretionary access controlrdquo inEncyclopedia of Database Systems pp 864ndash866 Springer 2009

[11] V C Hu D Ferraiolo R Kuhn et al ldquoGuide to Attribute BasedAccess Control (ABAC) Definition and Considerationsrdquo Na-tional Institute of Standards and Technology NIST SP 800-1622014

[12] V C Hu D R Kuhn and D F Ferraiolo ldquoAttribute-basedaccess controlrdquoThe Computer Journal vol 48 no 2 Article ID7042715 pp 85ndash88 2015

[13] D Servos and S L Osborn ldquoCurrent research and openproblems in attribute-based access controlrdquo ACM ComputingSurveys vol 49 no 4 article no 65 2017

[14] X Li D Feng Z Chen and Z Fang ldquoModel for attribute basedaccess controlrdquo Journal on Communications vol 29 no 4 pp90ndash98 2008

[15] X JinAttribute-based access control models and implementationin cloud infrastructure as a service [PhD thesis] The Universityof Texas at San Antonio 2014 PhD dissertation

[16] M Sookhak F R Yu M K Khan Y Xiang and R BuyyaldquoAttribute-based data access control in mobile cloud comput-ing Taxonomy and open issuesrdquo Future Generation ComputerSystems vol 72 pp 273ndash287 2017

[17] B Lang I Foster F Siebenlist R Ananthakrishnan andT Free-man ldquoA flexible attribute based access control method for gridcomputingrdquo Journal of GridComputing vol 7 no 2 pp 169ndash1802009

[18] C Ngo Y Demchenko and C De Laat ldquoMulti-tenant attribute-based access control for cloud infrastructure servicesrdquo Journalof Information Security and Applications vol 27-28 pp 65ndash842016

[19] Y XuWGaoQ Zeng GWang J Ren andY Zhang ldquoFABACA flexible fuzzy attribute-based access control mechanismrdquo inProceedings of the Proc 10th International Conference on Secu-rity Privacy and Anonymity in Computation Communicationand Storage pp 332ndash343 Springer 2017 pp 332-343

[20] X Liu Q Liu T Peng and J Wu ldquoDynamic access policy incloud-based personal health record (PHR) systemsrdquo Informa-tion Sciences vol 379 pp 62ndash81 2017

[21] IBM Corporation httpswwwibmcomsupportknowledge-centerenSSNGTE 700comibmtspmdoc 70installconceptAttributeBasedAccessControlhtm

[22] ldquoCisco Systems Incrdquo httpswwwciscocomcenustddocssecurityasaasa97asdm77firewallasdm-77-firewall-configvirtual-access-vm-attributespdf

[23] Axiomatics httpswwwaxiomaticscom[24] Jericho SystemsCorporation httpswwwjerichosystemscom

technologyglossarytermsattribute based access controlhtml[25] C Martnez-Garca G Navarro-Arribas and J Borrell Fuzzy

role-based access control vol 111 of Information ProcessingLetters Elsevier 2011 pp 483-487

[26] P-C Cheng P Rohatgi C Keser P A Karger G M Wagnerand A S Reninger ldquoFuzzy multi-level security an experimenton quantified risk-adaptive access controlrdquo in Proceedings of theIEEE Symposium on Security and Privacy (SP rsquo07) pp 222ndash230IEEE Berkeley Calif USA May 2007

[27] N Dimmock A Belokosztolszki D Eyers J Bacon and KMoody ldquoUsing trust and risk in role-based access controlpoliciesrdquo in Proceedings of the Proceedings on the Ninth ACMSymposium on Access Control Models and Technologies SAC-MAT 2004 pp 156ndash162 usa June 2004

[28] Y LiThe research of access control mechanism based on attiubuteand trust evaluation Masters thesis [Master thesis] SouthwestJiaotong University 2016

[29] P NMahalle P AThakre N R Prasad and R Prasad ldquoA fuzzyapproach to trust based access control in internet of thingsrdquo inProceedings of the Proc 3rd International Conference onWirelessCommunications Vehicular Technology InformationTheory andAerospace Electronic Systems (VITAE pp 1ndash5 2013

[30] F Feng C Lin D Peng and J Li ldquoA trust and context basedaccess control model for distributed systemsrdquo in Proceedingsof the Proc 10th IEEE International Conference on High Perfor-mance Computing and Communications pp 629ndash634 2008

[31] R Bhatti E Bertino and A Ghafoor ldquoA trust-based context-aware access control model for web-servicesrdquo Distributed andParallel Databases vol 18 no 1 pp 83ndash105 2005

[32] F J Pelletier ldquoMetamathematics of fuzzy logics by Petr HajekrdquoBulletin of Symbolic Logic vol 6 no 3 pp 342ndash346 2000

[33] E H Mamdani and S Assilian ldquoAn experiment in linguisticsynthesis with a fuzzy logic controllerrdquo International Journal ofMan-Machine Studies vol 7 no 1 pp 1ndash13 1975

[34] J Dombi ldquoMembership function as an evaluationrdquo Fuzzy Setsand Systems vol 35 no 1 pp 1ndash21 1990

[35] DETER Project httpsabacdeterlabnet[36] D Johnson and D Maltz ldquoDynamic source routing in Ad

Hoc wireless networksrdquo in The Kluwer International Series inEngineering and Computer Science vol 353 pp 153ndash181 1996

6 Security and Communication Networks

credit component will be invoked to provide further decisionsupport for the request 119902119894 if its matching degree 120583(119902119894) exceedsthe rejection threshold 119867 We define 119888119900119904119905(119902119894) = 1 minus 120583(119902119894) asthe special approval cost for the request 119902119894 with the matchingdegree 120583(119902119894) because the 119888119900119904119905(119902119894) can reflect the gap betweenthe states of the 119902119894 and the precise requirements of policiesThus the credit component will compare the credit 119888119909 ofthe requester 119909 with the corresponding special approval cost119888119900119904119905(119902119894) If 119888119909 lt 119888119900119904119905(119902119894) then a denial suggestion will beissued for the 119902119894 as the requester does not have enough creditto afford the cost Otherwise the FBAC will ask the requesterfor confirmation to consume that 119888119900119904119905(119902119894) and enforce therequester to comment reasons for the unusual request Thisadditional prompt scheme is quite useful to avoid usermisuseand is also helpful for future audits Then if the requester 119909replies in the affirmative to that credit consumption promptthe FBAC will grant the request 119902119894 by charging the requestercorresponding fee ie deducting 119888119900119904119905(119902119894) from 119888119909 In factfor individuals the FBAC would degrade to standard ABACwhen they max out their credits

Furthermore for achieving better creditmanagement andthereby controlling credit abuse risks a periodic manualaudit mechanism is also integrated into the FBAC modelDuring an audit the unusual authorization records will bereviewed by the system administrators according to all therelevant information in the system including corresponding

explanatory comments typed by requesters in the confirma-tion process Based on auditing results the audit routine willrestore credits for the users who pass checks successfullywhile disables such recovery for the suspects unless provedinnocent (More tougher punishments can be given whenthe suspect is finally proven guilty) to ensure the creditsystem works well thereby providing enough flexibility withcontrollable abuse risks

Note that the credit recovery strategy depends on theadministrator For instance our approach gives the pro-portional credit back (119903 in 100) of the margin betweenthe credit line 119888119898119886119909 and the current credit value 119888119909 (ie119888119898119886119909 minus 119888119909) after each audit process This is because wehold a conservative opinion that the special approval is acompromise for improving business timeliness which shouldnot be encouraged in routineworkTherefore the formula forcalculating new credit value 1198881015840119909 is as follows

1198881015840119909 = 119903 (119888119898119886119909 minus 119888119909) + 119888119909 where 119903 isin (0 100] (4)

42 Case Study This subsection provides a case study ofFBAC to help people understand how it works in detail

Assuming there exists an FBAC systemwith the threshold119867 = 08 119888119898119886119909 = 03 119903 = 05 and two clauses in the policy setas follows

119901119900119897119894119888119910

(1) IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 000001 2895117119873 plusmn 000001))and (119895119900119887 119905119894119905119897119890 is119898119886119899119886119892119890119903) THEN granted

(2) IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 000001 2895117119873 plusmn 000001))and (119905119894119898119890 isin [8 00 18 00]) and (119895119900119887 119905119894119905119897119890 is 119904119905119886119891119891) THEN granted

(5)

We can see that there are 3 types of attributes involvedin the policy set 119905119894119898119890 is the timestamp of the request119897119900119888119886119905119894119900119899denotes the requesterrsquos location (given in latitude andlongitude) and 119895119900119887 119905119894119905119897119890 denotes the 119904119906119887119895119890119888119905rsquos job positionThen we define the membership functions as follows

120583 (119902119894) = max (]1 (119902119894) ]2 (119902119894))]1 (119902119894) = sum

2119895=1 11990811198951205851119895 (119902119894)sum2119895=1 1199081119895

]2 (119902119894) = sum3119895=1 11990821198951205852119895 (119902119894)sum3119895=1 1199082119895

(6)

In this case we set all the attributes in the same policy tothe same weight as shown below

]1 (119902119894) = sum2119895=1 1205851119895 (119902119894)2

]2 (119902119894) = sum3119895=1 1205852119895 (119902119894)3

(7)

In order to describe 120585119894119895 we firstly predefine a function119889119894119904119905119886119899119888119890(119909 119910) to describe the distance between 119909 and 119910 inmeters Then we give the definitions of 120585119894119895 as follows12058511 (119902119894) = max(1 minus 119889119894119904119905119886119899119888119890 (119897119900119888119886119905119894119900119899 119900119891119891119894119888119890)100 0)

12058512 (119902119894) = 1 119895119900119887 119905119894119905119897119890 is1198981198861198991198861198921198901199030 otherwise

12058521 (119902119894) = 12058511 (119902119894)

12058522 (119902119894) =

2 sdot 119905119894119898119890 minus 16 119905119894119898119890 isin (75 8]1 119905119894119898119890 isin (8 18]37 minus 2 sdot 119905119894119898119890 119905119894119898119890 isin (18 185]0 otherwise

12058523 (119902119894) = 1 119895119900119887 119905119894119905119897119890 is 1199041199051198861198911198910 otherwise

(8)

Security and Communication Networks 7

Then we assume that a subject 119878 initiates a request 1199021 asfollows

1199021 =

119905119894119898119890 = 18 35119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254180119864 2895117119873)

(9)

When request 1199021 is initiated the FBAC attempts to match1199021 with policies but failsThen it turns to the fuzzy evaluationprocess As the credit cost of the 1199021 is 119888119900119904119905(1199021) asymp 1 minus 085 =015 then 015 is going to be consumed from 119888119878 for making 1199021be grantedThe systemwill ask subject 119878 for the consumptionconfirmation in order to make sure whether 119878 is willing toconsume required credits to continue Suppose that 119878 choosesto spend his credits then 1199021 is granted and 119888119878 is decreased to015

Next when 119878 try to initiate another request 1199022 later asfollows

1199022 =

119905119894119898119890 = 23 03119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254187119864 2895117119873) (10)

in the same way we get that 119888119900119904119905(1199022) asymp 019 Since 119888119878 =015 after the request 1199021 119878 can not afford the cost of the 1199022 so1199022 will be rejected directlyIn addition if 119878 passes the audit with his credit value 119888119878 =015 then 119888119878 will be restored to 0225 according to expression

(4)

5 Discussion

In this section we will briefly analyze the effect on usabilityand security of FBAC followed by complexity analyses

Usability and Security To describe the enhancive effect on theoverall resource usability of FBAC we chose the granted ratewhich is defined as the rate of the granted requests to totalrequests per unit time as a reflection of usability

Let 119880 denote the usability and 119877 denote the granted ratethen we get the following expression in which 119877119899119900119903119898119886119897 and119877119904119901119890119888119894119886119897 denote the granted rates of requests matching or notmatching policies respectively while notation ldquoproprdquo denotesthe relationship of positive correlation

119880 prop (119877 = 119877119899119900119903119898119886119897 + 119877119904119901119890119888119894119886119897) (11)

Since FBAC shares the same 119877119899119900119903119898119886119897 with its elder siblingABAC obviously the FBAC obtains extra usability improve-ment Δ119880 which is positively correlated with 119877119904119901119890119888119894119886119897 whencompared with ordinary ABAC namely

Δ119880 prop 119877119904119901119890119888119894119886119897 (12)

Naturally the configurable threshold119867 is closely associ-ated with the usability For any request 119902lowast failed in policiesmatching with overall matching degree 120583(119902lowast) we supposethat 120583(119902lowast) = 119909 obeys a probability density distribution 119891(119909)

while the probability of available credit of requester 119888lowast ge120583(119902lowast) obeys another probability density distribution ℎ(119909)then we can deduce the following relational expression

119877119904119901119890119888119894119886119897 prop int119872119886119909

119867ℎ (119909) 119891 (119909) 119889119909 (13)

Since ℎ(119909) and 119891(119909) are commonsensically positive wefind an inverse correlation between the incremental usabilityΔ119880 and the threshold119867 in expression (13) that is a lower119867leads to more approvals on requests Apparently the FBACwould deteriorate to standard ABAC if119867 tends to the upperbound ie the value 1 in our case

Not surprisingly the usability improvement also comeswith security risks As the FBAC may authorize exceptionalaccess requests which do not fully comply with the currentpolicies in some cases this feature can be abused by indiscreetusers or even be exploited by malicious users for accessingextra resources and thereby bringing additional risks to thesystem Here the deviation between the overall matchingdegree of the exceptional request (ie 120583(119902lowast)) and the closestmatching policy (the standard normalization value ldquo1rdquo) isused as the risk indicator of each exceptional authorization

Correspondingly the FBAC has effective countermea-sures to mitigate the risks induced by the fuzzy assessmentmechanism to the acceptable level Firstly as a general andindiscriminate defense the reject threshold is used to screenout high-risk requests deviating far from current policiesie any request 119902lowast with overall matching degree 120583(119902lowast) lowerthan the threshold 119867 would be declined directly becausethe FBAC is aiming at improving the flexibility and effi-ciency of exceptional authorizations rather than invalids thesecurity policies Thus the security risk of each exceptionalauthorization is limited within the controllable range 1 minus 119867Secondly the credit mechanism is used as the individualizedconstraint against the abuse attacks on the FBAC As for eachrequester each exceptional authorization definitely comeswith corresponding credit cost which is determined by therisk of that request 119902lowast (ie 119888119900119904119905(119902lowast) = 1 minus 120583(119902lowast)) In otherwords a request 119902lowast will be declined if the correspondingrequester 119909lowast does not have enough credit to afford the creditcost 119888119900119904119905(119902lowast) of the exceptional request ie 119888119909

lowast

lt 119888119900119904119905(119902lowast)Therefore the immoderate and even malicious exceptionalaccess behaviors are mitigated due to the limitation ofcredit According to the analysis above then the maximumsecurity risk of one exceptional authorization associated witha requester 119909lowast is further limited within Minimum(1 minus 119867119888119909lowast

) Meanwhile within each audit cycle the total securityrisk which can be caused by the exceptional authorizationsrelated to each single requester 119909lowast is limited below his creditvalue 119888119909

lowast

(the value at the beginning of the audit cycle) Inaddition for each subject 119909lowast the credit consumption has theadditive restrictive effect on future requests because only aportion of the already consumed credits could be restoredaccording to credit recovery mechanism Briefly the morecredits the requester used in one audit cycle the less totalamount he will have in the future which further reducesthe abuse risks of the exceptional authorizations Finallythe FBAC integrates a periodic manual audit mechanism as

8 Security and Communication Networks

Table 2 The parameter configuration

Case 119862119898119886119909 119903 119867 Time weight Location weight1 080 050 080 050 0502 080 050 085 050 0503 080 050 090 050 0504 080 050 080 040 0605 080 050 080 020 080

the post-security mechanism to review all the exceptionalauthorizations As for the suspects their credit restorationswould be suspended until proven innocent As a result theywould lose the privileges to obtain instant approvals for theirexceptional requests as their credits will keep reducing andcan not get replenished Therefore the entire risk which canbe caused by the exceptional authorizations granted for asingle suspect identified during the audits is limited withinthe credit line 119888119898119886119909

Summarily the FBAC broadens the granting bounds toa certain extent for all the requests with the help of fuzzyevaluation mechanism and limits the special approval rateof each individual requester with the help of credit andaudit mechanism thereby achieving better timely usabil-ity than standard ABAC with the controllable sacrifice ofsecurity

Complexity The complexity of access control is related tothe number of concurrent requests policies and attributescontained in each policyThemore the attributes are involvedin a policy the higher the computational complexity of thispolicy will be Generally as the granularity of access controlbecomes finer the complexity of policy increases and the timecost of decision-making process also grows slightly and tendsto flatten out

Assuming there are 119898 policies and 119899 attributes thenumber of requests that occur at the same time in thesystem is 119896 the computational complexity of a basicmatchingprocess is 119874(1) in original ABAC model In the worst caseeach policy and attribute needs a matching calculation andthus the complexity of a single decision is 119874(119898119899) Becausecomplexity is proportional to the number of requests made

simultaneously the total computational complexity of thewhole system is 119874(119896119898119899)

Correspondingly the computational complexity of both abasic matching process and credit evaluation process in ourFBAC model is also 119874(1) that is to say the complexity of asingle decision is still 119874(119898119899) thus the total computationalcomplexity remains at 119874(119896119898119899)

Compared with the standard ABAC model our FBACmodel has two additional processes the credit-based judg-ment and the fuzzy assessment which is a little com-plex than the simple yesno decision And the over-head of both parts can be considered of the same orderof magnitude as the former This explains why bothmodels (ie ABAC and FBAC) have the same com-putational complexity It also shows that the impact ofFBAC in terms of performance is within an acceptablerange

6 Experimental Evaluation

We developed an FBAC prototype to evaluate its availabilitysecurity and performance through several experiments

61 Test Scenarios By modifying the ABAC source codes ofDeter Project [35] we implemented a prototype of FBACand deployed it to 5 virtual servers on a single physicalmachine (64-bit CentOS 7 4vCPUs (i5-7500 34GHz) 16GBRAM 1TB Storage supported by OpenStack (Pike v3120))for experiments

In our FBAC systems we firstly configured the followingpolicy set and set the audit time interval to one weekuniformly

119901119900119897119894119888119910 IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 00001 2895117119873 plusmn 00001))and (119905119894119898119890 isin [8 00 18 00]) THEN granted

(14)

And then we conducted four experiments with respectiveFBAC configuration parameters shown in Table 2 And ineach experiment we simulated 500 users to initiate requeststo FBAC servers These users follows Poisson distributionin time and move around according to Random Way Point(RWP) [36] model to fit the mobile features The simulationsystem will randomly regenerate the destination and themoving speed for each user every 30 minutes Addition-ally we also introduced small noises (plusmn10m) randomly to

usersrsquo location coordinate data for simulating the fluctuationsin the real positioning system These users were set asldquobenignrdquo or ldquomaliciousrdquo separately with several different userbehavioral patterns correspondingly to generate requestingdata Furthermore we set that benign users will aborttheir requests randomly in responding to credit misuseprompts whereas malicious users will not according to theknowledge that benign users are more compliance withrules

Security and Communication Networks 9

0

10

20

30G

rant

ed R

atio

7 14 21 280Time (day)

Figure 2 The average granted ratio of requests

benign usersmalicious users

0

10

20

30

40

Gra

nted

Rat

io

7 14 21 280Time (day)

Figure 3 119877119904119901119890119888119894119886119897 of benign and malicious users

Note that in the fourth and fifth cases we forced all theusers to obey the time restriction to articulate the effect ofattribute weights

The experiments last for four weeks and each audit periodis 5 days long All the access histories are recorded in accesslogs for further analyses

62 Analysis

Usability As the granted ratio of requests which fail to meetpolicies (denoted by 119877119904119901119890119888119894119886119897) reflects the extra improvementon immediate resource usability we count up such averagegranted rate based on the Case 1 as shown in Figure 2We canlearn that the average granting rate of exceptional requests ismaintained in a positive range during the experiment whichillustrates the usability increment of FBAC compared withABAC through the employment of fuzzy evaluation method

Security Again based on Case 1 we evaluated the resistanceof FBAC against security risks Figure 3 shows the granted

Table 3 The time cost of the decision-making process

Model Average time (ms) Best time (ms) Worse time (ms)FBAC 0033 0019 0245ABAC 0017 0002 0081

ratios of both benign and malicious user respectively It isclear that 119877119904119901119890119888119894119886119897 of benign users is limited to a certain upperbound by the threshold particularly below 35 in Case 1while that of malicious users is even far lower throughout thetest duration Furthermore it also illustrates that such ratesof both benign and malicious users are further constrainedby credit mechanism With the consumption and partialrecovery of credits controlled by credit and audit mechanism119877119904119901119890119888119894119886119897 of benign users reveals a hysteretic declined trendwithin each audit cycle and will fluctuate along with auditcycles during the testing period When it comes to malicioususers this ratio is decreasing continuously over audit cyclesand is gradually converging to 0

Such results demonstrate that the threshold providesa general and coarse-grained restriction on requests whilecredit system supplies additive restrictive effect on therequests in each audit cycle In addition the auditmechanismis effective in limiting 119877119904119901119890119888119894119886119897 of users with malicious orabnormal behaviors as their credits will be used up easilyand can hardly be restored because of the audit mechanismTherefore the FBAC is sufficient to defend against abuseattacks

Parameter Effects We have tuned two major regulativeparameters in FBAC to explore their potential influence

(1) Threshold To study the impact of the reject threshold weincreased the threshold119867 by 005 in Case 1 Case 2 and Case3 gradually Unsurprisingly Figure 4 illustrates that 119877119904119901119890119888119894119886119897 inFBAC is closely related to the threshold 119867 ie the higher119867 is the lower the granted rate will be Besides although alow119867may accelerate the credit consumption which in turnaffects the granted rate due to the rejection cases caused bycredit insufficiency this side effect is unable to impact themain trend on a macroscale

(2) Attribute Weight When it comes to the attribute weights Cases 4 and 5 were selected for comparison as theyset the time variable to fixed value by obeying the timerestriction and share the same 119862119898119886119909 and 119867 parametersAs seen in Figure 5 the bigger weight coefficient for thelocation attribute in Case 5 leads to a lower granted rate whencompared with that of Case 4 This shows that the weightmechanism can effectively adjust the overall impact of eachattribute on the decision-making process

PerformanceWe evaluated the time cost of decision-makingprocesses of both FBAC and ABAC to measure the per-formance According to the results in Table 3 althoughFBAC wraps ABAC and adds additional mechanisms formaking authorization decisions it only incurs quite light and

10 Security and Communication Networks

0

10

20

30

7 14 21 280Time (day)

(a) 119867 = 080

0

10

20

30

7 14 21 280Time (day)

(b) 119867 = 085

0

10

20

30

7 14 21 280Time (day)

(c) 119867 = 090

Figure 4 119877119904119901119890119888119894119886119897 under different thresholds

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(a) 119908119905 = 04 119908119897 = 06

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(b) 119908119905 = 02 119908119897 = 08

Figure 5 119877119904119901119890119888119894119886119897 under different attribute weights

acceptable overhead in average compared with ABAC whichis almost imperceptible to requesters

7 Conclusion

In this paper a feasible FBAC technique is proposed thatimproves upon the standard ABAC paradigmwith good flex-ibility and time efficiency in dealing with exceptional urgentrequests which do not comfort to policies in the dynamic andunpredictable environment Beyond ABAC we use a fuzzyevaluation method to do unattended special authorizationsfor exceptional requests that failed in policy matching Wealso use credit and corresponding audit mechanisms to limitthe abuse risk of special approvals A tangible example is givento explain the working details which indicates the suitabilityof FBAC in mobile and dynamic scenarios In additionthe theoretical analyses and experimental evaluations showthat the FBAC paradigm reinforces the system in favor oftime efficiency and usability with the controllable expense ofsecurity

In future work we would like to further refine theauthorization decision-making scheme with the support ofthe latest deep learning techniques (eg neural network)to discover benign and riskful access patterns based onthe access behavior mining for helping the FBAC betterdistinguish between benign and malicious requests thereby

enabling more intelligent and accurate handling for excep-tional access cases Moreover we also believe that deployingthe FBAC system in Chinarsquos current Xiangyamedical big datasystemwould havemore practical and exploratorymeanings

Disclosure

This work was presented in part at the SpaCCS 2017Guangzhou China 12ndash15 December 2017

Conflicts of Interest

The authors declare that there are no conflicts of interest

Acknowledgments

This work was supported in part by the National NaturalScience Foundation of China under Grants 61702562 and61472451 the Mobile Health Ministry of Education-ChinaMobile Joint Laboratory the Hunan Provincial Innova-tion Foundation for Postgraduate under Grant CX2015B047the China Scholarship Council Foundation under Grant201506370106 the Guangdong Provincial Natural ScienceFoundation under Grant 2017A030308006 and the JointResearch Project between Tencent andCentral SouthUniver-sity

Security and Communication Networks 11

References

[1] G Fettweis and S Alamouti ldquo5G personal mobile internetbeyond what cellular did to telephonyrdquo IEEE CommunicationsMagazine vol 52 no 2 pp 140ndash145 2014

[2] Y Zhang K Guo J Ren J Wang and J Chen ldquoTransparentcomputing A promising network computing paradigmrdquo Com-puting in Science Engineering vol 19 no 1 p 20 2017

[3] Y Zhang J Ren J Liu C Xu H Guo and Y Liu ldquoA surveyon emerging computing paradigms for big datardquo Journal ofElectronics vol 26 no 1 pp 1ndash12 2017

[4] J He Y Zhang J Lu M Wu and F Huang ldquoBlock-Stream as aService A More Secure Nimble and Dynamically BalancedCloud Service Model for Ambient Computingrdquo IEEE Networkvol 32 no 1 pp 126ndash132 2018

[5] T Peng Q Liu and G Wang ldquoA multilevel access controlscheme for data security in transparent computingrdquo Computingin Science amp Engineering vol 19 no 1 Article ID 7802524 pp46ndash53 2017

[6] I Hardill and A Green ldquoRemote working - Altering the spatialcontours of work and home in the new economyrdquoNew Technol-ogy Work and Employment vol 18 no 3 pp 212ndash222 2003

[7] AM French C Guo and J P Shim ldquoCurrent status issues andfuture of bring your own device (BYOD)rdquo CAIS vol 35 pp 1ndash10 2014

[8] D F Ferraiolo R S Sandhu S Gavrila D R Kuhn and RChandramouli ldquoProposed NIST standard for role-based accesscontrolrdquoACMTransactions on Information and System Securityvol 4 no 3 pp 224ndash274 2001

[9] S Upadhyaya ldquoMandatory access controlrdquo in Encyclopedia ofCryptography and Security pp 756ndash758 Springer 2011

[10] L Liu and M Tamer Ozsu ldquoDiscretionary access controlrdquo inEncyclopedia of Database Systems pp 864ndash866 Springer 2009

[11] V C Hu D Ferraiolo R Kuhn et al ldquoGuide to Attribute BasedAccess Control (ABAC) Definition and Considerationsrdquo Na-tional Institute of Standards and Technology NIST SP 800-1622014

[12] V C Hu D R Kuhn and D F Ferraiolo ldquoAttribute-basedaccess controlrdquoThe Computer Journal vol 48 no 2 Article ID7042715 pp 85ndash88 2015

[13] D Servos and S L Osborn ldquoCurrent research and openproblems in attribute-based access controlrdquo ACM ComputingSurveys vol 49 no 4 article no 65 2017

[14] X Li D Feng Z Chen and Z Fang ldquoModel for attribute basedaccess controlrdquo Journal on Communications vol 29 no 4 pp90ndash98 2008

[15] X JinAttribute-based access control models and implementationin cloud infrastructure as a service [PhD thesis] The Universityof Texas at San Antonio 2014 PhD dissertation

[16] M Sookhak F R Yu M K Khan Y Xiang and R BuyyaldquoAttribute-based data access control in mobile cloud comput-ing Taxonomy and open issuesrdquo Future Generation ComputerSystems vol 72 pp 273ndash287 2017

[17] B Lang I Foster F Siebenlist R Ananthakrishnan andT Free-man ldquoA flexible attribute based access control method for gridcomputingrdquo Journal of GridComputing vol 7 no 2 pp 169ndash1802009

[18] C Ngo Y Demchenko and C De Laat ldquoMulti-tenant attribute-based access control for cloud infrastructure servicesrdquo Journalof Information Security and Applications vol 27-28 pp 65ndash842016

[19] Y XuWGaoQ Zeng GWang J Ren andY Zhang ldquoFABACA flexible fuzzy attribute-based access control mechanismrdquo inProceedings of the Proc 10th International Conference on Secu-rity Privacy and Anonymity in Computation Communicationand Storage pp 332ndash343 Springer 2017 pp 332-343

[20] X Liu Q Liu T Peng and J Wu ldquoDynamic access policy incloud-based personal health record (PHR) systemsrdquo Informa-tion Sciences vol 379 pp 62ndash81 2017

[21] IBM Corporation httpswwwibmcomsupportknowledge-centerenSSNGTE 700comibmtspmdoc 70installconceptAttributeBasedAccessControlhtm

[22] ldquoCisco Systems Incrdquo httpswwwciscocomcenustddocssecurityasaasa97asdm77firewallasdm-77-firewall-configvirtual-access-vm-attributespdf

[23] Axiomatics httpswwwaxiomaticscom[24] Jericho SystemsCorporation httpswwwjerichosystemscom

technologyglossarytermsattribute based access controlhtml[25] C Martnez-Garca G Navarro-Arribas and J Borrell Fuzzy

role-based access control vol 111 of Information ProcessingLetters Elsevier 2011 pp 483-487

[26] P-C Cheng P Rohatgi C Keser P A Karger G M Wagnerand A S Reninger ldquoFuzzy multi-level security an experimenton quantified risk-adaptive access controlrdquo in Proceedings of theIEEE Symposium on Security and Privacy (SP rsquo07) pp 222ndash230IEEE Berkeley Calif USA May 2007

[27] N Dimmock A Belokosztolszki D Eyers J Bacon and KMoody ldquoUsing trust and risk in role-based access controlpoliciesrdquo in Proceedings of the Proceedings on the Ninth ACMSymposium on Access Control Models and Technologies SAC-MAT 2004 pp 156ndash162 usa June 2004

[28] Y LiThe research of access control mechanism based on attiubuteand trust evaluation Masters thesis [Master thesis] SouthwestJiaotong University 2016

[29] P NMahalle P AThakre N R Prasad and R Prasad ldquoA fuzzyapproach to trust based access control in internet of thingsrdquo inProceedings of the Proc 3rd International Conference onWirelessCommunications Vehicular Technology InformationTheory andAerospace Electronic Systems (VITAE pp 1ndash5 2013

[30] F Feng C Lin D Peng and J Li ldquoA trust and context basedaccess control model for distributed systemsrdquo in Proceedingsof the Proc 10th IEEE International Conference on High Perfor-mance Computing and Communications pp 629ndash634 2008

[31] R Bhatti E Bertino and A Ghafoor ldquoA trust-based context-aware access control model for web-servicesrdquo Distributed andParallel Databases vol 18 no 1 pp 83ndash105 2005

[32] F J Pelletier ldquoMetamathematics of fuzzy logics by Petr HajekrdquoBulletin of Symbolic Logic vol 6 no 3 pp 342ndash346 2000

[33] E H Mamdani and S Assilian ldquoAn experiment in linguisticsynthesis with a fuzzy logic controllerrdquo International Journal ofMan-Machine Studies vol 7 no 1 pp 1ndash13 1975

[34] J Dombi ldquoMembership function as an evaluationrdquo Fuzzy Setsand Systems vol 35 no 1 pp 1ndash21 1990

[35] DETER Project httpsabacdeterlabnet[36] D Johnson and D Maltz ldquoDynamic source routing in Ad

Hoc wireless networksrdquo in The Kluwer International Series inEngineering and Computer Science vol 353 pp 153ndash181 1996

Security and Communication Networks 7

Then we assume that a subject 119878 initiates a request 1199021 asfollows

1199021 =

119905119894119898119890 = 18 35119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254180119864 2895117119873)

(9)

When request 1199021 is initiated the FBAC attempts to match1199021 with policies but failsThen it turns to the fuzzy evaluationprocess As the credit cost of the 1199021 is 119888119900119904119905(1199021) asymp 1 minus 085 =015 then 015 is going to be consumed from 119888119878 for making 1199021be grantedThe systemwill ask subject 119878 for the consumptionconfirmation in order to make sure whether 119878 is willing toconsume required credits to continue Suppose that 119878 choosesto spend his credits then 1199021 is granted and 119888119878 is decreased to015

Next when 119878 try to initiate another request 1199022 later asfollows

1199022 =

119905119894119898119890 = 23 03119895119900119887 119905119894119905119897119890 = 119898119886119899119886119892119890119903

119897119900119888119886119905119894119900119899 = (11254187119864 2895117119873) (10)

in the same way we get that 119888119900119904119905(1199022) asymp 019 Since 119888119878 =015 after the request 1199021 119878 can not afford the cost of the 1199022 so1199022 will be rejected directlyIn addition if 119878 passes the audit with his credit value 119888119878 =015 then 119888119878 will be restored to 0225 according to expression

(4)

5 Discussion

In this section we will briefly analyze the effect on usabilityand security of FBAC followed by complexity analyses

Usability and Security To describe the enhancive effect on theoverall resource usability of FBAC we chose the granted ratewhich is defined as the rate of the granted requests to totalrequests per unit time as a reflection of usability

Let 119880 denote the usability and 119877 denote the granted ratethen we get the following expression in which 119877119899119900119903119898119886119897 and119877119904119901119890119888119894119886119897 denote the granted rates of requests matching or notmatching policies respectively while notation ldquoproprdquo denotesthe relationship of positive correlation

119880 prop (119877 = 119877119899119900119903119898119886119897 + 119877119904119901119890119888119894119886119897) (11)

Since FBAC shares the same 119877119899119900119903119898119886119897 with its elder siblingABAC obviously the FBAC obtains extra usability improve-ment Δ119880 which is positively correlated with 119877119904119901119890119888119894119886119897 whencompared with ordinary ABAC namely

Δ119880 prop 119877119904119901119890119888119894119886119897 (12)

Naturally the configurable threshold119867 is closely associ-ated with the usability For any request 119902lowast failed in policiesmatching with overall matching degree 120583(119902lowast) we supposethat 120583(119902lowast) = 119909 obeys a probability density distribution 119891(119909)

while the probability of available credit of requester 119888lowast ge120583(119902lowast) obeys another probability density distribution ℎ(119909)then we can deduce the following relational expression

119877119904119901119890119888119894119886119897 prop int119872119886119909

119867ℎ (119909) 119891 (119909) 119889119909 (13)

Since ℎ(119909) and 119891(119909) are commonsensically positive wefind an inverse correlation between the incremental usabilityΔ119880 and the threshold119867 in expression (13) that is a lower119867leads to more approvals on requests Apparently the FBACwould deteriorate to standard ABAC if119867 tends to the upperbound ie the value 1 in our case

Not surprisingly the usability improvement also comeswith security risks As the FBAC may authorize exceptionalaccess requests which do not fully comply with the currentpolicies in some cases this feature can be abused by indiscreetusers or even be exploited by malicious users for accessingextra resources and thereby bringing additional risks to thesystem Here the deviation between the overall matchingdegree of the exceptional request (ie 120583(119902lowast)) and the closestmatching policy (the standard normalization value ldquo1rdquo) isused as the risk indicator of each exceptional authorization

Correspondingly the FBAC has effective countermea-sures to mitigate the risks induced by the fuzzy assessmentmechanism to the acceptable level Firstly as a general andindiscriminate defense the reject threshold is used to screenout high-risk requests deviating far from current policiesie any request 119902lowast with overall matching degree 120583(119902lowast) lowerthan the threshold 119867 would be declined directly becausethe FBAC is aiming at improving the flexibility and effi-ciency of exceptional authorizations rather than invalids thesecurity policies Thus the security risk of each exceptionalauthorization is limited within the controllable range 1 minus 119867Secondly the credit mechanism is used as the individualizedconstraint against the abuse attacks on the FBAC As for eachrequester each exceptional authorization definitely comeswith corresponding credit cost which is determined by therisk of that request 119902lowast (ie 119888119900119904119905(119902lowast) = 1 minus 120583(119902lowast)) In otherwords a request 119902lowast will be declined if the correspondingrequester 119909lowast does not have enough credit to afford the creditcost 119888119900119904119905(119902lowast) of the exceptional request ie 119888119909

lowast

lt 119888119900119904119905(119902lowast)Therefore the immoderate and even malicious exceptionalaccess behaviors are mitigated due to the limitation ofcredit According to the analysis above then the maximumsecurity risk of one exceptional authorization associated witha requester 119909lowast is further limited within Minimum(1 minus 119867119888119909lowast

) Meanwhile within each audit cycle the total securityrisk which can be caused by the exceptional authorizationsrelated to each single requester 119909lowast is limited below his creditvalue 119888119909

lowast

(the value at the beginning of the audit cycle) Inaddition for each subject 119909lowast the credit consumption has theadditive restrictive effect on future requests because only aportion of the already consumed credits could be restoredaccording to credit recovery mechanism Briefly the morecredits the requester used in one audit cycle the less totalamount he will have in the future which further reducesthe abuse risks of the exceptional authorizations Finallythe FBAC integrates a periodic manual audit mechanism as

8 Security and Communication Networks

Table 2 The parameter configuration

Case 119862119898119886119909 119903 119867 Time weight Location weight1 080 050 080 050 0502 080 050 085 050 0503 080 050 090 050 0504 080 050 080 040 0605 080 050 080 020 080

the post-security mechanism to review all the exceptionalauthorizations As for the suspects their credit restorationswould be suspended until proven innocent As a result theywould lose the privileges to obtain instant approvals for theirexceptional requests as their credits will keep reducing andcan not get replenished Therefore the entire risk which canbe caused by the exceptional authorizations granted for asingle suspect identified during the audits is limited withinthe credit line 119888119898119886119909

Summarily the FBAC broadens the granting bounds toa certain extent for all the requests with the help of fuzzyevaluation mechanism and limits the special approval rateof each individual requester with the help of credit andaudit mechanism thereby achieving better timely usabil-ity than standard ABAC with the controllable sacrifice ofsecurity

Complexity The complexity of access control is related tothe number of concurrent requests policies and attributescontained in each policyThemore the attributes are involvedin a policy the higher the computational complexity of thispolicy will be Generally as the granularity of access controlbecomes finer the complexity of policy increases and the timecost of decision-making process also grows slightly and tendsto flatten out

Assuming there are 119898 policies and 119899 attributes thenumber of requests that occur at the same time in thesystem is 119896 the computational complexity of a basicmatchingprocess is 119874(1) in original ABAC model In the worst caseeach policy and attribute needs a matching calculation andthus the complexity of a single decision is 119874(119898119899) Becausecomplexity is proportional to the number of requests made

simultaneously the total computational complexity of thewhole system is 119874(119896119898119899)

Correspondingly the computational complexity of both abasic matching process and credit evaluation process in ourFBAC model is also 119874(1) that is to say the complexity of asingle decision is still 119874(119898119899) thus the total computationalcomplexity remains at 119874(119896119898119899)

Compared with the standard ABAC model our FBACmodel has two additional processes the credit-based judg-ment and the fuzzy assessment which is a little com-plex than the simple yesno decision And the over-head of both parts can be considered of the same orderof magnitude as the former This explains why bothmodels (ie ABAC and FBAC) have the same com-putational complexity It also shows that the impact ofFBAC in terms of performance is within an acceptablerange

6 Experimental Evaluation

We developed an FBAC prototype to evaluate its availabilitysecurity and performance through several experiments

61 Test Scenarios By modifying the ABAC source codes ofDeter Project [35] we implemented a prototype of FBACand deployed it to 5 virtual servers on a single physicalmachine (64-bit CentOS 7 4vCPUs (i5-7500 34GHz) 16GBRAM 1TB Storage supported by OpenStack (Pike v3120))for experiments

In our FBAC systems we firstly configured the followingpolicy set and set the audit time interval to one weekuniformly

119901119900119897119894119888119910 IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 00001 2895117119873 plusmn 00001))and (119905119894119898119890 isin [8 00 18 00]) THEN granted

(14)

And then we conducted four experiments with respectiveFBAC configuration parameters shown in Table 2 And ineach experiment we simulated 500 users to initiate requeststo FBAC servers These users follows Poisson distributionin time and move around according to Random Way Point(RWP) [36] model to fit the mobile features The simulationsystem will randomly regenerate the destination and themoving speed for each user every 30 minutes Addition-ally we also introduced small noises (plusmn10m) randomly to

usersrsquo location coordinate data for simulating the fluctuationsin the real positioning system These users were set asldquobenignrdquo or ldquomaliciousrdquo separately with several different userbehavioral patterns correspondingly to generate requestingdata Furthermore we set that benign users will aborttheir requests randomly in responding to credit misuseprompts whereas malicious users will not according to theknowledge that benign users are more compliance withrules

Security and Communication Networks 9

0

10

20

30G

rant

ed R

atio

7 14 21 280Time (day)

Figure 2 The average granted ratio of requests

benign usersmalicious users

0

10

20

30

40

Gra

nted

Rat

io

7 14 21 280Time (day)

Figure 3 119877119904119901119890119888119894119886119897 of benign and malicious users

Note that in the fourth and fifth cases we forced all theusers to obey the time restriction to articulate the effect ofattribute weights

The experiments last for four weeks and each audit periodis 5 days long All the access histories are recorded in accesslogs for further analyses

62 Analysis

Usability As the granted ratio of requests which fail to meetpolicies (denoted by 119877119904119901119890119888119894119886119897) reflects the extra improvementon immediate resource usability we count up such averagegranted rate based on the Case 1 as shown in Figure 2We canlearn that the average granting rate of exceptional requests ismaintained in a positive range during the experiment whichillustrates the usability increment of FBAC compared withABAC through the employment of fuzzy evaluation method

Security Again based on Case 1 we evaluated the resistanceof FBAC against security risks Figure 3 shows the granted

Table 3 The time cost of the decision-making process

Model Average time (ms) Best time (ms) Worse time (ms)FBAC 0033 0019 0245ABAC 0017 0002 0081

ratios of both benign and malicious user respectively It isclear that 119877119904119901119890119888119894119886119897 of benign users is limited to a certain upperbound by the threshold particularly below 35 in Case 1while that of malicious users is even far lower throughout thetest duration Furthermore it also illustrates that such ratesof both benign and malicious users are further constrainedby credit mechanism With the consumption and partialrecovery of credits controlled by credit and audit mechanism119877119904119901119890119888119894119886119897 of benign users reveals a hysteretic declined trendwithin each audit cycle and will fluctuate along with auditcycles during the testing period When it comes to malicioususers this ratio is decreasing continuously over audit cyclesand is gradually converging to 0

Such results demonstrate that the threshold providesa general and coarse-grained restriction on requests whilecredit system supplies additive restrictive effect on therequests in each audit cycle In addition the auditmechanismis effective in limiting 119877119904119901119890119888119894119886119897 of users with malicious orabnormal behaviors as their credits will be used up easilyand can hardly be restored because of the audit mechanismTherefore the FBAC is sufficient to defend against abuseattacks

Parameter Effects We have tuned two major regulativeparameters in FBAC to explore their potential influence

(1) Threshold To study the impact of the reject threshold weincreased the threshold119867 by 005 in Case 1 Case 2 and Case3 gradually Unsurprisingly Figure 4 illustrates that 119877119904119901119890119888119894119886119897 inFBAC is closely related to the threshold 119867 ie the higher119867 is the lower the granted rate will be Besides although alow119867may accelerate the credit consumption which in turnaffects the granted rate due to the rejection cases caused bycredit insufficiency this side effect is unable to impact themain trend on a macroscale

(2) Attribute Weight When it comes to the attribute weights Cases 4 and 5 were selected for comparison as theyset the time variable to fixed value by obeying the timerestriction and share the same 119862119898119886119909 and 119867 parametersAs seen in Figure 5 the bigger weight coefficient for thelocation attribute in Case 5 leads to a lower granted rate whencompared with that of Case 4 This shows that the weightmechanism can effectively adjust the overall impact of eachattribute on the decision-making process

PerformanceWe evaluated the time cost of decision-makingprocesses of both FBAC and ABAC to measure the per-formance According to the results in Table 3 althoughFBAC wraps ABAC and adds additional mechanisms formaking authorization decisions it only incurs quite light and

10 Security and Communication Networks

0

10

20

30

7 14 21 280Time (day)

(a) 119867 = 080

0

10

20

30

7 14 21 280Time (day)

(b) 119867 = 085

0

10

20

30

7 14 21 280Time (day)

(c) 119867 = 090

Figure 4 119877119904119901119890119888119894119886119897 under different thresholds

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(a) 119908119905 = 04 119908119897 = 06

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(b) 119908119905 = 02 119908119897 = 08

Figure 5 119877119904119901119890119888119894119886119897 under different attribute weights

acceptable overhead in average compared with ABAC whichis almost imperceptible to requesters

7 Conclusion

In this paper a feasible FBAC technique is proposed thatimproves upon the standard ABAC paradigmwith good flex-ibility and time efficiency in dealing with exceptional urgentrequests which do not comfort to policies in the dynamic andunpredictable environment Beyond ABAC we use a fuzzyevaluation method to do unattended special authorizationsfor exceptional requests that failed in policy matching Wealso use credit and corresponding audit mechanisms to limitthe abuse risk of special approvals A tangible example is givento explain the working details which indicates the suitabilityof FBAC in mobile and dynamic scenarios In additionthe theoretical analyses and experimental evaluations showthat the FBAC paradigm reinforces the system in favor oftime efficiency and usability with the controllable expense ofsecurity

In future work we would like to further refine theauthorization decision-making scheme with the support ofthe latest deep learning techniques (eg neural network)to discover benign and riskful access patterns based onthe access behavior mining for helping the FBAC betterdistinguish between benign and malicious requests thereby

enabling more intelligent and accurate handling for excep-tional access cases Moreover we also believe that deployingthe FBAC system in Chinarsquos current Xiangyamedical big datasystemwould havemore practical and exploratorymeanings

Disclosure

This work was presented in part at the SpaCCS 2017Guangzhou China 12ndash15 December 2017

Conflicts of Interest

The authors declare that there are no conflicts of interest

Acknowledgments

This work was supported in part by the National NaturalScience Foundation of China under Grants 61702562 and61472451 the Mobile Health Ministry of Education-ChinaMobile Joint Laboratory the Hunan Provincial Innova-tion Foundation for Postgraduate under Grant CX2015B047the China Scholarship Council Foundation under Grant201506370106 the Guangdong Provincial Natural ScienceFoundation under Grant 2017A030308006 and the JointResearch Project between Tencent andCentral SouthUniver-sity

Security and Communication Networks 11

References

[1] G Fettweis and S Alamouti ldquo5G personal mobile internetbeyond what cellular did to telephonyrdquo IEEE CommunicationsMagazine vol 52 no 2 pp 140ndash145 2014

[2] Y Zhang K Guo J Ren J Wang and J Chen ldquoTransparentcomputing A promising network computing paradigmrdquo Com-puting in Science Engineering vol 19 no 1 p 20 2017

[3] Y Zhang J Ren J Liu C Xu H Guo and Y Liu ldquoA surveyon emerging computing paradigms for big datardquo Journal ofElectronics vol 26 no 1 pp 1ndash12 2017

[4] J He Y Zhang J Lu M Wu and F Huang ldquoBlock-Stream as aService A More Secure Nimble and Dynamically BalancedCloud Service Model for Ambient Computingrdquo IEEE Networkvol 32 no 1 pp 126ndash132 2018

[5] T Peng Q Liu and G Wang ldquoA multilevel access controlscheme for data security in transparent computingrdquo Computingin Science amp Engineering vol 19 no 1 Article ID 7802524 pp46ndash53 2017

[6] I Hardill and A Green ldquoRemote working - Altering the spatialcontours of work and home in the new economyrdquoNew Technol-ogy Work and Employment vol 18 no 3 pp 212ndash222 2003

[7] AM French C Guo and J P Shim ldquoCurrent status issues andfuture of bring your own device (BYOD)rdquo CAIS vol 35 pp 1ndash10 2014

[8] D F Ferraiolo R S Sandhu S Gavrila D R Kuhn and RChandramouli ldquoProposed NIST standard for role-based accesscontrolrdquoACMTransactions on Information and System Securityvol 4 no 3 pp 224ndash274 2001

[9] S Upadhyaya ldquoMandatory access controlrdquo in Encyclopedia ofCryptography and Security pp 756ndash758 Springer 2011

[10] L Liu and M Tamer Ozsu ldquoDiscretionary access controlrdquo inEncyclopedia of Database Systems pp 864ndash866 Springer 2009

[11] V C Hu D Ferraiolo R Kuhn et al ldquoGuide to Attribute BasedAccess Control (ABAC) Definition and Considerationsrdquo Na-tional Institute of Standards and Technology NIST SP 800-1622014

[12] V C Hu D R Kuhn and D F Ferraiolo ldquoAttribute-basedaccess controlrdquoThe Computer Journal vol 48 no 2 Article ID7042715 pp 85ndash88 2015

[13] D Servos and S L Osborn ldquoCurrent research and openproblems in attribute-based access controlrdquo ACM ComputingSurveys vol 49 no 4 article no 65 2017

[14] X Li D Feng Z Chen and Z Fang ldquoModel for attribute basedaccess controlrdquo Journal on Communications vol 29 no 4 pp90ndash98 2008

[15] X JinAttribute-based access control models and implementationin cloud infrastructure as a service [PhD thesis] The Universityof Texas at San Antonio 2014 PhD dissertation

[16] M Sookhak F R Yu M K Khan Y Xiang and R BuyyaldquoAttribute-based data access control in mobile cloud comput-ing Taxonomy and open issuesrdquo Future Generation ComputerSystems vol 72 pp 273ndash287 2017

[17] B Lang I Foster F Siebenlist R Ananthakrishnan andT Free-man ldquoA flexible attribute based access control method for gridcomputingrdquo Journal of GridComputing vol 7 no 2 pp 169ndash1802009

[18] C Ngo Y Demchenko and C De Laat ldquoMulti-tenant attribute-based access control for cloud infrastructure servicesrdquo Journalof Information Security and Applications vol 27-28 pp 65ndash842016

[19] Y XuWGaoQ Zeng GWang J Ren andY Zhang ldquoFABACA flexible fuzzy attribute-based access control mechanismrdquo inProceedings of the Proc 10th International Conference on Secu-rity Privacy and Anonymity in Computation Communicationand Storage pp 332ndash343 Springer 2017 pp 332-343

[20] X Liu Q Liu T Peng and J Wu ldquoDynamic access policy incloud-based personal health record (PHR) systemsrdquo Informa-tion Sciences vol 379 pp 62ndash81 2017

[21] IBM Corporation httpswwwibmcomsupportknowledge-centerenSSNGTE 700comibmtspmdoc 70installconceptAttributeBasedAccessControlhtm

[22] ldquoCisco Systems Incrdquo httpswwwciscocomcenustddocssecurityasaasa97asdm77firewallasdm-77-firewall-configvirtual-access-vm-attributespdf

[23] Axiomatics httpswwwaxiomaticscom[24] Jericho SystemsCorporation httpswwwjerichosystemscom

technologyglossarytermsattribute based access controlhtml[25] C Martnez-Garca G Navarro-Arribas and J Borrell Fuzzy

role-based access control vol 111 of Information ProcessingLetters Elsevier 2011 pp 483-487

[26] P-C Cheng P Rohatgi C Keser P A Karger G M Wagnerand A S Reninger ldquoFuzzy multi-level security an experimenton quantified risk-adaptive access controlrdquo in Proceedings of theIEEE Symposium on Security and Privacy (SP rsquo07) pp 222ndash230IEEE Berkeley Calif USA May 2007

[27] N Dimmock A Belokosztolszki D Eyers J Bacon and KMoody ldquoUsing trust and risk in role-based access controlpoliciesrdquo in Proceedings of the Proceedings on the Ninth ACMSymposium on Access Control Models and Technologies SAC-MAT 2004 pp 156ndash162 usa June 2004

[28] Y LiThe research of access control mechanism based on attiubuteand trust evaluation Masters thesis [Master thesis] SouthwestJiaotong University 2016

[29] P NMahalle P AThakre N R Prasad and R Prasad ldquoA fuzzyapproach to trust based access control in internet of thingsrdquo inProceedings of the Proc 3rd International Conference onWirelessCommunications Vehicular Technology InformationTheory andAerospace Electronic Systems (VITAE pp 1ndash5 2013

[30] F Feng C Lin D Peng and J Li ldquoA trust and context basedaccess control model for distributed systemsrdquo in Proceedingsof the Proc 10th IEEE International Conference on High Perfor-mance Computing and Communications pp 629ndash634 2008

[31] R Bhatti E Bertino and A Ghafoor ldquoA trust-based context-aware access control model for web-servicesrdquo Distributed andParallel Databases vol 18 no 1 pp 83ndash105 2005

[32] F J Pelletier ldquoMetamathematics of fuzzy logics by Petr HajekrdquoBulletin of Symbolic Logic vol 6 no 3 pp 342ndash346 2000

[33] E H Mamdani and S Assilian ldquoAn experiment in linguisticsynthesis with a fuzzy logic controllerrdquo International Journal ofMan-Machine Studies vol 7 no 1 pp 1ndash13 1975

[34] J Dombi ldquoMembership function as an evaluationrdquo Fuzzy Setsand Systems vol 35 no 1 pp 1ndash21 1990

[35] DETER Project httpsabacdeterlabnet[36] D Johnson and D Maltz ldquoDynamic source routing in Ad

Hoc wireless networksrdquo in The Kluwer International Series inEngineering and Computer Science vol 353 pp 153ndash181 1996

8 Security and Communication Networks

Table 2 The parameter configuration

Case 119862119898119886119909 119903 119867 Time weight Location weight1 080 050 080 050 0502 080 050 085 050 0503 080 050 090 050 0504 080 050 080 040 0605 080 050 080 020 080

the post-security mechanism to review all the exceptionalauthorizations As for the suspects their credit restorationswould be suspended until proven innocent As a result theywould lose the privileges to obtain instant approvals for theirexceptional requests as their credits will keep reducing andcan not get replenished Therefore the entire risk which canbe caused by the exceptional authorizations granted for asingle suspect identified during the audits is limited withinthe credit line 119888119898119886119909

Summarily the FBAC broadens the granting bounds toa certain extent for all the requests with the help of fuzzyevaluation mechanism and limits the special approval rateof each individual requester with the help of credit andaudit mechanism thereby achieving better timely usabil-ity than standard ABAC with the controllable sacrifice ofsecurity

Complexity The complexity of access control is related tothe number of concurrent requests policies and attributescontained in each policyThemore the attributes are involvedin a policy the higher the computational complexity of thispolicy will be Generally as the granularity of access controlbecomes finer the complexity of policy increases and the timecost of decision-making process also grows slightly and tendsto flatten out

Assuming there are 119898 policies and 119899 attributes thenumber of requests that occur at the same time in thesystem is 119896 the computational complexity of a basicmatchingprocess is 119874(1) in original ABAC model In the worst caseeach policy and attribute needs a matching calculation andthus the complexity of a single decision is 119874(119898119899) Becausecomplexity is proportional to the number of requests made

simultaneously the total computational complexity of thewhole system is 119874(119896119898119899)

Correspondingly the computational complexity of both abasic matching process and credit evaluation process in ourFBAC model is also 119874(1) that is to say the complexity of asingle decision is still 119874(119898119899) thus the total computationalcomplexity remains at 119874(119896119898119899)

Compared with the standard ABAC model our FBACmodel has two additional processes the credit-based judg-ment and the fuzzy assessment which is a little com-plex than the simple yesno decision And the over-head of both parts can be considered of the same orderof magnitude as the former This explains why bothmodels (ie ABAC and FBAC) have the same com-putational complexity It also shows that the impact ofFBAC in terms of performance is within an acceptablerange

6 Experimental Evaluation

We developed an FBAC prototype to evaluate its availabilitysecurity and performance through several experiments

61 Test Scenarios By modifying the ABAC source codes ofDeter Project [35] we implemented a prototype of FBACand deployed it to 5 virtual servers on a single physicalmachine (64-bit CentOS 7 4vCPUs (i5-7500 34GHz) 16GBRAM 1TB Storage supported by OpenStack (Pike v3120))for experiments

In our FBAC systems we firstly configured the followingpolicy set and set the audit time interval to one weekuniformly

119901119900119897119894119888119910 IF (119897119900119888119886119905119894119900119899 = (11254153119864 plusmn 00001 2895117119873 plusmn 00001))and (119905119894119898119890 isin [8 00 18 00]) THEN granted

(14)

And then we conducted four experiments with respectiveFBAC configuration parameters shown in Table 2 And ineach experiment we simulated 500 users to initiate requeststo FBAC servers These users follows Poisson distributionin time and move around according to Random Way Point(RWP) [36] model to fit the mobile features The simulationsystem will randomly regenerate the destination and themoving speed for each user every 30 minutes Addition-ally we also introduced small noises (plusmn10m) randomly to

usersrsquo location coordinate data for simulating the fluctuationsin the real positioning system These users were set asldquobenignrdquo or ldquomaliciousrdquo separately with several different userbehavioral patterns correspondingly to generate requestingdata Furthermore we set that benign users will aborttheir requests randomly in responding to credit misuseprompts whereas malicious users will not according to theknowledge that benign users are more compliance withrules

Security and Communication Networks 9

0

10

20

30G

rant

ed R

atio

7 14 21 280Time (day)

Figure 2 The average granted ratio of requests

benign usersmalicious users

0

10

20

30

40

Gra

nted

Rat

io

7 14 21 280Time (day)

Figure 3 119877119904119901119890119888119894119886119897 of benign and malicious users

Note that in the fourth and fifth cases we forced all theusers to obey the time restriction to articulate the effect ofattribute weights

The experiments last for four weeks and each audit periodis 5 days long All the access histories are recorded in accesslogs for further analyses

62 Analysis

Usability As the granted ratio of requests which fail to meetpolicies (denoted by 119877119904119901119890119888119894119886119897) reflects the extra improvementon immediate resource usability we count up such averagegranted rate based on the Case 1 as shown in Figure 2We canlearn that the average granting rate of exceptional requests ismaintained in a positive range during the experiment whichillustrates the usability increment of FBAC compared withABAC through the employment of fuzzy evaluation method

Security Again based on Case 1 we evaluated the resistanceof FBAC against security risks Figure 3 shows the granted

Table 3 The time cost of the decision-making process

Model Average time (ms) Best time (ms) Worse time (ms)FBAC 0033 0019 0245ABAC 0017 0002 0081

ratios of both benign and malicious user respectively It isclear that 119877119904119901119890119888119894119886119897 of benign users is limited to a certain upperbound by the threshold particularly below 35 in Case 1while that of malicious users is even far lower throughout thetest duration Furthermore it also illustrates that such ratesof both benign and malicious users are further constrainedby credit mechanism With the consumption and partialrecovery of credits controlled by credit and audit mechanism119877119904119901119890119888119894119886119897 of benign users reveals a hysteretic declined trendwithin each audit cycle and will fluctuate along with auditcycles during the testing period When it comes to malicioususers this ratio is decreasing continuously over audit cyclesand is gradually converging to 0

Such results demonstrate that the threshold providesa general and coarse-grained restriction on requests whilecredit system supplies additive restrictive effect on therequests in each audit cycle In addition the auditmechanismis effective in limiting 119877119904119901119890119888119894119886119897 of users with malicious orabnormal behaviors as their credits will be used up easilyand can hardly be restored because of the audit mechanismTherefore the FBAC is sufficient to defend against abuseattacks

Parameter Effects We have tuned two major regulativeparameters in FBAC to explore their potential influence

(1) Threshold To study the impact of the reject threshold weincreased the threshold119867 by 005 in Case 1 Case 2 and Case3 gradually Unsurprisingly Figure 4 illustrates that 119877119904119901119890119888119894119886119897 inFBAC is closely related to the threshold 119867 ie the higher119867 is the lower the granted rate will be Besides although alow119867may accelerate the credit consumption which in turnaffects the granted rate due to the rejection cases caused bycredit insufficiency this side effect is unable to impact themain trend on a macroscale

(2) Attribute Weight When it comes to the attribute weights Cases 4 and 5 were selected for comparison as theyset the time variable to fixed value by obeying the timerestriction and share the same 119862119898119886119909 and 119867 parametersAs seen in Figure 5 the bigger weight coefficient for thelocation attribute in Case 5 leads to a lower granted rate whencompared with that of Case 4 This shows that the weightmechanism can effectively adjust the overall impact of eachattribute on the decision-making process

PerformanceWe evaluated the time cost of decision-makingprocesses of both FBAC and ABAC to measure the per-formance According to the results in Table 3 althoughFBAC wraps ABAC and adds additional mechanisms formaking authorization decisions it only incurs quite light and

10 Security and Communication Networks

0

10

20

30

7 14 21 280Time (day)

(a) 119867 = 080

0

10

20

30

7 14 21 280Time (day)

(b) 119867 = 085

0

10

20

30

7 14 21 280Time (day)

(c) 119867 = 090

Figure 4 119877119904119901119890119888119894119886119897 under different thresholds

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(a) 119908119905 = 04 119908119897 = 06

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(b) 119908119905 = 02 119908119897 = 08

Figure 5 119877119904119901119890119888119894119886119897 under different attribute weights

acceptable overhead in average compared with ABAC whichis almost imperceptible to requesters

7 Conclusion

In this paper a feasible FBAC technique is proposed thatimproves upon the standard ABAC paradigmwith good flex-ibility and time efficiency in dealing with exceptional urgentrequests which do not comfort to policies in the dynamic andunpredictable environment Beyond ABAC we use a fuzzyevaluation method to do unattended special authorizationsfor exceptional requests that failed in policy matching Wealso use credit and corresponding audit mechanisms to limitthe abuse risk of special approvals A tangible example is givento explain the working details which indicates the suitabilityof FBAC in mobile and dynamic scenarios In additionthe theoretical analyses and experimental evaluations showthat the FBAC paradigm reinforces the system in favor oftime efficiency and usability with the controllable expense ofsecurity

In future work we would like to further refine theauthorization decision-making scheme with the support ofthe latest deep learning techniques (eg neural network)to discover benign and riskful access patterns based onthe access behavior mining for helping the FBAC betterdistinguish between benign and malicious requests thereby

enabling more intelligent and accurate handling for excep-tional access cases Moreover we also believe that deployingthe FBAC system in Chinarsquos current Xiangyamedical big datasystemwould havemore practical and exploratorymeanings

Disclosure

This work was presented in part at the SpaCCS 2017Guangzhou China 12ndash15 December 2017

Conflicts of Interest

The authors declare that there are no conflicts of interest

Acknowledgments

This work was supported in part by the National NaturalScience Foundation of China under Grants 61702562 and61472451 the Mobile Health Ministry of Education-ChinaMobile Joint Laboratory the Hunan Provincial Innova-tion Foundation for Postgraduate under Grant CX2015B047the China Scholarship Council Foundation under Grant201506370106 the Guangdong Provincial Natural ScienceFoundation under Grant 2017A030308006 and the JointResearch Project between Tencent andCentral SouthUniver-sity

Security and Communication Networks 11

References

[1] G Fettweis and S Alamouti ldquo5G personal mobile internetbeyond what cellular did to telephonyrdquo IEEE CommunicationsMagazine vol 52 no 2 pp 140ndash145 2014

[2] Y Zhang K Guo J Ren J Wang and J Chen ldquoTransparentcomputing A promising network computing paradigmrdquo Com-puting in Science Engineering vol 19 no 1 p 20 2017

[3] Y Zhang J Ren J Liu C Xu H Guo and Y Liu ldquoA surveyon emerging computing paradigms for big datardquo Journal ofElectronics vol 26 no 1 pp 1ndash12 2017

[4] J He Y Zhang J Lu M Wu and F Huang ldquoBlock-Stream as aService A More Secure Nimble and Dynamically BalancedCloud Service Model for Ambient Computingrdquo IEEE Networkvol 32 no 1 pp 126ndash132 2018

[5] T Peng Q Liu and G Wang ldquoA multilevel access controlscheme for data security in transparent computingrdquo Computingin Science amp Engineering vol 19 no 1 Article ID 7802524 pp46ndash53 2017

[6] I Hardill and A Green ldquoRemote working - Altering the spatialcontours of work and home in the new economyrdquoNew Technol-ogy Work and Employment vol 18 no 3 pp 212ndash222 2003

[7] AM French C Guo and J P Shim ldquoCurrent status issues andfuture of bring your own device (BYOD)rdquo CAIS vol 35 pp 1ndash10 2014

[8] D F Ferraiolo R S Sandhu S Gavrila D R Kuhn and RChandramouli ldquoProposed NIST standard for role-based accesscontrolrdquoACMTransactions on Information and System Securityvol 4 no 3 pp 224ndash274 2001

[9] S Upadhyaya ldquoMandatory access controlrdquo in Encyclopedia ofCryptography and Security pp 756ndash758 Springer 2011

[10] L Liu and M Tamer Ozsu ldquoDiscretionary access controlrdquo inEncyclopedia of Database Systems pp 864ndash866 Springer 2009

[11] V C Hu D Ferraiolo R Kuhn et al ldquoGuide to Attribute BasedAccess Control (ABAC) Definition and Considerationsrdquo Na-tional Institute of Standards and Technology NIST SP 800-1622014

[12] V C Hu D R Kuhn and D F Ferraiolo ldquoAttribute-basedaccess controlrdquoThe Computer Journal vol 48 no 2 Article ID7042715 pp 85ndash88 2015

[13] D Servos and S L Osborn ldquoCurrent research and openproblems in attribute-based access controlrdquo ACM ComputingSurveys vol 49 no 4 article no 65 2017

[14] X Li D Feng Z Chen and Z Fang ldquoModel for attribute basedaccess controlrdquo Journal on Communications vol 29 no 4 pp90ndash98 2008

[15] X JinAttribute-based access control models and implementationin cloud infrastructure as a service [PhD thesis] The Universityof Texas at San Antonio 2014 PhD dissertation

[16] M Sookhak F R Yu M K Khan Y Xiang and R BuyyaldquoAttribute-based data access control in mobile cloud comput-ing Taxonomy and open issuesrdquo Future Generation ComputerSystems vol 72 pp 273ndash287 2017

[17] B Lang I Foster F Siebenlist R Ananthakrishnan andT Free-man ldquoA flexible attribute based access control method for gridcomputingrdquo Journal of GridComputing vol 7 no 2 pp 169ndash1802009

[18] C Ngo Y Demchenko and C De Laat ldquoMulti-tenant attribute-based access control for cloud infrastructure servicesrdquo Journalof Information Security and Applications vol 27-28 pp 65ndash842016

[19] Y XuWGaoQ Zeng GWang J Ren andY Zhang ldquoFABACA flexible fuzzy attribute-based access control mechanismrdquo inProceedings of the Proc 10th International Conference on Secu-rity Privacy and Anonymity in Computation Communicationand Storage pp 332ndash343 Springer 2017 pp 332-343

[20] X Liu Q Liu T Peng and J Wu ldquoDynamic access policy incloud-based personal health record (PHR) systemsrdquo Informa-tion Sciences vol 379 pp 62ndash81 2017

[21] IBM Corporation httpswwwibmcomsupportknowledge-centerenSSNGTE 700comibmtspmdoc 70installconceptAttributeBasedAccessControlhtm

[22] ldquoCisco Systems Incrdquo httpswwwciscocomcenustddocssecurityasaasa97asdm77firewallasdm-77-firewall-configvirtual-access-vm-attributespdf

[23] Axiomatics httpswwwaxiomaticscom[24] Jericho SystemsCorporation httpswwwjerichosystemscom

technologyglossarytermsattribute based access controlhtml[25] C Martnez-Garca G Navarro-Arribas and J Borrell Fuzzy

role-based access control vol 111 of Information ProcessingLetters Elsevier 2011 pp 483-487

[26] P-C Cheng P Rohatgi C Keser P A Karger G M Wagnerand A S Reninger ldquoFuzzy multi-level security an experimenton quantified risk-adaptive access controlrdquo in Proceedings of theIEEE Symposium on Security and Privacy (SP rsquo07) pp 222ndash230IEEE Berkeley Calif USA May 2007

[27] N Dimmock A Belokosztolszki D Eyers J Bacon and KMoody ldquoUsing trust and risk in role-based access controlpoliciesrdquo in Proceedings of the Proceedings on the Ninth ACMSymposium on Access Control Models and Technologies SAC-MAT 2004 pp 156ndash162 usa June 2004

[28] Y LiThe research of access control mechanism based on attiubuteand trust evaluation Masters thesis [Master thesis] SouthwestJiaotong University 2016

[29] P NMahalle P AThakre N R Prasad and R Prasad ldquoA fuzzyapproach to trust based access control in internet of thingsrdquo inProceedings of the Proc 3rd International Conference onWirelessCommunications Vehicular Technology InformationTheory andAerospace Electronic Systems (VITAE pp 1ndash5 2013

[30] F Feng C Lin D Peng and J Li ldquoA trust and context basedaccess control model for distributed systemsrdquo in Proceedingsof the Proc 10th IEEE International Conference on High Perfor-mance Computing and Communications pp 629ndash634 2008

[31] R Bhatti E Bertino and A Ghafoor ldquoA trust-based context-aware access control model for web-servicesrdquo Distributed andParallel Databases vol 18 no 1 pp 83ndash105 2005

[32] F J Pelletier ldquoMetamathematics of fuzzy logics by Petr HajekrdquoBulletin of Symbolic Logic vol 6 no 3 pp 342ndash346 2000

[33] E H Mamdani and S Assilian ldquoAn experiment in linguisticsynthesis with a fuzzy logic controllerrdquo International Journal ofMan-Machine Studies vol 7 no 1 pp 1ndash13 1975

[34] J Dombi ldquoMembership function as an evaluationrdquo Fuzzy Setsand Systems vol 35 no 1 pp 1ndash21 1990

[35] DETER Project httpsabacdeterlabnet[36] D Johnson and D Maltz ldquoDynamic source routing in Ad

Hoc wireless networksrdquo in The Kluwer International Series inEngineering and Computer Science vol 353 pp 153ndash181 1996

Security and Communication Networks 9

0

10

20

30G

rant

ed R

atio

7 14 21 280Time (day)

Figure 2 The average granted ratio of requests

benign usersmalicious users

0

10

20

30

40

Gra

nted

Rat

io

7 14 21 280Time (day)

Figure 3 119877119904119901119890119888119894119886119897 of benign and malicious users

Note that in the fourth and fifth cases we forced all theusers to obey the time restriction to articulate the effect ofattribute weights

The experiments last for four weeks and each audit periodis 5 days long All the access histories are recorded in accesslogs for further analyses

62 Analysis

Usability As the granted ratio of requests which fail to meetpolicies (denoted by 119877119904119901119890119888119894119886119897) reflects the extra improvementon immediate resource usability we count up such averagegranted rate based on the Case 1 as shown in Figure 2We canlearn that the average granting rate of exceptional requests ismaintained in a positive range during the experiment whichillustrates the usability increment of FBAC compared withABAC through the employment of fuzzy evaluation method

Security Again based on Case 1 we evaluated the resistanceof FBAC against security risks Figure 3 shows the granted

Table 3 The time cost of the decision-making process

Model Average time (ms) Best time (ms) Worse time (ms)FBAC 0033 0019 0245ABAC 0017 0002 0081

ratios of both benign and malicious user respectively It isclear that 119877119904119901119890119888119894119886119897 of benign users is limited to a certain upperbound by the threshold particularly below 35 in Case 1while that of malicious users is even far lower throughout thetest duration Furthermore it also illustrates that such ratesof both benign and malicious users are further constrainedby credit mechanism With the consumption and partialrecovery of credits controlled by credit and audit mechanism119877119904119901119890119888119894119886119897 of benign users reveals a hysteretic declined trendwithin each audit cycle and will fluctuate along with auditcycles during the testing period When it comes to malicioususers this ratio is decreasing continuously over audit cyclesand is gradually converging to 0

Such results demonstrate that the threshold providesa general and coarse-grained restriction on requests whilecredit system supplies additive restrictive effect on therequests in each audit cycle In addition the auditmechanismis effective in limiting 119877119904119901119890119888119894119886119897 of users with malicious orabnormal behaviors as their credits will be used up easilyand can hardly be restored because of the audit mechanismTherefore the FBAC is sufficient to defend against abuseattacks

Parameter Effects We have tuned two major regulativeparameters in FBAC to explore their potential influence

(1) Threshold To study the impact of the reject threshold weincreased the threshold119867 by 005 in Case 1 Case 2 and Case3 gradually Unsurprisingly Figure 4 illustrates that 119877119904119901119890119888119894119886119897 inFBAC is closely related to the threshold 119867 ie the higher119867 is the lower the granted rate will be Besides although alow119867may accelerate the credit consumption which in turnaffects the granted rate due to the rejection cases caused bycredit insufficiency this side effect is unable to impact themain trend on a macroscale

(2) Attribute Weight When it comes to the attribute weights Cases 4 and 5 were selected for comparison as theyset the time variable to fixed value by obeying the timerestriction and share the same 119862119898119886119909 and 119867 parametersAs seen in Figure 5 the bigger weight coefficient for thelocation attribute in Case 5 leads to a lower granted rate whencompared with that of Case 4 This shows that the weightmechanism can effectively adjust the overall impact of eachattribute on the decision-making process

PerformanceWe evaluated the time cost of decision-makingprocesses of both FBAC and ABAC to measure the per-formance According to the results in Table 3 althoughFBAC wraps ABAC and adds additional mechanisms formaking authorization decisions it only incurs quite light and

10 Security and Communication Networks

0

10

20

30

7 14 21 280Time (day)

(a) 119867 = 080

0

10

20

30

7 14 21 280Time (day)

(b) 119867 = 085

0

10

20

30

7 14 21 280Time (day)

(c) 119867 = 090

Figure 4 119877119904119901119890119888119894119886119897 under different thresholds

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(a) 119908119905 = 04 119908119897 = 06

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(b) 119908119905 = 02 119908119897 = 08

Figure 5 119877119904119901119890119888119894119886119897 under different attribute weights

acceptable overhead in average compared with ABAC whichis almost imperceptible to requesters

7 Conclusion

In this paper a feasible FBAC technique is proposed thatimproves upon the standard ABAC paradigmwith good flex-ibility and time efficiency in dealing with exceptional urgentrequests which do not comfort to policies in the dynamic andunpredictable environment Beyond ABAC we use a fuzzyevaluation method to do unattended special authorizationsfor exceptional requests that failed in policy matching Wealso use credit and corresponding audit mechanisms to limitthe abuse risk of special approvals A tangible example is givento explain the working details which indicates the suitabilityof FBAC in mobile and dynamic scenarios In additionthe theoretical analyses and experimental evaluations showthat the FBAC paradigm reinforces the system in favor oftime efficiency and usability with the controllable expense ofsecurity

In future work we would like to further refine theauthorization decision-making scheme with the support ofthe latest deep learning techniques (eg neural network)to discover benign and riskful access patterns based onthe access behavior mining for helping the FBAC betterdistinguish between benign and malicious requests thereby

enabling more intelligent and accurate handling for excep-tional access cases Moreover we also believe that deployingthe FBAC system in Chinarsquos current Xiangyamedical big datasystemwould havemore practical and exploratorymeanings

Disclosure

This work was presented in part at the SpaCCS 2017Guangzhou China 12ndash15 December 2017

Conflicts of Interest

The authors declare that there are no conflicts of interest

Acknowledgments

This work was supported in part by the National NaturalScience Foundation of China under Grants 61702562 and61472451 the Mobile Health Ministry of Education-ChinaMobile Joint Laboratory the Hunan Provincial Innova-tion Foundation for Postgraduate under Grant CX2015B047the China Scholarship Council Foundation under Grant201506370106 the Guangdong Provincial Natural ScienceFoundation under Grant 2017A030308006 and the JointResearch Project between Tencent andCentral SouthUniver-sity

Security and Communication Networks 11

References

[1] G Fettweis and S Alamouti ldquo5G personal mobile internetbeyond what cellular did to telephonyrdquo IEEE CommunicationsMagazine vol 52 no 2 pp 140ndash145 2014

[2] Y Zhang K Guo J Ren J Wang and J Chen ldquoTransparentcomputing A promising network computing paradigmrdquo Com-puting in Science Engineering vol 19 no 1 p 20 2017

[3] Y Zhang J Ren J Liu C Xu H Guo and Y Liu ldquoA surveyon emerging computing paradigms for big datardquo Journal ofElectronics vol 26 no 1 pp 1ndash12 2017

[4] J He Y Zhang J Lu M Wu and F Huang ldquoBlock-Stream as aService A More Secure Nimble and Dynamically BalancedCloud Service Model for Ambient Computingrdquo IEEE Networkvol 32 no 1 pp 126ndash132 2018

[5] T Peng Q Liu and G Wang ldquoA multilevel access controlscheme for data security in transparent computingrdquo Computingin Science amp Engineering vol 19 no 1 Article ID 7802524 pp46ndash53 2017

[6] I Hardill and A Green ldquoRemote working - Altering the spatialcontours of work and home in the new economyrdquoNew Technol-ogy Work and Employment vol 18 no 3 pp 212ndash222 2003

[7] AM French C Guo and J P Shim ldquoCurrent status issues andfuture of bring your own device (BYOD)rdquo CAIS vol 35 pp 1ndash10 2014

[8] D F Ferraiolo R S Sandhu S Gavrila D R Kuhn and RChandramouli ldquoProposed NIST standard for role-based accesscontrolrdquoACMTransactions on Information and System Securityvol 4 no 3 pp 224ndash274 2001

[9] S Upadhyaya ldquoMandatory access controlrdquo in Encyclopedia ofCryptography and Security pp 756ndash758 Springer 2011

[10] L Liu and M Tamer Ozsu ldquoDiscretionary access controlrdquo inEncyclopedia of Database Systems pp 864ndash866 Springer 2009

[11] V C Hu D Ferraiolo R Kuhn et al ldquoGuide to Attribute BasedAccess Control (ABAC) Definition and Considerationsrdquo Na-tional Institute of Standards and Technology NIST SP 800-1622014

[12] V C Hu D R Kuhn and D F Ferraiolo ldquoAttribute-basedaccess controlrdquoThe Computer Journal vol 48 no 2 Article ID7042715 pp 85ndash88 2015

[13] D Servos and S L Osborn ldquoCurrent research and openproblems in attribute-based access controlrdquo ACM ComputingSurveys vol 49 no 4 article no 65 2017

[14] X Li D Feng Z Chen and Z Fang ldquoModel for attribute basedaccess controlrdquo Journal on Communications vol 29 no 4 pp90ndash98 2008

[15] X JinAttribute-based access control models and implementationin cloud infrastructure as a service [PhD thesis] The Universityof Texas at San Antonio 2014 PhD dissertation

[16] M Sookhak F R Yu M K Khan Y Xiang and R BuyyaldquoAttribute-based data access control in mobile cloud comput-ing Taxonomy and open issuesrdquo Future Generation ComputerSystems vol 72 pp 273ndash287 2017

[17] B Lang I Foster F Siebenlist R Ananthakrishnan andT Free-man ldquoA flexible attribute based access control method for gridcomputingrdquo Journal of GridComputing vol 7 no 2 pp 169ndash1802009

[18] C Ngo Y Demchenko and C De Laat ldquoMulti-tenant attribute-based access control for cloud infrastructure servicesrdquo Journalof Information Security and Applications vol 27-28 pp 65ndash842016

[19] Y XuWGaoQ Zeng GWang J Ren andY Zhang ldquoFABACA flexible fuzzy attribute-based access control mechanismrdquo inProceedings of the Proc 10th International Conference on Secu-rity Privacy and Anonymity in Computation Communicationand Storage pp 332ndash343 Springer 2017 pp 332-343

[20] X Liu Q Liu T Peng and J Wu ldquoDynamic access policy incloud-based personal health record (PHR) systemsrdquo Informa-tion Sciences vol 379 pp 62ndash81 2017

[21] IBM Corporation httpswwwibmcomsupportknowledge-centerenSSNGTE 700comibmtspmdoc 70installconceptAttributeBasedAccessControlhtm

[22] ldquoCisco Systems Incrdquo httpswwwciscocomcenustddocssecurityasaasa97asdm77firewallasdm-77-firewall-configvirtual-access-vm-attributespdf

[23] Axiomatics httpswwwaxiomaticscom[24] Jericho SystemsCorporation httpswwwjerichosystemscom

technologyglossarytermsattribute based access controlhtml[25] C Martnez-Garca G Navarro-Arribas and J Borrell Fuzzy

role-based access control vol 111 of Information ProcessingLetters Elsevier 2011 pp 483-487

[26] P-C Cheng P Rohatgi C Keser P A Karger G M Wagnerand A S Reninger ldquoFuzzy multi-level security an experimenton quantified risk-adaptive access controlrdquo in Proceedings of theIEEE Symposium on Security and Privacy (SP rsquo07) pp 222ndash230IEEE Berkeley Calif USA May 2007

[27] N Dimmock A Belokosztolszki D Eyers J Bacon and KMoody ldquoUsing trust and risk in role-based access controlpoliciesrdquo in Proceedings of the Proceedings on the Ninth ACMSymposium on Access Control Models and Technologies SAC-MAT 2004 pp 156ndash162 usa June 2004

[28] Y LiThe research of access control mechanism based on attiubuteand trust evaluation Masters thesis [Master thesis] SouthwestJiaotong University 2016

[29] P NMahalle P AThakre N R Prasad and R Prasad ldquoA fuzzyapproach to trust based access control in internet of thingsrdquo inProceedings of the Proc 3rd International Conference onWirelessCommunications Vehicular Technology InformationTheory andAerospace Electronic Systems (VITAE pp 1ndash5 2013

[30] F Feng C Lin D Peng and J Li ldquoA trust and context basedaccess control model for distributed systemsrdquo in Proceedingsof the Proc 10th IEEE International Conference on High Perfor-mance Computing and Communications pp 629ndash634 2008

[31] R Bhatti E Bertino and A Ghafoor ldquoA trust-based context-aware access control model for web-servicesrdquo Distributed andParallel Databases vol 18 no 1 pp 83ndash105 2005

[32] F J Pelletier ldquoMetamathematics of fuzzy logics by Petr HajekrdquoBulletin of Symbolic Logic vol 6 no 3 pp 342ndash346 2000

[33] E H Mamdani and S Assilian ldquoAn experiment in linguisticsynthesis with a fuzzy logic controllerrdquo International Journal ofMan-Machine Studies vol 7 no 1 pp 1ndash13 1975

[34] J Dombi ldquoMembership function as an evaluationrdquo Fuzzy Setsand Systems vol 35 no 1 pp 1ndash21 1990

[35] DETER Project httpsabacdeterlabnet[36] D Johnson and D Maltz ldquoDynamic source routing in Ad

Hoc wireless networksrdquo in The Kluwer International Series inEngineering and Computer Science vol 353 pp 153ndash181 1996

10 Security and Communication Networks

0

10

20

30

7 14 21 280Time (day)

(a) 119867 = 080

0

10

20

30

7 14 21 280Time (day)

(b) 119867 = 085

0

10

20

30

7 14 21 280Time (day)

(c) 119867 = 090

Figure 4 119877119904119901119890119888119894119886119897 under different thresholds

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(a) 119908119905 = 04 119908119897 = 06

0

10

20

30

Gra

nted

Rat

io

7 14 21 280Time (day)

(b) 119908119905 = 02 119908119897 = 08

Figure 5 119877119904119901119890119888119894119886119897 under different attribute weights

acceptable overhead in average compared with ABAC whichis almost imperceptible to requesters

7 Conclusion

In this paper a feasible FBAC technique is proposed thatimproves upon the standard ABAC paradigmwith good flex-ibility and time efficiency in dealing with exceptional urgentrequests which do not comfort to policies in the dynamic andunpredictable environment Beyond ABAC we use a fuzzyevaluation method to do unattended special authorizationsfor exceptional requests that failed in policy matching Wealso use credit and corresponding audit mechanisms to limitthe abuse risk of special approvals A tangible example is givento explain the working details which indicates the suitabilityof FBAC in mobile and dynamic scenarios In additionthe theoretical analyses and experimental evaluations showthat the FBAC paradigm reinforces the system in favor oftime efficiency and usability with the controllable expense ofsecurity

In future work we would like to further refine theauthorization decision-making scheme with the support ofthe latest deep learning techniques (eg neural network)to discover benign and riskful access patterns based onthe access behavior mining for helping the FBAC betterdistinguish between benign and malicious requests thereby

enabling more intelligent and accurate handling for excep-tional access cases Moreover we also believe that deployingthe FBAC system in Chinarsquos current Xiangyamedical big datasystemwould havemore practical and exploratorymeanings

Disclosure

This work was presented in part at the SpaCCS 2017Guangzhou China 12ndash15 December 2017

Conflicts of Interest

The authors declare that there are no conflicts of interest

Acknowledgments

This work was supported in part by the National NaturalScience Foundation of China under Grants 61702562 and61472451 the Mobile Health Ministry of Education-ChinaMobile Joint Laboratory the Hunan Provincial Innova-tion Foundation for Postgraduate under Grant CX2015B047the China Scholarship Council Foundation under Grant201506370106 the Guangdong Provincial Natural ScienceFoundation under Grant 2017A030308006 and the JointResearch Project between Tencent andCentral SouthUniver-sity

Security and Communication Networks 11

References

[1] G Fettweis and S Alamouti ldquo5G personal mobile internetbeyond what cellular did to telephonyrdquo IEEE CommunicationsMagazine vol 52 no 2 pp 140ndash145 2014

[2] Y Zhang K Guo J Ren J Wang and J Chen ldquoTransparentcomputing A promising network computing paradigmrdquo Com-puting in Science Engineering vol 19 no 1 p 20 2017

[3] Y Zhang J Ren J Liu C Xu H Guo and Y Liu ldquoA surveyon emerging computing paradigms for big datardquo Journal ofElectronics vol 26 no 1 pp 1ndash12 2017

[4] J He Y Zhang J Lu M Wu and F Huang ldquoBlock-Stream as aService A More Secure Nimble and Dynamically BalancedCloud Service Model for Ambient Computingrdquo IEEE Networkvol 32 no 1 pp 126ndash132 2018

[5] T Peng Q Liu and G Wang ldquoA multilevel access controlscheme for data security in transparent computingrdquo Computingin Science amp Engineering vol 19 no 1 Article ID 7802524 pp46ndash53 2017

[6] I Hardill and A Green ldquoRemote working - Altering the spatialcontours of work and home in the new economyrdquoNew Technol-ogy Work and Employment vol 18 no 3 pp 212ndash222 2003

[7] AM French C Guo and J P Shim ldquoCurrent status issues andfuture of bring your own device (BYOD)rdquo CAIS vol 35 pp 1ndash10 2014

[8] D F Ferraiolo R S Sandhu S Gavrila D R Kuhn and RChandramouli ldquoProposed NIST standard for role-based accesscontrolrdquoACMTransactions on Information and System Securityvol 4 no 3 pp 224ndash274 2001

[9] S Upadhyaya ldquoMandatory access controlrdquo in Encyclopedia ofCryptography and Security pp 756ndash758 Springer 2011

[10] L Liu and M Tamer Ozsu ldquoDiscretionary access controlrdquo inEncyclopedia of Database Systems pp 864ndash866 Springer 2009

[11] V C Hu D Ferraiolo R Kuhn et al ldquoGuide to Attribute BasedAccess Control (ABAC) Definition and Considerationsrdquo Na-tional Institute of Standards and Technology NIST SP 800-1622014

[12] V C Hu D R Kuhn and D F Ferraiolo ldquoAttribute-basedaccess controlrdquoThe Computer Journal vol 48 no 2 Article ID7042715 pp 85ndash88 2015

[13] D Servos and S L Osborn ldquoCurrent research and openproblems in attribute-based access controlrdquo ACM ComputingSurveys vol 49 no 4 article no 65 2017

[14] X Li D Feng Z Chen and Z Fang ldquoModel for attribute basedaccess controlrdquo Journal on Communications vol 29 no 4 pp90ndash98 2008

[15] X JinAttribute-based access control models and implementationin cloud infrastructure as a service [PhD thesis] The Universityof Texas at San Antonio 2014 PhD dissertation

[16] M Sookhak F R Yu M K Khan Y Xiang and R BuyyaldquoAttribute-based data access control in mobile cloud comput-ing Taxonomy and open issuesrdquo Future Generation ComputerSystems vol 72 pp 273ndash287 2017

[17] B Lang I Foster F Siebenlist R Ananthakrishnan andT Free-man ldquoA flexible attribute based access control method for gridcomputingrdquo Journal of GridComputing vol 7 no 2 pp 169ndash1802009

[18] C Ngo Y Demchenko and C De Laat ldquoMulti-tenant attribute-based access control for cloud infrastructure servicesrdquo Journalof Information Security and Applications vol 27-28 pp 65ndash842016

[19] Y XuWGaoQ Zeng GWang J Ren andY Zhang ldquoFABACA flexible fuzzy attribute-based access control mechanismrdquo inProceedings of the Proc 10th International Conference on Secu-rity Privacy and Anonymity in Computation Communicationand Storage pp 332ndash343 Springer 2017 pp 332-343

[20] X Liu Q Liu T Peng and J Wu ldquoDynamic access policy incloud-based personal health record (PHR) systemsrdquo Informa-tion Sciences vol 379 pp 62ndash81 2017

[21] IBM Corporation httpswwwibmcomsupportknowledge-centerenSSNGTE 700comibmtspmdoc 70installconceptAttributeBasedAccessControlhtm

[22] ldquoCisco Systems Incrdquo httpswwwciscocomcenustddocssecurityasaasa97asdm77firewallasdm-77-firewall-configvirtual-access-vm-attributespdf

[23] Axiomatics httpswwwaxiomaticscom[24] Jericho SystemsCorporation httpswwwjerichosystemscom

technologyglossarytermsattribute based access controlhtml[25] C Martnez-Garca G Navarro-Arribas and J Borrell Fuzzy

role-based access control vol 111 of Information ProcessingLetters Elsevier 2011 pp 483-487

[26] P-C Cheng P Rohatgi C Keser P A Karger G M Wagnerand A S Reninger ldquoFuzzy multi-level security an experimenton quantified risk-adaptive access controlrdquo in Proceedings of theIEEE Symposium on Security and Privacy (SP rsquo07) pp 222ndash230IEEE Berkeley Calif USA May 2007

[27] N Dimmock A Belokosztolszki D Eyers J Bacon and KMoody ldquoUsing trust and risk in role-based access controlpoliciesrdquo in Proceedings of the Proceedings on the Ninth ACMSymposium on Access Control Models and Technologies SAC-MAT 2004 pp 156ndash162 usa June 2004

[28] Y LiThe research of access control mechanism based on attiubuteand trust evaluation Masters thesis [Master thesis] SouthwestJiaotong University 2016

[29] P NMahalle P AThakre N R Prasad and R Prasad ldquoA fuzzyapproach to trust based access control in internet of thingsrdquo inProceedings of the Proc 3rd International Conference onWirelessCommunications Vehicular Technology InformationTheory andAerospace Electronic Systems (VITAE pp 1ndash5 2013

[30] F Feng C Lin D Peng and J Li ldquoA trust and context basedaccess control model for distributed systemsrdquo in Proceedingsof the Proc 10th IEEE International Conference on High Perfor-mance Computing and Communications pp 629ndash634 2008

[31] R Bhatti E Bertino and A Ghafoor ldquoA trust-based context-aware access control model for web-servicesrdquo Distributed andParallel Databases vol 18 no 1 pp 83ndash105 2005

[32] F J Pelletier ldquoMetamathematics of fuzzy logics by Petr HajekrdquoBulletin of Symbolic Logic vol 6 no 3 pp 342ndash346 2000

[33] E H Mamdani and S Assilian ldquoAn experiment in linguisticsynthesis with a fuzzy logic controllerrdquo International Journal ofMan-Machine Studies vol 7 no 1 pp 1ndash13 1975

[34] J Dombi ldquoMembership function as an evaluationrdquo Fuzzy Setsand Systems vol 35 no 1 pp 1ndash21 1990

[35] DETER Project httpsabacdeterlabnet[36] D Johnson and D Maltz ldquoDynamic source routing in Ad

Hoc wireless networksrdquo in The Kluwer International Series inEngineering and Computer Science vol 353 pp 153ndash181 1996

Security and Communication Networks 11

References

[1] G Fettweis and S Alamouti ldquo5G personal mobile internetbeyond what cellular did to telephonyrdquo IEEE CommunicationsMagazine vol 52 no 2 pp 140ndash145 2014

[2] Y Zhang K Guo J Ren J Wang and J Chen ldquoTransparentcomputing A promising network computing paradigmrdquo Com-puting in Science Engineering vol 19 no 1 p 20 2017

[3] Y Zhang J Ren J Liu C Xu H Guo and Y Liu ldquoA surveyon emerging computing paradigms for big datardquo Journal ofElectronics vol 26 no 1 pp 1ndash12 2017

[4] J He Y Zhang J Lu M Wu and F Huang ldquoBlock-Stream as aService A More Secure Nimble and Dynamically BalancedCloud Service Model for Ambient Computingrdquo IEEE Networkvol 32 no 1 pp 126ndash132 2018

[5] T Peng Q Liu and G Wang ldquoA multilevel access controlscheme for data security in transparent computingrdquo Computingin Science amp Engineering vol 19 no 1 Article ID 7802524 pp46ndash53 2017

[6] I Hardill and A Green ldquoRemote working - Altering the spatialcontours of work and home in the new economyrdquoNew Technol-ogy Work and Employment vol 18 no 3 pp 212ndash222 2003

[7] AM French C Guo and J P Shim ldquoCurrent status issues andfuture of bring your own device (BYOD)rdquo CAIS vol 35 pp 1ndash10 2014

[8] D F Ferraiolo R S Sandhu S Gavrila D R Kuhn and RChandramouli ldquoProposed NIST standard for role-based accesscontrolrdquoACMTransactions on Information and System Securityvol 4 no 3 pp 224ndash274 2001

[9] S Upadhyaya ldquoMandatory access controlrdquo in Encyclopedia ofCryptography and Security pp 756ndash758 Springer 2011

[10] L Liu and M Tamer Ozsu ldquoDiscretionary access controlrdquo inEncyclopedia of Database Systems pp 864ndash866 Springer 2009

[11] V C Hu D Ferraiolo R Kuhn et al ldquoGuide to Attribute BasedAccess Control (ABAC) Definition and Considerationsrdquo Na-tional Institute of Standards and Technology NIST SP 800-1622014

[12] V C Hu D R Kuhn and D F Ferraiolo ldquoAttribute-basedaccess controlrdquoThe Computer Journal vol 48 no 2 Article ID7042715 pp 85ndash88 2015

[13] D Servos and S L Osborn ldquoCurrent research and openproblems in attribute-based access controlrdquo ACM ComputingSurveys vol 49 no 4 article no 65 2017

[14] X Li D Feng Z Chen and Z Fang ldquoModel for attribute basedaccess controlrdquo Journal on Communications vol 29 no 4 pp90ndash98 2008

[15] X JinAttribute-based access control models and implementationin cloud infrastructure as a service [PhD thesis] The Universityof Texas at San Antonio 2014 PhD dissertation

[16] M Sookhak F R Yu M K Khan Y Xiang and R BuyyaldquoAttribute-based data access control in mobile cloud comput-ing Taxonomy and open issuesrdquo Future Generation ComputerSystems vol 72 pp 273ndash287 2017

[17] B Lang I Foster F Siebenlist R Ananthakrishnan andT Free-man ldquoA flexible attribute based access control method for gridcomputingrdquo Journal of GridComputing vol 7 no 2 pp 169ndash1802009

[18] C Ngo Y Demchenko and C De Laat ldquoMulti-tenant attribute-based access control for cloud infrastructure servicesrdquo Journalof Information Security and Applications vol 27-28 pp 65ndash842016

[19] Y XuWGaoQ Zeng GWang J Ren andY Zhang ldquoFABACA flexible fuzzy attribute-based access control mechanismrdquo inProceedings of the Proc 10th International Conference on Secu-rity Privacy and Anonymity in Computation Communicationand Storage pp 332ndash343 Springer 2017 pp 332-343

[20] X Liu Q Liu T Peng and J Wu ldquoDynamic access policy incloud-based personal health record (PHR) systemsrdquo Informa-tion Sciences vol 379 pp 62ndash81 2017

[21] IBM Corporation httpswwwibmcomsupportknowledge-centerenSSNGTE 700comibmtspmdoc 70installconceptAttributeBasedAccessControlhtm

[22] ldquoCisco Systems Incrdquo httpswwwciscocomcenustddocssecurityasaasa97asdm77firewallasdm-77-firewall-configvirtual-access-vm-attributespdf

[23] Axiomatics httpswwwaxiomaticscom[24] Jericho SystemsCorporation httpswwwjerichosystemscom

technologyglossarytermsattribute based access controlhtml[25] C Martnez-Garca G Navarro-Arribas and J Borrell Fuzzy

role-based access control vol 111 of Information ProcessingLetters Elsevier 2011 pp 483-487

[26] P-C Cheng P Rohatgi C Keser P A Karger G M Wagnerand A S Reninger ldquoFuzzy multi-level security an experimenton quantified risk-adaptive access controlrdquo in Proceedings of theIEEE Symposium on Security and Privacy (SP rsquo07) pp 222ndash230IEEE Berkeley Calif USA May 2007

[27] N Dimmock A Belokosztolszki D Eyers J Bacon and KMoody ldquoUsing trust and risk in role-based access controlpoliciesrdquo in Proceedings of the Proceedings on the Ninth ACMSymposium on Access Control Models and Technologies SAC-MAT 2004 pp 156ndash162 usa June 2004

[28] Y LiThe research of access control mechanism based on attiubuteand trust evaluation Masters thesis [Master thesis] SouthwestJiaotong University 2016

[29] P NMahalle P AThakre N R Prasad and R Prasad ldquoA fuzzyapproach to trust based access control in internet of thingsrdquo inProceedings of the Proc 3rd International Conference onWirelessCommunications Vehicular Technology InformationTheory andAerospace Electronic Systems (VITAE pp 1ndash5 2013

[30] F Feng C Lin D Peng and J Li ldquoA trust and context basedaccess control model for distributed systemsrdquo in Proceedingsof the Proc 10th IEEE International Conference on High Perfor-mance Computing and Communications pp 629ndash634 2008

[31] R Bhatti E Bertino and A Ghafoor ldquoA trust-based context-aware access control model for web-servicesrdquo Distributed andParallel Databases vol 18 no 1 pp 83ndash105 2005

[32] F J Pelletier ldquoMetamathematics of fuzzy logics by Petr HajekrdquoBulletin of Symbolic Logic vol 6 no 3 pp 342ndash346 2000

[33] E H Mamdani and S Assilian ldquoAn experiment in linguisticsynthesis with a fuzzy logic controllerrdquo International Journal ofMan-Machine Studies vol 7 no 1 pp 1ndash13 1975

[34] J Dombi ldquoMembership function as an evaluationrdquo Fuzzy Setsand Systems vol 35 no 1 pp 1ndash21 1990

[35] DETER Project httpsabacdeterlabnet[36] D Johnson and D Maltz ldquoDynamic source routing in Ad

Hoc wireless networksrdquo in The Kluwer International Series inEngineering and Computer Science vol 353 pp 153ndash181 1996

International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018

Hindawiwwwhindawicom Volume 2018

Active and Passive Electronic Components

VLSI Design

Hindawiwwwhindawicom Volume 2018

Hindawiwwwhindawicom Volume 2018

Shock and Vibration

Hindawiwwwhindawicom Volume 2018

Civil EngineeringAdvances in

Acoustics and VibrationAdvances in

Hindawiwwwhindawicom Volume 2018

Hindawiwwwhindawicom Volume 2018

Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of

Hindawiwwwhindawicom Volume 2018

Hindawiwwwhindawicom

Journal ofEngineeringVolume 2018

SensorsJournal of

Hindawiwwwhindawicom Volume 2018

International Journal of

RotatingMachinery

Hindawiwwwhindawicom Volume 2018

Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018

Hindawiwwwhindawicom Volume 2018

Chemical EngineeringInternational Journal of Antennas and

Propagation

International Journal of

Hindawiwwwhindawicom Volume 2018

Hindawiwwwhindawicom Volume 2018

Navigation and Observation

International Journal of

Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom