A Survey of Context-Aware Access Control Mechanisms for Cloud and Fog Networks: Taxonomy and Open Research Issues

A Weighted GraphSAGE-Based Context-Aware Approach for Big Data Access Control

Context information is the key element to realizing dynamic access control of big data. However, existing context-aware access control (CAAC) methods do not support automatic context awareness and cannot automatically model and reason about context relationships. To solve these problems, this article proposes a weighted GraphSAGE-based context-aware approach for big data access control. First, graph modeling is performed on the access record data set and transforms the access control context-awareness problem into a graph neural network (GNN) node learning problem. Then, a GNN model WGraphSAGE is proposed to achieve automatic context awareness and automatic generation of CAAC rules. Finally, weighted neighbor sampling and weighted aggregation algorithms are designed for the model to realize automatic modeling and reasoning of node relationships and relationship strengths simultaneously in the graph node learning process. The experiment results show that the proposed method has obvious advantages in context awareness and context relationship reasoning compared with similar GNN models. Meanwhile, it obtains better results in dynamic access control decisions than the existing CAAC models.

N-Accesses: A Blockchain-Based Access Control Framework for Secure IoT Data Management

With the rapid advancement of network communication and big data technologies, the Internet of Things (IoT) has permeated every facet of our lives. Meanwhile, the interconnected IoT devices have generated a substantial volume of data, which possess both economic and strategic value. However, owing to the inherently open nature of IoT environments and the limited capabilities and the distributed deployment of IoT devices, traditional access control methods fall short in addressing the challenges of secure IoT data management. On the one hand, the single point of failure issue is inevitable for the centralized access control schemes. On the other hand, most decentralized access control schemes still face problems such as token underutilization, the insecure distribution of user permissions, and inefficiency.This paper introduces a blockchain-based access control framework to address these challenges. Specifically, the proposed framework enables data owners to host their data and achieves user-defined lightweight data management. Additionally, through the strategic amalgamation of smart contracts and hash-chains, our access control scheme can limit the number of times (i.e., n-times access) a user can access the IoT data before the deadline. This also means that users can utilize their tokens multiple times (predefined by the data owner) within the deadline, thereby improving token utilization while ensuring strict access control. Furthermore, by leveraging the intrinsic characteristics of blockchain, our framework allows data owners to gain capabilities for auditing the access records of their data and verifying them. To empirically validate the effectiveness of our proposed framework and approach, we conducted extensive simulations, and the experimental results demonstrated the feasibility and efficiency of our solution.

Novel intelligent architecture and approximate solution for future networks

Private networks have become popular for secure data sharing and anonymous communication in many domains: enterprise environments, military, journalism, telecommunication, healthcare, to name a few. It has been used with or without internet connection. Its primary purpose is to provide confidentiality, bypass unlawful activities, and protect against common threats such as interception, modification, and censorship. In addition, several private network technologies exist to support secure communications. However, they mostly rely on encryption only. The transmitted data is classified into different confidentiality levels. This research presents a smart private network architecture scheme that transmits constraint-based classified packets. The main directive of this work is the proposed constraint. This constraint is meant to enforce that if two packets belong to the same confidentiality level, they can't be transmitted through the two routers simultaneously. Therefore, the studied problem is an NP-hard problem. This paper presents the following contributions: (i) proposes a new architecture paradigm for outsourcing a constraint-based multi-classified data sharing securely and transmitted through two routers; (ii) introduces several algorithms to prove the feasibility for this NP-Hard problem; and (iii) implements the algorithms solutions using C++ and compares their performance. Different metrics are used to measure the performance of the proposed algorithms. Randomized Longest Transmission time first algorithm [Formula: see text] scored the best algorithm with a percentage of 73.5% and an average gap of 0.002 according to the experimental results. It is remarkable worthy to note that the execution time of all the algorithms is less than 0.001 s.

An Intelligent Approach Based on Cleaning up of Inutile Contents for Extremism Detection and Classification in Social Networks

Extremism is a growing threat worldwide that presents a significant danger to public safety and national security. Social networks provide extremists with spaces to spread their ideas through commentaries or tweets, often in Asian English. In this paper, we propose an intelligent approach that cleans the text’s content, analyzes its sentiment and extracts its features after converting it to digital data for machine learning treatments. We apply sixteen intelligent machine learning classifiers for extremism detection and classification. The proposed artificial intelligence methods for Asian English language data are used to extract the essential features from the text. Our evaluation of the proposed model with an extremism dataset proves its effectiveness compared to the standard classification models based on various performance metrics. The proposed model achieves  \(93,6\% \) accuracy for extremism detection and  \(97,0\% \) for extremism classification.

InteliRank: A Four-Pronged Agent for the Intelligent Ranking of Cloud Services Based on End-Users' Feedback

Cloud Computing (CC) provides a combination of technologies that allows the user to use the most resources in the least amount of time and with the least amount of money. CC semantics play a critical role in ranking heterogeneous data by using the properties of different cloud services and then achieving the optimal cloud service. Regardless of the efforts made to enable simple access to this CC innovation, in the presence of various organizations delivering comparative services at varying cost and execution levels, it is far more difficult to identify the ideal cloud service based on the user's requirements. In this research, we propose a Cloud-Services-Ranking Agent (CSRA) for analyzing cloud services using end-users' feedback, including Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Software as a Service (SaaS), based on ontology mapping and selecting the optimal service. The proposed CSRA possesses Machine-Learning (ML) techniques for ranking cloud services using parameters such as availability, security, reliability, and cost. Here, the Quality of Web Service (QWS) dataset is used, which has seven major cloud services categories, ranked from 0-6, to extract the required persuasive features through Sequential Minimal Optimization Regression (SMOreg). The classification outcomes through SMOreg are capable and demonstrate a general accuracy of around 98.71% in identifying optimum cloud services through the identified parameters. The main advantage of SMOreg is that the amount of memory required for SMO is linear. The findings show that our improved model in terms of precision outperforms prevailing techniques such as Multilayer Perceptron (MLP) and Linear Regression (LR).

The Impact of Artificial Intelligence on Data System Security: A Literature Review

Diverse forms of artificial intelligence (AI) are at the forefront of triggering digital security innovations based on the threats that are arising in this post-COVID world. On the one hand, companies are experiencing difficulty in dealing with security challenges with regard to a variety of issues ranging from system openness, decision making, quality control, and web domain, to mention a few. On the other hand, in the last decade, research has focused on security capabilities based on tools such as platform complacency, intelligent trees, modeling methods, and outage management systems in an effort to understand the interplay between AI and those issues. the dependence on the emergence of AI in running industries and shaping the education, transports, and health sectors is now well known in the literature. AI is increasingly employed in managing data security across economic sectors. Thus, a literature review of AI and system security within the current digital society is opportune. This paper aims at identifying research trends in the field through a systematic bibliometric literature review (LRSB) of research on AI and system security. the review entails 77 articles published in the Scopus^® database, presenting up-to-date knowledge on the topic. the LRSB results were synthesized across current research subthemes. Findings are presented. the originality of the paper relies on its LRSB method, together with an extant review of articles that have not been categorized so far. Implications for future research are suggested.

Secure Outsourcing of Matrix Determinant Computation under the Malicious Cloud

Computing the determinant of large matrix is a time-consuming task, which is appearing more and more widely in science and engineering problems in the era of big data. Fortunately, cloud computing can provide large storage and computation resources, and thus, act as an ideal platform to complete computation outsourced from resource-constrained devices. However, cloud computing also causes security issues. For example, the curious cloud may spy on user privacy through outsourced data. The malicious cloud violating computing scripts, as well as cloud hardware failure, will lead to incorrect results. Therefore, we propose a secure outsourcing algorithm to compute the determinant of large matrix under the malicious cloud mode in this paper. The algorithm protects the privacy of the original matrix by applying row/column permutation and other transformations to the matrix. To resist malicious cheating on the computation tasks, a new verification method is utilized in our algorithm. Unlike previous algorithms that require multiple rounds of verification, our verification requires only one round without trading off the cheating detectability, which greatly reduces the local computation burden. Both theoretical and experimental analysis demonstrate that our algorithm achieves a better efficiency on local users than previous ones on various dimensions of matrices, without sacrificing the security requirements in terms of privacy protection and cheating detectability.

Business Intelligence: Business Evolution after Industry 4.0

Industry 4.0 is a set of technologies that companies require to promote innovation strategies and obtain a rapid response in dynamic markets. It focuses mainly on interconnectivity, digital technology, predictive analytics and machine learning to revolutionize the way companies operate and develop. Therefore, this article proposes and motivates the implementation of Industry 4.0 in organizations. Studying the state of the art and reviewing the current situation of business intelligence (BI) technology, the way it has positively impacted organizations at the economic and business level in terms of decision-making and some success stories implemented in different business, academic, social and governmental environments. Moreover, it addresses the future expected for Industry 4.0 primarily in BI and how companies should face this revolution. This article provides knowledge contribution about the current state and positive consequences of Industry 4.0, and high development in technology when implemented in the organization and the harmonization between production and intelligent digital technology.

Method to Increase Dependability in a Cloud-Fog-Edge Environment

Robots can be very different, from humanoids to intelligent self-driving cars or just IoT systems that collect and process local sensors’ information. This paper presents a way to increase dependability for information exchange and processing in systems with Cloud-Fog-Edge architectures. In an ideal interconnected world, the recognized and registered robots must be able to communicate with each other if they are close enough, or through the Fog access points without overloading the Cloud. In essence, the presented work addresses the Edge area and how the devices can communicate in a safe and secure environment using cryptographic methods for structured systems. The presented work emphasizes the importance of security in a system’s dependability and offers a communication mechanism for several robots without overburdening the Cloud. This solution is ideal to be used where various monitoring and control aspects demand extra degrees of safety. The extra private keys employed by this procedure further enhance algorithm complexity, limiting the probability that the method may be broken by brute force or systemic attacks.

Prioritized Task Distribution Considering Opportunistic Fog Computing Nodes

As service latency and core network load relates to performance issues in the conventional cloud-based computing environment, the fog computing system has gained a lot of interest. However, since the load can be concentrated on specific fog computing nodes because of spatial and temporal service characteristics, performance degradation can occur, resulting in quality of service (QoS) degradation, especially for delay-sensitive services. Therefore, this paper proposes a prioritized task distribution scheme, which considers static as well as opportunistic fog computing nodes according to their mobility feature. Based on the requirements of offloaded tasks, the proposed scheme supports delay sensitive task processing at the static fog node and delay in-sensitive tasks by means of opportunistic fog nodes for task distribution. To assess the performance of the proposed scheme, we develop an analytic model for the service response delay. Extensive simulation results are given to validate the analytic model and to show the performance of the proposed scheme, compared to the conventional schemes in terms of service response delay and outage probability.

Using Secure Multi-Party Computation to Protect Privacy on a Permissioned Blockchain

The development of information technology has brought great convenience to our lives, but at the same time, the unfairness and privacy issues brought about by traditional centralized systems cannot be ignored. Blockchain is a peer-to-peer and decentralized ledger technology that has the characteristics of transparency, consistency, traceability and fairness, but it reveals private information in some scenarios. Secure multi-party computation (MPC) guarantees enhanced privacy and correctness, so many researchers have been trying to combine secure MPC with blockchain to deal with privacy and trust issues. In this paper, we used homomorphic encryption, secret sharing and zero-knowledge proofs to construct a publicly verifiable secure MPC protocol consisting of two parts—an on-chain computation phase and an off-chain preprocessing phase—and we integrated the protocol as part of the chaincode in Hyperledger Fabric to protect the privacy of transaction data. Experiments showed that our solution performed well on a permissioned blockchain. Most of the time taken to complete the protocol was spent on communication, so the performance has a great deal of room to grow.

An Empirical Analysis of Test Input Generation Tools for Android Apps through a Sequence of Events

Graphical User Interface (GUI) testing of Android apps has gained considerable interest from the industries and research community due to its excellent capability to verify the operational requirements of GUI components. To date, most of the existing GUI testing tools for Android apps are capable of generating test inputs by using different approaches and improve the Android apps’ code coverage and fault detection performance. Many previous studies have evaluated the code coverage and crash detection performances of GUI testing tools in the literature. However, very few studies have investigated the effectiveness of the test input generation tools, especially in the events sequence length of the overall test coverage and crash detection. The event sequence length generally shows the number of steps required by the test input generation tools to detect a crash. It is critical to highlight its effectiveness due to its significant effects on time, testing effort, and computational cost. Thus, this study evaluated the effectiveness of six test input generation tools for Android apps that support the system events generation on 50 Android apps. The generation tools were evaluated and compared based on the activity coverage, method coverage, and capability in detecting crashes. Through a critical analysis of the results, this study identifies the diversity and similarity of test input generation tools for Android apps to provide a clear picture of the current state of the art. The results revealed that a long events sequence performed better than a shorter events sequence. However, a long events sequence led to a minor positive effect on the coverage and crash detection. Moreover, the study showed that the tools achieved less than 40% of the method coverage and 67% of the activity coverage.

A Safe-Region Imputation Method for Handling Medical Data with Missing Values

Medical data usually have missing values; hence, imputation methods have become an important issue. In previous studies, many imputation methods based on variable data had a multivariate normal distribution, such as expectation-maximization and regression-based imputation. These assumptions may lead to deviations in the results, which sometimes create a bottleneck. In addition, directly deleting instances with missing values may have several problems, such as losing important data, producing invalid research samples, and leading to research deviations. Therefore, this study proposed a safe-region imputation method for handling medical data with missing values; we also built a medical prediction model and compared the removed missing values with imputation methods in terms of the generated rules, accuracy, and AUC. First, this study used the kNN imputation, multiple imputation, and the proposed imputation to impute the missing data and then applied four attribute selection methods to select the important attributes. Then, we used the decision tree (C4.5), random forest, REP tree, and LMT classifier to generate the rules, accuracy, and AUC for comparison. Because there were four datasets with imbalanced classes (asymmetric classes), the AUC was an important criterion. In the experiment, we collected four open medical datasets from UCI and one international stroke trial dataset. The results show that the proposed safe-region imputation is better than the listing imputation methods and after imputing offers better results than directly deleting instances with missing values in the number of rules, accuracy, and AUC. These results will provide a reference for medical stakeholders.

Satellite-Aided Consensus Protocol for Scalable Blockchains

In this work, we propose a satellite-aided permissionless consensus protocol for scalable space–terrestrial blockchains. We design its working principle and workflow by taking full advantage of satellites for extensive coverage and ubiquitous connectivity. Based on the proposed protocol, we demonstrate how such a space–terrestrial blockchain grows and evolves through several typical cases in the presence of adversarial nodes, user misbehavior, and transmission outage. Taking proof of work (PoW) as a benchmark, we assess the system security by considering both adversarial miners and possible colluding satellites. Then, we analyze the maximum blockchain throughput under network capacity limits and evaluate the impact of information propagation delay via a Markov model. Simulation results support that the proposed satellite-aided consensus protocol achieves higher throughput and exhibits greater scalability than PoW.

A Lightweight Authentication and Key Agreement Schemes for IoT Environments

In the Internet of Things (IoT) environment, more types of devices than ever before are connected to the internet to provide IoT services. Smart devices are becoming more intelligent and improving performance, but there are devices with little computing power and low storage capacity. Devices with limited resources will have difficulty applying existing public key cryptography systems to provide security. Therefore, communication protocols for various kinds of participating devices should be applicable in the IoT environment, and these protocols should be lightened for resources-restricted devices. Security is an essential element in the IoT environment, so for secure communication, it is necessary to perform authentication between the communication objects and to generate the session key. In this paper, we propose two kinds of lightweight authentication and key agreement schemes to enable fast and secure authentication among the objects participating in the IoT environment. The first scheme is an authentication and key agreement scheme with limited resource devices that can use the elliptic curve Qu–Vanstone (ECQV) implicit certificate to quickly agree on the session key. The second scheme is also an authentication and key agreement scheme that can be used more securely, but slower than first scheme using certificateless public key cryptography (CL-PKC). In addition, we compare and analyze existing schemes and propose new schemes to improve security requirements that were not satisfactory.

Towards a Formal IoT Security Model

The heterogeneity of Internet of Things (IoT) systems has so far prevented the definition of adequate standards, hence making it difficult to compare meaningfully the security degree of diverse architectural choices. This task can be nonetheless achieved with formal methodologies. However, the dedicated IoT literature shows no evidence of a universal model allowing the security evaluation of any arbitrary system. Based on these considerations, we propose a new model that aims at being global and all-encompassing. Our model can be used to fairly analyse the security level of different IoT systems and compare them in a significant way. It is designed to be adaptive with realistic definitions of the adversary’s (1) actions of interacting with IoT systems; (2) capabilities of accessing the data generated by and exchanged in IoT systems with established rules; and (3) objectives of attacking IoT systems according to the four recognised security properties of confidentiality, integrity, availability and soundness. Such a design enables the straightforward characterization of new adversaries. It further helps in providing a fine-grained security evaluation of IoT systems by either accurately describing attacks against the analysed systems or formally proving their guaranteed level of security.

Security, Privacy, and Trustworthiness of Sensor Networks and Internet of Things

This editorial gives an overview of the papers included in the Special Issue on “Security, Privacy, and Trustworthiness of Sensor Networks and Internet of Things” of Sensors. The context of the special issue theme is first briefly described. This is then followed by an outline of each paper that provides information on the problem addressed; the proposed solution/approach; and, where relevant, the results of the evaluation of the proposed solution.

Big Picture on Privacy Enhancing Technologies in e-Health: A Holistic Personal Privacy Workflow

The collection and processing of personal data offers great opportunities for technological advances, but the accumulation of vast amounts of personal data also increases the risk of misuse for malicious intentions, especially in health care. Therefore, personal data are legally protected, e.g., by the European General Data Protection Regulation (GDPR), which states that individuals must be transparently informed and have the right to take control over the processing of their personal data. In real applications privacy policies are used to fulfill these requirements which can be negotiated via user interfaces. The literature proposes privacy languages as an electronic format for privacy policies while the users privacy preferences are represented by preference languages. However, this is only the beginning of the personal data life-cycle, which also includes the processing of personal data and its transfer to various stakeholders. In this work we define a personal privacy workflow, considering the negotiation of privacy policies, privacy-preserving processing and secondary use of personal data, in context of health care data processing to survey applicable Privacy Enhancing Technologies (PETs) to ensure the individuals’ privacy. Based on a broad literature review we identify open research questions for each step of the workflow.

A Comprehensive and Systematic Survey on the Internet of Things: Security and Privacy Challenges, Security Frameworks, Enabling Technologies, Threats, Vulnerabilities and Countermeasures

The Internet of Things (IoT) has experienced constant growth in the number of devices deployed and the range of applications in which such devices are used. They vary widely in size, computational power, capacity storage, and energy. The explosive growth and integration of IoT in different domains and areas of our daily lives has created an Internet of Vulnerabilities (IoV). In the rush to build and implement IoT devices, security and privacy have not been adequately addressed. IoT devices, many of which are highly constrained, are vulnerable to cyber attacks, which threaten the security and privacy of users and systems. This survey provides a comprehensive overview of IoT in regard to areas of application, security architecture frameworks, recent security and privacy issues in IoT, as well as a review of recent similar studies on IoT security and privacy. In addition, the paper presents a comprehensive taxonomy of attacks on IoT based on the three-layer architecture model; perception, network, and application layers, as well as a suggestion of the impact of these attacks on CIA objectives in representative devices, are presented. Moreover, the study proposes mitigations and countermeasures, taking a multi-faceted approach rather than a per layer approach. Open research areas are also covered to provide researchers with the most recent research urgent questions in regard to securing IoT ecosystem.