The University of Southampton
University of Southampton Institutional Repository

Efficient NFS model for risk estimation in a risk-based access control model

Efficient NFS model for risk estimation in a risk-based access control model
Efficient NFS model for risk estimation in a risk-based access control model
Providing a dynamic access control model that uses real-time features to make access decisions for IoT applications is one of the research gaps that many researchers are trying to tackle. This is because existing access control models are built using static and predefined policies that always give the same result in different situations and cannot adapt to changing and unpredicted situations. One of the dynamic models that utilize real-time and contextual features to make access decisions is the risk-based access control model. This model performs a risk analysis on each access request to permit or deny access dynamically based on the estimated risk value. However, the major issue associated with building this model is providing a dynamic, reliable, and accurate risk estimation technique, especially when there is no available dataset to describe risk likelihood and impact. Therefore, this paper proposes a Neuro-Fuzzy System (NFS) model to estimate the security risk value associated with each access request. The proposed NFS model was trained using three learning algorithms: Levenberg–Marquardt (LM), Conjugate Gradient with Fletcher–Reeves (CGF), and Scaled Conjugate Gradient (SCG). The results demonstrated that the LM algorithm is the optimal learning algorithm to implement the NFS model for risk estimation. The results also demonstrated that the proposed NFS model provides a short and efficient processing time, which can provide timeliness risk estimation technique for various IoT applications. The proposed NFS model was evaluated against access control scenarios of a children’s hospital, and the results demonstrated that the proposed model can be applied to provide dynamic and contextual-aware access decisions based on real-time features.
Internet of Things, NFS model, Risk estimation, Risk-based access control, Security risk
1424-8220
F. Atlam, Hany
7d16d7f4-b4e2-43c7-a4fb-66c99a00ae4d
Ajmal Azad, Muhammad
e8736584-8c62-403c-90b9-a1c2a9166859
Fadhel, Nawfal
e73b96f2-bf15-40cb-9af5-23c10ea8e319
F. Atlam, Hany
7d16d7f4-b4e2-43c7-a4fb-66c99a00ae4d
Ajmal Azad, Muhammad
e8736584-8c62-403c-90b9-a1c2a9166859
Fadhel, Nawfal
e73b96f2-bf15-40cb-9af5-23c10ea8e319

F. Atlam, Hany, Ajmal Azad, Muhammad and Fadhel, Nawfal (2022) Efficient NFS model for risk estimation in a risk-based access control model. Sensors, 22 (5), [2005]. (doi:10.3390/s22052005).

Record type: Article

Abstract

Providing a dynamic access control model that uses real-time features to make access decisions for IoT applications is one of the research gaps that many researchers are trying to tackle. This is because existing access control models are built using static and predefined policies that always give the same result in different situations and cannot adapt to changing and unpredicted situations. One of the dynamic models that utilize real-time and contextual features to make access decisions is the risk-based access control model. This model performs a risk analysis on each access request to permit or deny access dynamically based on the estimated risk value. However, the major issue associated with building this model is providing a dynamic, reliable, and accurate risk estimation technique, especially when there is no available dataset to describe risk likelihood and impact. Therefore, this paper proposes a Neuro-Fuzzy System (NFS) model to estimate the security risk value associated with each access request. The proposed NFS model was trained using three learning algorithms: Levenberg–Marquardt (LM), Conjugate Gradient with Fletcher–Reeves (CGF), and Scaled Conjugate Gradient (SCG). The results demonstrated that the LM algorithm is the optimal learning algorithm to implement the NFS model for risk estimation. The results also demonstrated that the proposed NFS model provides a short and efficient processing time, which can provide timeliness risk estimation technique for various IoT applications. The proposed NFS model was evaluated against access control scenarios of a children’s hospital, and the results demonstrated that the proposed model can be applied to provide dynamic and contextual-aware access decisions based on real-time features.

Text
sensors-22-02005 - Version of Record
Available under License Creative Commons Attribution.
Download (1MB)

More information

Accepted/In Press date: 2 March 2022
Published date: 4 March 2022
Additional Information: Publisher Copyright: © 2022 by the authors. Licensee MDPI, Basel, Switzerland.
Keywords: Internet of Things, NFS model, Risk estimation, Risk-based access control, Security risk

Identifiers

Local EPrints ID: 468851
URI: http://eprints.soton.ac.uk/id/eprint/468851
ISSN: 1424-8220
PURE UUID: 9b7ca819-978f-4a4f-93fa-2309fecff054

Catalogue record

Date deposited: 30 Aug 2022 16:42
Last modified: 30 Aug 2022 16:43

Export record

Altmetrics

Contributors

Author: Hany F. Atlam
Author: Muhammad Ajmal Azad
Author: Nawfal Fadhel

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×