View in EDS HTML Full Text PDF Full Text

Using the ACE framework to enforce access and usage control with notifications of revoked access rights.

Saved in:
Bibliographic Details
Title: Using the ACE framework to enforce access and usage control with notifications of revoked access rights.
Authors: Rasori, Marco1 (AUTHOR) marco.rasori@iit.cnr.it, Saracino, Andrea1,2 (AUTHOR), Mori, Paolo1 (AUTHOR), Tiloca, Marco3 (AUTHOR)
Source: International Journal of Information Security. Oct2024, Vol. 23 Issue 5, p3109-3133. 25p.
Subjects: Internet access control, Access control, Internet of things, Revocation
Abstract: The standard ACE framework provides authentication and authorization mechanisms similar to those of the standard OAuth 2.0 framework, but it is intended for use in Internet-of-Things environments. In particular, ACE relies on OAuth 2.0, CoAP, CBOR, and COSE as its core building blocks. In ACE, a non-constrained entity called Authorization Server issues Access Tokens to Clients according to some access control and policy evaluation mechanism. An Access Token is then consumed by a Resource Server, which verifies the Access Token and lets the Client accordingly access a protected resource it hosts. Access Tokens have a validity which is limited over time, but they can also be revoked by the Authorization Server before they expire. In this work, we propose the Usage Control framework as an underlying access control means for the ACE Authorization Server, and we assess its performance in terms of time required to issue and revoke Access Tokens. Moreover, we implement and evaluate a method relying on the Observe extension for CoAP, which allows to notify Clients and Resource Servers about revoked Access Tokens. Through results obtained in a real testbed, we show how this method reduces the duration of illegitimate access to protected resources following the revocation of an Access Token, as well as the time spent by Clients and Resource Servers to learn about their Access Tokens being revoked. [ABSTRACT FROM AUTHOR]
Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
Full text is not displayed to guests.
FullText Links:
  – Type: pdflink
Text:
  Availability: 1
Header DbId: egs
DbLabel: Engineering Source
An: 179636474
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Using the ACE framework to enforce access and usage control with notifications of revoked access rights.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Rasori%2C+Marco%22">Rasori, Marco</searchLink><relatesTo>1</relatesTo> (AUTHOR)<i> marco.rasori@iit.cnr.it</i><br /><searchLink fieldCode="AR" term="%22Saracino%2C+Andrea%22">Saracino, Andrea</searchLink><relatesTo>1,2</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Mori%2C+Paolo%22">Mori, Paolo</searchLink><relatesTo>1</relatesTo> (AUTHOR)<br /><searchLink fieldCode="AR" term="%22Tiloca%2C+Marco%22">Tiloca, Marco</searchLink><relatesTo>3</relatesTo> (AUTHOR)
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22International+Journal+of+Information+Security%22">International Journal of Information Security</searchLink>. Oct2024, Vol. 23 Issue 5, p3109-3133. 25p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Internet+access+control%22">Internet access control</searchLink><br /><searchLink fieldCode="DE" term="%22Access+control%22">Access control</searchLink><br /><searchLink fieldCode="DE" term="%22Internet+of+things%22">Internet of things</searchLink><br /><searchLink fieldCode="DE" term="%22Revocation%22">Revocation</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: The standard ACE framework provides authentication and authorization mechanisms similar to those of the standard OAuth 2.0 framework, but it is intended for use in Internet-of-Things environments. In particular, ACE relies on OAuth 2.0, CoAP, CBOR, and COSE as its core building blocks. In ACE, a non-constrained entity called Authorization Server issues Access Tokens to Clients according to some access control and policy evaluation mechanism. An Access Token is then consumed by a Resource Server, which verifies the Access Token and lets the Client accordingly access a protected resource it hosts. Access Tokens have a validity which is limited over time, but they can also be revoked by the Authorization Server before they expire. In this work, we propose the Usage Control framework as an underlying access control means for the ACE Authorization Server, and we assess its performance in terms of time required to issue and revoke Access Tokens. Moreover, we implement and evaluate a method relying on the Observe extension for CoAP, which allows to notify Clients and Resource Servers about revoked Access Tokens. Through results obtained in a real testbed, we show how this method reduces the duration of illegitimate access to protected resources following the revocation of an Access Token, as well as the time spent by Clients and Resource Servers to learn about their Access Tokens being revoked. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of International Journal of Information Security is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=179636474
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1007/s10207-024-00877-1
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 25
        StartPage: 3109
    Subjects:
      – SubjectFull: Internet access control
        Type: general
      – SubjectFull: Access control
        Type: general
      – SubjectFull: Internet of things
        Type: general
      – SubjectFull: Revocation
        Type: general
    Titles:
      – TitleFull: Using the ACE framework to enforce access and usage control with notifications of revoked access rights.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Rasori, Marco
      – PersonEntity:
          Name:
            NameFull: Saracino, Andrea
      – PersonEntity:
          Name:
            NameFull: Mori, Paolo
      – PersonEntity:
          Name:
            NameFull: Tiloca, Marco
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 10
              Text: Oct2024
              Type: published
              Y: 2024
          Identifiers:
            – Type: issn-print
              Value: 16155262
          Numbering:
            – Type: volume
              Value: 23
            – Type: issue
              Value: 5
          Titles:
            – TitleFull: International Journal of Information Security
              Type: main
ResultId 1