Search results

Authorization and access control have been a topic of research for several decades. However, existing definitions are inconsistent and even contradicting each other. Furthermore, there are numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and decide for an appropriate one satisfying security needs. Therefore, this study aims to guide through the plenty of access control models in the current state of the art besides this opaque accumulation of terms meaning and how they are related.

This study follows the systematic literature review approach to investigate current research regarding access control models and illustrate the findings of the conducted review. To provide a detailed understanding of the topic, this study identified the need for an additional study on the terms related to the domain of authorization and access control.

The authors’ research results in this paper are the distinction between authorization and access control with respect to definition, strategies, and models in addition to the classification schema. This study provides a comprehensive overview of existing models and an analysis according to the proposed five classes of access control models.

Based on the authors’ definitions of authorization and access control along with their related terms, i.e. authorization strategy, model and policy as well as access control model and mechanism, this study gives an overview of authorization strategies and propose a classification of access control models providing examples for each category. In contrast to other comparative studies, this study discusses more access control models, including the conventional state-of-the-art models and novel ones. This study also summarizes each of the literature works after selecting the relevant ones focusing on the database system domain or providing a survey, a classification or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology.

Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art.

This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements.

As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements.

This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.

The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.

Coronavirus Disease 2019 (COVID-19) necessitated the need for “Hospital-at-home” improvisations that involve wearable technology to classify patients within households before visiting health institutions. Do-It-Yourself wearable devices allow for the collection of health data leading to the detection and/or prediction of the prevalence of the disease. The sensitive nature of health data requires safeguards to ensure patients’ privacy is not violated. The previous work utilized Hyperledger Fabric to verify transmitted data within Smart Homes, allowing for the possible implementation of legal restrictions through smart contracts in the future. This study aims to explore privacy-enhancing authentication schemes that are operated by multiple credential issuers and capable of integration into the Hyperledger ecosystem.

Design Science Research is the methodology that was used in this study. An architecture for ABC-privacy was developed and evaluated.

While the privacy-by-design architecture enhances data privacy through edge and fog computing architecture, there is a need to provide an additional privacy layer that limits the amount of data that patients disclose. Selective disclosure of credentials limits the number of information patients or devices divulge.

The evaluation of this study identified Coconut as the most suitable attribute-based credentials scheme for the Smart Homes Patients and Health Wearables use case Coconut user-centric architecture Hyperledger integration multi-party threshold authorities public and private attributes re-randomization and unlinkable revelation of selective attribute revelations.

This paper aims to investigate the effect of product-related description abstractness/concreteness on perceived trustworthiness and the role of consumer product expertise and shopping-stage mindset in the persuasiveness of abstract vs concrete product descriptions.

Two online experiments were conducted: Study 1 (description abstractness – manipulated between-subject; consumer product expertise, perceived trustworthiness, purchase intent – measured), Study 2 (consumer shopping-stage mindset – manipulated between-subject; description abstractness – manipulated within-subject; consumer product expertise, perceived trustworthiness, abstract/concrete description preference – measured).

The negative effect of the abstractness (abstract descriptions vs the ones supplemented with relevant product details) on description trustworthiness was evidenced in Study 1. Trustworthiness was positively related to purchase intent, especially for high product expertise. Study 2 replicated the effect of product description abstractness on its trustworthiness in terms of two other forms of abstractness (abstract descriptions vs the ones supplemented with irrelevant product details and product benefits vs attributes). The goal-oriented (vs comparative) mindset had a positive effect on the benefit (vs attribute) description preference, especially for high product expertise.

For marketers, the results suggest the positive consequences of presenting concrete information on product attributes and the conditions enhancing the effectiveness of presenting product benefits.

The paper integrates the existing views on consumer response to abstract vs concrete information (lexical abstractness/concreteness, means-end chain theory) and links them to consumer product expertise and shopping-stage mindset.

Resilience concepts in integrated urban transport refer to the performance of dealing with external shock and the ability to continue to provide transportation services of all modes. A robust transportation resilience is a goal in pursuing transportation sustainability. Under this specified context, while before the perturbations, robustness refers to the degree of the system’s capability of functioning according to its design specifications on integrated modes and routes, redundancy is the degree of duplication of traffic routes and alternative modes to maintain persistency of service in case of perturbations. While after the perturbations, resourcefulness refers to the capacity to identify operational problems in the system, prioritize interventions and mobilize necessary material/ human resources to recover all the routes and modes, rapidity is the speed of complete recovery of all modes and traffic routes in the urban area. These “4R” are the most critical components of urban integrated resilience.

The trends of transportation resilience's connotation, metrics and strategies are summarized from the literature. A framework is introduced on both qualitative characteristics and quantitative metrics of transportation resilience. Using both model-based and mode-free methodologies that measure resilience in attributes, topology and system performance provides a benchmark for evaluating the mechanism of resilience changes during the perturbation. Correspondingly, different pre-perturbation and post-perturbation strategies for enhancing resilience under multi-mode scenarios are reviewed and summarized.

Cyber-physic transportation system (CPS) is a more targeted solution to resilience issues in transportation. A well-designed CPS can be applied to improve transport resilience facing different perturbations. The CPS ensures the independence and integrity of every child element within each functional zone while reacting rapidly.

This paper provides a more comprehensive understanding of transportation resilience in terms of integrated urban transport. The fundamental characteristics and strategies for resilience are summarized and elaborated. As little research has shed light on the resilience concepts in integrated urban transport, the findings from this paper point out the development trend of a resilient transportation system for digital and data-driven management.

Basic capturing of emotion on user experience of web applications and browsing is important in many ways. Quite often, online user experience is studied via tangible measures such as task completion time, surveys and comprehensive tests from which data attributes are generated. Prediction of users’ emotion and behaviour in some of these cases depends mostly on task completion time and number of clicks per given time interval. However, such approaches are generally subjective and rely heavily on distributional assumptions making the results prone to recording errors. This paper aims to propose a novel method – a window dynamic control system – that addresses the foregoing issues.

Primary data were obtained from laboratory experiments during which 44 volunteers had their synchronized physiological readings – skin conductance response, skin temperature, eye movement behaviour and users activity attributes taken by biosensors. The window-based dynamic control system (PHYCOB I) is integrated to the biosensor which collects secondary data attributes from these synchronized physiological readings and uses them for two purposes: for detection of both optimal emotional responses and users’ stress levels. The method’s novelty derives from its ability to integrate physiological readings and eye movement records to identify hidden correlates on a webpage.

The results from the analyses show that the control system detects basic emotions and outperforms other conventional models in terms of both accuracy and reliability, when subjected to model comparison – that is, the average recoverable natural structures for the three models with respect to accuracy and reliability are more consistent within the window-based control system environment than with the conventional methods.

Graphical simulation and an example scenario are only provided for the control’s system design.

The novelty of the proposed model is its strained resistance to overfitting and its ability to automatically assess user emotion while dealing with specific web contents. The procedure can be used to predict which contents of webpages cause stress-induced emotions to users.

The attributes of services can be categorised as service quality and service preference. While studies have addressed the importance of service quality, shippers’ service preference and its relationship to perceived value and purchase intentions remain unexplored. Therefore, the purpose of this study is to propose a causal model in the context of short sea shipping services to investigate the influence of purchase intention through the shipper’s service preference and perceived value.

Structural equation modelling is applied to assess the empirical strength of the relationships in the proposed model. The model is validated through empirical testing by taking samples from shippers in Taiwan.

The results show that service attributes, namely, timing related, pricing related, warehousing, sales, door-to-door, information and advertising, positively affect shippers’ service preference. Service preference significantly affects customer perceived value as well as purchase intentions. Moreover, perceived value strongly affects purchase intentions.

Matching between the product offered and the diversified customer need is key to the business operation’s success. This study suggests that carriers should position themselves to both self-competence and market values.