Hong Fan

Bio: Hong Fan is an academic researcher from Huazhong University of Science and Technology. The author has contributed to research in topics: Web service & Role-based access control. The author has an hindex of 3, co-authored 6 publications receiving 196 citations.

An Attribute-Based Access Control Model for Web Services

Abstract: Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity, multi-domain characteristic and highly dynamic nature. A key challenge in Web services security is the design of effective access control schemes. However, most current access control systems base authorization decisions on subject?s identity. Administrative scalability and control granularity are serious problems in those systems, and they are not fit for Web services environment. So an attribute-based access control model (WS-ABAC) is presented to address these issues in this paper. WS-ABAC grants access to services based on attributes of the related entities, and uses automated trust negotiation mechanism to address the disclosure issue of the sensitive attributes. It can provide administratively scalable alternative to identity-based authorization methods and provide fine-grained access control for Web services. Moreover, it also can protect user?s privacy.

A context-aware role-based access control model for Web services

Abstract: A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lacks of context-aware models for access control, and do not deal with composite Web service. In this paper, we present a context-aware role-based access control model (CGRBAC) to addresses these issues. The proposed approach introduces global roles which are used in the mapping to local roles of other services providers. We outline the configuration mechanism needed to apply our model to the Web services environment

Analysis of Cross-domain SSO Authentication for Web Services

Abstract: Analyzes weightily WS-Federation based cross-domain single sign-on authentication for Web Services,and discusses its security issues.

Administrative Usage Control Model for Secure Interoperability

Abstract: The secure interaction between two or more administrative domains is a major concern. IRBAC2000 is a model that quickly establishes a flexible policy for dynamic role translation from foreign domains to local. A-IRBAC2000 mode utilizes RBAC to manage dynamic role translation between foreign and local domains. We will see that these mechanisms have significant shortcomings. We propose an improved administrative usage control model named AUCON to overcome the weakness of previous models. AUCON provides administrates user-role assignment for local and foreign domain with unified method. It provides flexible enough mechanism to distinguish users of foreign and local domain and can enforce more strict control for foreign user. While retaining the advantage of traditional RBAC model, AUCON model is being implemented in experiment system

ABAC model based on XACML in Web Service

Abstract: The XACML(eXtensible Access Control Markup Language) was analyzed,and an ABAC(Attribute-Based Access Control) model based on XACML in Web Service was presented.The model adopted the authorization mechanism based on user,resource and environment attributes,but not user identity.This mechanism can resolve administrative scalability problem and provide fine-grained access control for Web services,and it is fit for highly dynamic and distributed environment in Web services.

A survey on service quality description

Abstract: Quality of service (QoS) can be a critical element for achieving the business goals of a service provider, for the acceptance of a service by the user, or for guaranteeing service characteristics in a composition of services, where a service is defined as either a software or a software-support (i.e., infrastructural) service which is available on any type of network or electronic channel. The goal of this article is to compare the approaches to QoS description in the literature, where several models and metamodels are included. consider a large spectrum of models and metamodels to describe service quality, ranging from ontological approaches to define quality measures, metrics, and dimensions, to metamodels enabling the specification of quality-based service requirements and capabilities as well as of SLAs (Service-Level Agreements) and SLA templates for service provisioning. Our survey is performed by inspecting the characteristics of the available approaches to reveal which are the consolidated ones and which are the ones specific to given aspects and to analyze where the need for further research and investigation lies. The approaches here illustrated have been selected based on a systematic review of conference proceedings and journals spanning various research areas in computer science and engineering, including: distributed, information, and telecommunication systems, networks and security, and service-oriented and grid computing.

SenaaS: An event-driven sensor virtualization approach for Internet of Things cloud

Abstract: In this paper, we propose an Internet of Things (IoT) virtualization framework to support connected objects sensor event processing and reasoning by providing a semantic overlay of underlying IoT cloud. The framework uses the sensor-as-aservice notion to expose IoT cloud's connected objects functional aspects in the form of web services. The framework uses an adapter oriented approach to address the issue of connectivity with various types of sensor nodes. We employ semantic enhanced access polices to ensure that only authorized parties can access the IoT framework services, which result in enhancing overall security of the proposed framework. Furthermore, the use of event-driven service oriented architecture (e-SOA) paradigm assists the framework to leverage the monitoring process by dynamically sensing and responding to different connected objects sensor events. We present our design principles, implementations, and demonstrate the development of IoT application with reasoning capability by using a green school motorcycle (GSMC) case study. Our exploration shows that amalgamation of e-SOA, semantic web technologies and virtualization paves the way to address the connectivity, security and monitoring issues of IoT domain.

Current Research and Open Problems in Attribute-Based Access Control

Abstract: Attribute-based access control (ABAC) is a promising alternative to traditional models of access control (i.e., discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC)) that is drawing attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large scale adoption is still in its infancy. The relatively recent emergence of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, and the like, have been largely ignored or left to future work. This article provides a basic introduction to ABAC and a comprehensive review of recent research efforts toward developing formal models of ABAC. A taxonomy of ABAC research is presented and used to categorize and evaluate surveyed articles. Open problems are identified based on the shortcomings of the reviewed works and potential solutions discussed.