@article {AitElHadj2021836, title = {A Log-Based Method to Detect and Resolve Efficiently Conflicts in Access Control Policies}, journal = {Advances in Intelligent Systems and Computing}, volume = {1383 AISC}, year = {2021}, note = {cited By 0}, pages = {836-846}, abstract = {Typically, a security audit is conducted to detect and track inappropriate activities, such as security policy misconfigurations and attacks. Practically, an audit can be done through the analysis and assessment of data in logs registering traces of queries according to predefined policies. In this paper, we present an auditing approach that detects and resolves efficiently conflicting rules of a security policy. Such efficiency translates into a reduction in the time it takes to detect and resolve conflicts. Such efficiency is a consequence of the fact that conflict detection is executed only among suspicious pairs of rules, instead of all pairs of rules. The idea of using suspicious pairs of rules has recently been applied to reduce the execution time of previous detection methods. The present study goes further by applying the idea not only for conflict detection, but also for reducing the resolution time of the detected conflicts. We present experimental results that illustrate the efficiency of the suggested method. {\textcopyright} 2021, The Author(s), under exclusive license to Springer Nature Switzerland AG.}, keywords = {Access control, Access control policies, conflict detection, Detection methods, Efficiency, Misconfigurations, Pattern recognition, Resolution time, Security audit, Security policy, Security systems, Soft computing}, doi = {10.1007/978-3-030-73689-7_79}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85105891237\&doi=10.1007\%2f978-3-030-73689-7_79\&partnerID=40\&md5=f0de7beea992beee027f768bafe5cf58}, author = {Ait El Hadj, M. and Khoumsi, A. and Benkaouz, Y. and Erradi, M.} } @conference {ElHadj20195330, title = {Validation and Correction of Large Security Policies: A Clustering and Access Log Based Approach}, booktitle = {Proceedings - 2018 IEEE International Conference on Big Data, Big Data 2018}, year = {2019}, note = {cited By 0}, pages = {5330-5332}, doi = {10.1109/BigData.2018.8622610}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85062588205\&doi=10.1109\%2fBigData.2018.8622610\&partnerID=40\&md5=7c1e7e5b141f9f63ccf2ad00a318664f}, author = {El Hadj, M.A. and Erradi, M. and Khoumsi, A. and Benkaouz, Y.} } @article {Madani201867, title = {ABAC Based Online Collaborations in the Cloud}, journal = {Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST}, volume = {206}, year = {2018}, pages = {67-76}, doi = {10.1007/978-3-319-67837-5_7}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85032702017\&doi=10.1007\%2f978-3-319-67837-5_7\&partnerID=40\&md5=704b997de080d8d90770d238c58d2580}, author = {Madani, M.A. and Erradi, M. and Benkaouz, Y.} } @article {Madani201867, title = {ABAC Based Online Collaborations in the Cloud}, journal = {Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST}, volume = {206}, year = {2018}, note = {cited By 0}, pages = {67-76}, abstract = {Nowadays sharing data among organizations plays an important role for their collaboration. During collaborations, the organizations need to access shared information while respecting the access control constraints. In addition, most organizations rely on cloud based solutions to store their data (e.g. openstack). In such platform, data access is regulated by Access Control Lists (ACLs). ACL defines static access rules. It assumes the knowledge of the whole set of users and possible access requests. This make ACL unusable in collaborative context due to the dynamic nature of collaborative sessions. In this paper, we consider ABAC, a flexible and fine-grained model, as an access control model for cloud-based collaborations to overcome the ACL limitations. We provide an architecture that integrate ABAC in the storage level of a cloud platform. {\textcopyright} 2018, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.}, doi = {10.1007/978-3-319-67837-5_7}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85032702017\&doi=10.1007\%2f978-3-319-67837-5_7\&partnerID=40\&md5=704b997de080d8d90770d238c58d2580}, author = {Madani, M.A. and Erradi, M. and Benkaouz, Y.} } @article {AitElHadj2018298, title = {Access domain-based approach for anomaly detection and resolution in XACML policies}, journal = {Advances in Intelligent Systems and Computing}, volume = {735}, year = {2018}, pages = {298-308}, doi = {10.1007/978-3-319-76354-5_27}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85044049486\&doi=10.1007\%2f978-3-319-76354-5_27\&partnerID=40\&md5=6c7c85cfacd3e4e948ef85d2df40ee3f}, author = {Ait El Hadj, M. and Benkaouz, Y. and Khoumsi, A. and Erradi, M.} } @article {ElHadj201786, title = {ABAC rule reduction via similarity computation}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, volume = {10299 LNCS}, year = {2017}, note = {cited By 0}, pages = {86-100}, abstract = {Attribute-based access control (ABAC) represents a generic model of access control that provides a high level of flexibility and promotes information and security sharing. Since ABAC considers a large set of attributes for access decisions, using it might get very complicated for large systems. Hence, it is interesting to offer techniques to reduce the number of rules in ABAC policies without affecting the final decision. In this paper, we present an approach based on K-nearest neighbors algorithms for clustering ABAC policies. To the best of our knowledge, it is the first approach that aims to reduce the number of policy rules based on similarity computations. Our evaluation results demonstrate the efficiency of the suggested approach. For instance, the reduction rate can reach up to 10\% for an ABAC policy with more than 9000 rules. {\textcopyright} Springer International Publishing AG 2017.}, doi = {10.1007/978-3-319-59647-1_7}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85019735144\&doi=10.1007\%2f978-3-319-59647-1_7\&partnerID=40\&md5=948de8bee1016664b63163965c4e41fa}, author = {El Hadj, M.A. and Benkaouz, Y. and Freisleben, B. and Erradi, M.} } @conference {ElHadj2017548, title = {Clustering-based approach for anomaly detection in XACML policies}, booktitle = {ICETE 2017 - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications}, volume = {4}, year = {2017}, note = {cited By 0}, pages = {548-553}, abstract = {The development of distributed applications arises multiple security issues such as access control. Attribute-Based Access Control has been proposed as a generic access control model, which provides more flexibility and promotes information and security sharing. eXtensible Access Control Markup Language (XACML) is the most convenient way to express ABAC policies. However, in distributed environments, XACML policies become more complex and hard to manage. In fact, an XACML policy in distributed applications may be aggregated from multiple parties and can be managed by more than one administrator. Therefore, it may contain several anomalies such as conflicts and redundancies, which may affect the performance of the policy execution. In this paper, we propose an anomaly detection method based on the decomposition of a policy into clusters before searching anomalies within each cluster. Our evaluation results demonstrate the efficiency of the suggested approach. Copyright {\textcopyright} 2017 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85029414026\&partnerID=40\&md5=133521fca6a95f8238cfc3b777dd3534}, author = {El Hadj, M.A. and Ayache, M. and Benkaouz, Y. and Khoumsi, A. and Erradi, M.} } @conference {Madani2015, title = {Access control in a collaborative session in multi tenant environment}, booktitle = {Proceedings of the 2015 11th International Conference on Information Assurance and Security, IAS 2015}, year = {2015}, note = {cited By 0}, abstract = {Today collaborative applications may enable collaboration among users from the same or different tenants of a given cloud provider. During such collaborations, the participants need to access and use resources held by other collaborating users. These resources often contain sensitive data. They are meant to be shared only during specific collaborative sessions. A collaborative session is an abstract entity, comprising a set of users, called members of the session, playing the same or different roles. These users may have concurrent access to the shared objects during a session depending on their roles. In this work, we propose an approach that ensures access control to the shared resources in a collaborative session in multi-tenants environments. We suggest CRBAC, the Collaboration Role-based Access Control. CRBAC consists of an extended version of the RBAC model. CRBAC defines new entities to support access control in collaborative sessions. The suggested model has been implemented within Swift component in the open source cloud-computing platform OpenStack. {\textcopyright} 2015 IEEE.}, doi = {10.1109/ISIAS.2015.7492757}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84979516700\&doi=10.1109\%2fISIAS.2015.7492757\&partnerID=40\&md5=c5df0bd4a563937231a7448c7bfe12e1}, author = {Madani, M.A. and Erradi, M. and Benkaouz, Y.} } @article {Benkaouz2015893, title = {A distributed protocol for privacy preserving aggregation with non-permanent participants}, journal = {Computing}, volume = {97}, number = {9}, year = {2015}, note = {cited By 0}, pages = {893-912}, abstract = {Recent advances in techniques that combine and analyze data collected from multiple partners led to many new promising distributed collaborative applications. Such collaborative computations could occur between trusted partners, between partially trusted partners, or between competitors. Therefore preserving privacy is an important issue in this context. This paper presents a distributed protocol for privacy-preserving aggregation to enable computing a class of aggregation functions that can be expressed as Abelian group. The proposed protocol is based on an overlay structure that enables secret sharing without the need of any central authority or heavyweight cryptography. It preserves data privacy such that participant data is only known to their owner with a given probability. The aggregation result is computed by participants themselves without interacting with a specific aggregator. The aggregation result is accurate when there is no data loss. A strategy to handle the problem of nodes failures is given, along with a study of the privacy ensured by the suggested protocol. {\textcopyright} 2013, Springer-Verlag Wien.}, doi = {10.1007/s00607-013-0373-6}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84939469312\&doi=10.1007\%2fs00607-013-0373-6\&partnerID=40\&md5=a64ee416ee9b81d024e5b0975f2f32f0}, author = {Benkaouz, Y. and Erradi, M.} } @conference {Benkaouz2015284, title = {Towards a decentralized OSN for a privacy-preserving e-health system}, booktitle = {Procedia Computer Science}, volume = {63}, year = {2015}, note = {cited By 0}, pages = {284-291}, abstract = {e-health could be defined as the cost-effective and secure use of information and communication technologies in support of health systems, including healthcare related services and monitoring at both the local site and at a distance. Challenges still need to be resolved to build reliable, secure, and efficient e-health platforms with great flexibility. Recently, social networks have seen a growing importance in different applications and could play a prominent role in healthcare. Online Social Networks (OSN) offer new possibilities such as easy access to medical data anytime from anywhere. Due to the sensitivity of health data exchanged over such networks, a special attention need to be paid to security and privacy aspects of these data. The use of existing centralized OSNs raises the big brother problem. Moreover, the centralized architectures of OSNs are not scalable and have a single point of failure. In this work, we suggest a layered architecture while promoting the usage of decentralized design to ensure the scalability and the privacy of an OSN-based e-health system. {\textcopyright} 2015 The Authors.}, doi = {10.1016/j.procs.2015.08.345}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84954134291\&doi=10.1016\%2fj.procs.2015.08.345\&partnerID=40\&md5=969ef3799a3a3885401d37f00c554699}, author = {Benkaouz, Y. and Erradi, M.} } @conference {Angoma2011101, title = {HaVe-2W3G: A vertical handoff solution between WLAN, WiMAX and 3G networks}, booktitle = {IWCMC 2011 - 7th International Wireless Communications and Mobile Computing Conference}, year = {2011}, note = {cited By 8}, pages = {101-106}, doi = {10.1109/IWCMC.2011.5982514}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-80052450203\&doi=10.1109\%2fIWCMC.2011.5982514\&partnerID=40\&md5=678334f04e9317df81cc23e2cd3ea407}, author = {Angoma, B. and Erradi, M. and Benkaouz, Y. and Berqia, A. and Charaf Akalay, M.} }