@article {ElHaddouti2022575, title = {A Secure and Trusted Fog Computing Approach based on Blockchain and Identity Federation for a Granular Access Control in IoT Environments}, journal = {International Journal of Advanced Computer Science and Applications}, volume = {13}, number = {3}, year = {2022}, note = {cited By 0}, pages = {575-584}, abstract = {Fog computing is a new computing paradigm that is an extension of the standard cloud computing model, which can be adopted as a cost effective strategy for managing connected objects, by enabling real-time computing and communication for analytical and decision making. Nonetheless, even though Fog-based Internet of Things networks optimize the standard architecture by moving computing, storage, communication, and control decision closer to the edge network, the technology becomes open to malicious attackers and remains many business risks that are not yet resolved. In fact, access control, privacy as well as trust risks present major challenges in Internet of Things environments based on Fog computing due to the large scale distributed nature of devices at the Fog layer. In addition, the traditional authentication methods are not adequate in Fog-based Internet of Things contexts since they consume significantly more computation power and incur high latency. To deal with these gaps, we present in this paper a secure and trusted Fog Computing approach based on Blockchain and Identity Federation technologies for a granular access control in IoT environments. The proposed scheme uses Smart Contract concept and Attribute-Based Access Control model to ensure the level of security and scalability required for data integrity without resorting to a central authority to make an access decision {\textcopyright} 2022. International Journal of Advanced Computer Science and Applications.All Rights Reserved.}, keywords = {Access control, Block-chain, Cloud-computing, Computing model, Computing paradigm, Cost effective strategies, Cost effectiveness, Decision making, Decisions makings, Digital storage, Fog, Fog computing, Identity federation, Internet of things, IOT, Real-time communication, Real-time computing, Smart contract, Trusted computing}, doi = {10.14569/IJACSA.2022.0130368}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85129902962\&doi=10.14569\%2fIJACSA.2022.0130368\&partnerID=40\&md5=65966293c50d57a061513c913c7b5bb3}, author = {El Haddouti, S. and El Kettani, M.D.E.-C.} } @article {ElKandoussi2021350, title = {Automated security driven solution for inter-organizational workflows}, journal = {Advances in Intelligent Systems and Computing}, volume = {1179 AISC}, year = {2021}, note = {cited By 0}, pages = {350-361}, abstract = {This paper presents a new solution to deal with security in dynamic Inter-Organizational Workflow (IOW) Systems. The IOW system aims to support the collaboration between distributed business processes running in several autonomous organizations in order to complete a set of common goals. In such dynamic environments, where participating organizations (partners) in the IOW are not known before its execution, many security breaches could arise. Thus, we propose a new automated security-driven solution based on i) partner selection ii) access control partner negotiation and policy conflict resolution. {\textcopyright} The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2021.}, keywords = {Access control, Business Process, Dynamic environments, Intelligent systems, Inter-Organizational workflow, Inter-organizational workflows, Partner selection, Policy conflict, Running-in, Security breaches}, doi = {10.1007/978-3-030-49336-3_35}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85089717314\&doi=10.1007\%2f978-3-030-49336-3_35\&partnerID=40\&md5=b0b03a78e31324087b3748ca67ca2c4d}, author = {El Kandoussi, A. and El Bakkali, H.} } @article {AitElHadj2021836, title = {A Log-Based Method to Detect and Resolve Efficiently Conflicts in Access Control Policies}, journal = {Advances in Intelligent Systems and Computing}, volume = {1383 AISC}, year = {2021}, note = {cited By 0}, pages = {836-846}, abstract = {Typically, a security audit is conducted to detect and track inappropriate activities, such as security policy misconfigurations and attacks. Practically, an audit can be done through the analysis and assessment of data in logs registering traces of queries according to predefined policies. In this paper, we present an auditing approach that detects and resolves efficiently conflicting rules of a security policy. Such efficiency translates into a reduction in the time it takes to detect and resolve conflicts. Such efficiency is a consequence of the fact that conflict detection is executed only among suspicious pairs of rules, instead of all pairs of rules. The idea of using suspicious pairs of rules has recently been applied to reduce the execution time of previous detection methods. The present study goes further by applying the idea not only for conflict detection, but also for reducing the resolution time of the detected conflicts. We present experimental results that illustrate the efficiency of the suggested method. {\textcopyright} 2021, The Author(s), under exclusive license to Springer Nature Switzerland AG.}, keywords = {Access control, Access control policies, conflict detection, Detection methods, Efficiency, Misconfigurations, Pattern recognition, Resolution time, Security audit, Security policy, Security systems, Soft computing}, doi = {10.1007/978-3-030-73689-7_79}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85105891237\&doi=10.1007\%2f978-3-030-73689-7_79\&partnerID=40\&md5=f0de7beea992beee027f768bafe5cf58}, author = {Ait El Hadj, M. and Khoumsi, A. and Benkaouz, Y. and Erradi, M.} } @article {Majdoubi2021, title = {SmartMedChain: A Blockchain-Based Privacy-Preserving Smart Healthcare Framework}, journal = {Journal of Healthcare Engineering}, volume = {2021}, year = {2021}, note = {cited By 6}, abstract = {Nowadays, the adoption of Internet of Things (IoT) technology worldwide is accelerating the digital transformation of healthcare industry. In this context, smart healthcare (s-healthcare) solutions are ensuring better and innovative opportunities for healthcare providers to improve patients{\textquoteright} care. However, these solutions raise also new challenges in terms of security and privacy due to the diversity of stakeholders, the centralized data management, and the resulting lack of trustworthiness, accountability, and control. In this paper, we propose an end-to-end Blockchain-based and privacy-preserving framework called SmartMedChain for data sharing in s-healthcare environment. The Blockchain is built on Hyperledger Fabric and stores encrypted health data by using the InterPlanetary File System (IPFS), a distributed data storage solution with high resiliency and scalability. Indeed, compared to other propositions and based on the concept of smart contracts, our solution combines both data access control and data usage auditing measures for both Medical IoT data and Electronic Health Records (EHRs) generated by s-healthcare services. In addition, s-healthcare stakeholders can be held accountable by introducing an innovative Privacy Agreement Management scheme that monitors the execution of the service in respect of patient preferences and in accordance with relevant privacy laws. Security analysis and experimental results show that the proposed SmartMedChain is feasible and efficient for s-healthcare environments. Copyright {\textcopyright} 2021 Driss El Majdoubi et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.}, keywords = {Access control, adult, Article, Block-chain, Blockchain, Centralised, controlled study, Data Management, Delivery of Health Care, Digital storage, Digital transformation, Distributed ledger, electronic health record, Electronic Health Records, Health care, health care delivery, Health care providers, Healthcare environments, Healthcare industry, human, Humans, Information management, information processing, information storage, Internet of things, Internet of things technologies, Network security, patient care, patient preference, Privacy, Privacy preserving, Privacy-preserving techniques, Security and privacy, Smart contract}, doi = {10.1155/2021/4145512}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85121960725\&doi=10.1155\%2f2021\%2f4145512\&partnerID=40\&md5=0f8afcea0c53e46d9f3863d4ed04b5b8}, author = {Majdoubi, D.E. and Bakkali, H.E. and Sadki, S.} } @article {Boughrous2021, title = {A Workflow Criticality-Based Approach to Bypass the Workflow Satisfiability Problem}, journal = {Security and Communication Networks}, volume = {2021}, year = {2021}, note = {cited By 1}, abstract = {Workflow management systems are very important for any organization to manage and model complex business processes. However, significant work is needed to keep a workflow resilient and secure. Therefore, organizations apply a strict security policy and enforce access control constraints. As a result, the number of available and authorized users for the workflow execution decreases drastically. Thus, in many cases, such a situation leads to a workflow deadlock situation, where there no available authorized user-task assignments for critical tasks to accomplish the workflow execution. In the literature, this problem has gained interest of security researchers in the recent years, and is known as the workflow satisfiability problem (WSP). In this paper, we propose a new approach to bypass the WSP and to ensure workflow resiliency and security. For this purpose, we define workflow criticality, which can be used as a metric during run-time to prevent WSP. We believe that the workflow criticality value will help workflow managers to make decisions and start a mitigation solution in case of a critical workflow. Moreover, we propose a delegation process algorithm (DP) as a mitigation solution that uses workflow instance criticality, delegation, and priority concepts to find authorized and suitable users to perform the critical task with low-security risks. {\textcopyright} 2021 Monsef Boughrous and Hanan El Bakkali.}, keywords = {Access control, Authorized users, Business Process, Control constraint, Critical tasks, Criticality (nuclear fission), Formal logic, Model complexes, Satisfiability problems, Security policy, Work simplification, Work-flows, Workflow execution, Workflow management systems}, doi = {10.1155/2021/3330923}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85124874650\&doi=10.1155\%2f2021\%2f3330923\&partnerID=40\&md5=a958e90ff68d41b558bc1c7246398557}, author = {Boughrous, M. and El Bakkali, H.} } @article {9268371220130801, title = {Enhancing Workflow Systems Resiliency by Using Delegation and Priority Concepts.}, journal = {Journal of Digital Information Management}, volume = {11}, number = {4}, year = {2013}, pages = {267 - 276}, abstract = {Enforcing dynamic access control constraints in workflow management systems (WFMS) is a very important requirement with regard to security issues. However, respecting those constraints may prohibit the completion of a workflow instance in the case of the lack of authorized users. Such situation is known in the literature as a WSP (Workflow Satisfiability Problem). The ability of a WFMS to use different methods to bypass a WSP situation is often seen as a resiliency property. In this work, we propose a new approach that aims to enhance the resiliency of a WFMS while meeting -at run time- the main workflow dynamic access control requirements. In fact, by using both delegation and priority concepts it is possible to find a user which is as suitable as possible to perform the current task instance with lesser security risks. [ABSTRACT FROM AUTHOR]}, keywords = {Access control, Computer security, Computer systems {\textendash} Research, Computer users, Delegation, Dynamic Access Control Constraints, Priority, Resiliency, Workflow management systems, Workflow Satisfiability Problem}, issn = {09727272}, url = {http://search.ebscohost.com/login.aspx?direct=true\&db=iih\&AN=92683712\&site=ehost-live}, author = {Bakkali, Hanan El} }