About this Research Topic
Data breaches and security attacks cost the world economy billions of dollars every year. We assert that data breaches are fundamentally failures of access control. The major causes of the problem are - most users are too busy and technically ill-equipped to understand access control policy expressions and decisions, and incorrectly making access control decisions, typically, users select passwords that make work-life easy, rather than those which might meet security requirements. At the same time, we know that users are skeptical that access control systems work at all witness the Australian My Health Record debacle, where millions of users opted out of the system, because they either didn’t understand how their data were protected or didn’t trust the access control systems that protected their data. Lack of user understanding and awareness about the need for proper access control has undoubtedly contributed to the rise of data breaches and security attacks.
Access control mechanisms are already established as a treatment of safeguarding data in pervasive environments - for preserving confidential and sensitive information, safeguarding data and information resources from unauthorized users, and so on. In today's big data domains, the most important factor of access control security is how to model and enforce the necessary policies to access and share data. In particular domains, such as distributed cloud and Internet of Things environments, while a widely-used Role-Based Access Control standard is available, an overlooked salient feature of access control is the specification of context-specific policies. The contextual information (simply “context”) plays a vital role in specifying and enforcing such policies (e.g., profile, spatial, temporal, relationship information and so on).
The aim of this research is
- to bring together researchers and practitioners from both academia and industry across different computer science fields, like data science, security, machine learning and pervasive and ubiquitous computing systems
- to develop a more sophisticated understanding of how users conceive of, apply, and make decisions about access control, and
- to use this knowledge to devise future approaches and frameworks to improve access control through machine learning.
What this research demonstrates is that meeting even modestly complicated requirements for access control is beyond the capacity of most users, and indeed, there may be no ready-made set of policies that can be described a priori for all cases. This is why we need machine learning to generate policy decisions, based on knowledge of thousands of previous cases.
The goal of this research is to create new access control frameworks in examining the different aspects of security, such as security vulnerability, data breach, authorization, responsibility control, accountability attribution, trust, data safeguarding, and privacy preservation. The research theme "Security Breaches and Access Control" can be categorized into the following topics and aims at covering two aspects - first, to discuss the latest advancement with respect to security and access control - second, by building a better understanding of how users actually use access control systems, and - to use this knowledge to use machine learning to make validated access control decisions.
Topics of interest include, but are not limited to:
• Cloud and Fog Security through Access Control
• Security and Access Control of the Internet of Things
• Better Access Control Decision Making through Machine Learning
• Responsibility and Accountability Attributions for Security Breaches
• Context-Aware Access Control to Safeguard Data in Distributed Environments
• Privacy-Preserving Access Control
Keywords: Access Control, Machine Learning, Data Breach, Security Vulnerability, Responsibility, Accountability, Trust, Privacy, Cloud Computing, Fog Computing, Distributed Environment, Internet of Things, Data Safeguard, Context-Aware Access Control, Role-Based Access Control
Important Note: All contributions to this Research Topic must be within the scope of the section and journal to which they are submitted, as defined in their mission statements. Frontiers reserves the right to guide an out-of-scope manuscript to a more suitable section or journal at any stage of peer review.