Publications

You can also find my articles on my Google Scholar profile.

ReGAIN: Retrieval-Grounded AI Framework for Network Traffic Analysis

Published in 2026 International Conference on Computing, Networking and Communications (ICNC), 2026

Modern networks generate vast, heterogeneous traffic that must be continuously analyzed for security and performance. Traditional network traffic analysis systems, whether rule-based or machine learning-driven, often suffer from high false positives and lack interpretability, limiting analyst trust. In this paper, we present ReGAIN, a multi-stage framework that combines traffic summarization, retrieval-augmented generation (RAG), and Large Language Model (LLM) reasoning for transparent and accurate network traffic analysis. ReGAIN creates natural-language summaries from network traffic, embeds them into a multi-collection vector database, and utilizes a hierarchical retrieval pipeline to ground LLM responses with evidence citations. The pipeline features metadata-based filtering, MMR sampling, a two-stage cross-encoder reranking mechanism, and an abstention mechanism to reduce hallucinations and ensure grounded reasoning. Evaluated on ICMP ping flood and TCP SYN flood traces from the real-world traffic dataset, it demonstrates robust performance, achieving accuracy between 95.95% and 98.82% across different attack types and evaluation benchmarks. These results are validated against two complementary sources: dataset ground truth and human expert assessments. ReGAIN also outperforms rule-based, classical ML, and deep learning baselines while providing unique explainability through trustworthy, verifiable responses.

Recommended citation: S. Shajarian, K. Marsh, J. Benson, S. Khorsandroo and M. Abdelsalam, "ReGAIN: Retrieval-Grounded AI Framework for Network Traffic Analysis," 2026 International Conference on Computing, Networking and Communications (ICNC), Maui, HI, USA, 2026, pp. 578-584, doi: 10.1109/ICNC68183.2026.11416826.

ACAC_ABCD Model: Implementation and Comparative Performance Study

Published in 2025 11th International Symposium on System Security, Safety, and Reliability (ISSSR), 2025

The rapid advancements in networking, communication, automation engineering, and artificial intelligence (AI) are shaping society into a highly interconnected and intelligent ecosystem. In smart environments such as smart farming and manufacturing, devices autonomously perform long-lived operations with minimal human intervention, adapting dynamically to system requirements and environmental conditions. To regulate these long-lived operations, referred to as activities (e.g., spraying water, plowing field), an Activity-Centric Access Control (ACAC) model has been proposed. While previous works have incrementally introduced ACAC’s decision parameters Authorizations (A), Obligations (B), Conditions (C), and Dependencies (D) and presented policy specifications and proof-of-concept implementation for dependencies (D), a comprehensive implementation of the consolidated ACACABCD model remains unexplored. Validating ACAC’s feasibility in highly dynamic environments is essential, particularly where security and safety must be ensured to protect both device operations and the system from potential insider and external threats. Additionally, the absence of constraints across various life-cycle stages undermines the model’s comprehensiveness. In this paper, we take a significant step toward implementing the consolidated ACACABCD model in a smart farming use case, incorporating additional constraints such as usage count, cardinality, dynamic separation of duties, and activity duration. We first provided the formal model definitions for authorizations (A), obligations (B) and conditions (C), referred to as ACACA,ACACB, and ACACC respectively. Furthermore, to demonstrate proof-of-concept, we utilize AWS cloud infrastructure. The Activity Control Decision (ACDACACABCD) policy engine is implemented using AWS Lambda, with AWS S3 storing policies and real-time data. An AWS EC2 instanc…

Recommended citation: T. Mawla, L. Praharaj, J. Benson and M. Gupta, "ACAC_ABCD Model: Implementation and Comparative Performance Study," 2025 11th International Symposium on System Security, Safety, and Reliability (ISSSR), Guiyang, China, 2025, pp. 291-302, doi: 10.1109/ISSSR65654.2025.00049.

Environment Aware Deep Learning Based Access Control Model

Published in Proceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, 2024

Recently Deep Learning based Access Control (DLBAC) model has been developed to reduce the burden of access control model engineering on a human administrator, while managing accurate access control state in large, complex, and dynamic systems. DLBAC utilizes neural networks for addressing access control requirements of a system based on user and resource metadata. However, in today’s rapidly evolving, dynamic, and complex world with billions of connected users and devices, there are various environmental aspects in different application domains that affect access control rights and decisions. While Attribute-Based Access Control (ABAC) have captured environmental factors through environmental attributes, DLBAC still lacks the capabilities of capturing any environmental factors and its use in access control decision making. In this paper, we propose an environment aware deep learning based access control model (DLBAC-Env) which includes environmental metadata in addition to user and resource metadata. We present an Industrial Internet of Things (IIoT) use case to demonstrate the need for DLBAC-Env and show how different types of environmental aspects in a specific domain are necessary towards making dynamic and autonomous access control decisions. We enhance the DLBAC model and dataset to incorporate environmental metadata and then implement and evaluate our DLBAC-Env model. We also present a reference implementation of DLBAC-Env in an edge cloudlet using AWS Greengrass.

Recommended citation: Pankaj Chhetri, Smriti Bhatt, Paras Bhatt, Mohammad Nur Nobi, James Benson, and Ram Krishnan. 2024. Environment Aware Deep Learning Based Access Control Model. In Proceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS 24). Association for Computing Machinery, New York, NY, USA, 81–89. https://doi.org/10.1145/3643650.3659105

Dynamic groups and attribute-based access control for next-generation smart cars

Published in US Patent Office, 2024

Embodiments of the present systems and methods may provide techniques that provide dynamic groups and attribute-based access control (ABAC) model (referred as CV-ABACG) to secure communication, data exchange and resource access in smart vehicles ecosystems. In embodiments, the model not only considers system wide attributes-based security policies, but also takes into account individual user privacy preferences for allowing or denying service notifications, alerts, and operations to on-board resources. Embodiments of the present systems and methods may provide groups in vehicular IoT, which may be dynamically assigned to moving entities like connected cars, based on their current GPS coordinates, speed or other attributes, to ensure relevance of location and time sensitive notification services, to provide administrative benefits to manage large numbers of entities, and to enable attributes inheritance for fine-grained authorization policies.

Recommended citation: Gupta, Maanak and Benson, James and Patwa, Farhan and Sandhu, Ravinderpal. 2024. Dynamic groups and attribute-based access control for next-generation smart cars. US Patent US11858517B2, filed Mar 06, 2020, and issued Jan 02, 2024.

Scenario-Driven Device-to-Device Access Control in Smart Home IoT

Published in 2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), 2022

The Internet of Things (IoT) has been widely integrated in peoples everyday lives. As an infrastructure of connected heterogeneous devices, IoT has not yet achieved the seamless integration of device-to-device collaboration which is necessary for real-life home automation. Smart home IoT devices expect to exchange their collected data or status in certain circumstances, in spite of their heterogeneity, viz. working with different communication protocols, IoT platforms, middleware, data and semantics. Deploying appropriate access control models and mechanisms is of utmost importance as any unauthorized access to data could have a cascading violation of privacy, safety and security of users. In this work, we propose a novel device-to-device access control paradigm in the smart home IoT. Our approach relies on message passing as the paradigm for device-to-device interactions. We further introduce actions and scenarios reflecting the chain of events in the smart home context, which facilitates scenario-driven attribute-based access control. Each scenario is triggered by triggering events, based on previously set administrative definitions. We define totally ordered sets of triggering events using priorities to enable conflict resolution for devices which may run into conflicting commands delivered though messages in different ongoing scenarios. The viability of the proposed approach is substantiated via a formal model and an enforcement architecture, backed up by a proof-of-concept implementation which affirms a trade-off between required authorization and efficacy. Potential future challenges are explored in the context of smart home IoT platforms.

Recommended citation: M. Shakarami, J. Benson and R. Sandhu, "Scenario-Driven Device-to-Device Access Control in Smart Home IoT," 2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), Atlanta, GA, USA, 2022, pp. 217-228, doi: 10.1109/TPS-ISA56441.2022.00035.

Hybrid Approaches (ABAC and RBAC) Toward Secure Access Control in Smart Home IoT

Published in IEEE Transactions on Dependable and Secure Computing, 2022

Smart homes are interconnected homes in which a wide variety of digital devices with limited resources communicate with multiple users and among themselves using multiple protocols. The deployment of resource-limited devices and the use of a wide range of technologies expand the attack surface and position the smart home as a target for many potential security threats. Access control is among the top security challenges in smart home IoT. Several access control models have been developed or adapted for IoT in general, with a few specifically designed for the smart home IoT domain. Most of these models are built on the role-based access control (RBAC) model or the attribute-based access control (ABAC) model. However, recently some researchers demonstrated that the need arises for a hybrid model combining ABAC and RBAC, thereby incorporating the benefits of both models to better meet IoT access control challenges in general and smart homes requirements in particular. In this paper, we used two approaches to develop two different hybrid models for smart home IoT. We followed a role-centric approach and an attribute-centric approach to develop HyBAC RC and HyBAC AC , respectively. We formally define these models and illustrate their features through a use case scenario demonstration. We further provide a proof-of-concept implementation for each model in Amazon Web Services (AWS) IoT platform. Finally, we conduct a theoretical comparison between the two models proposed in this paper in addition to the EGRBAC model (RBAC model for smart home IoT) and HABAC model (ABAC model for smart home IoT), which were previously developed to meet smart homes’ challenges.

Recommended citation: S. Ameer, J. Benson and R. Sandhu, "Hybrid Approaches (ABAC and RBAC) Toward Secure Access Control in Smart Home IoT," in IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 5, pp. 4032-4051, 1 Sept.-Oct. 2023, doi: 10.1109/TDSC.2022.3216297

Blockchain-Based Administration of Access in Smart Home IoT

Published in 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (Sat-CPS '22), 2022

There is a rising concern about authorization in IoT environments to be appropriately designed and applied, due to smart things surge to be part of people’s daily lives on one hand, and the amount of personal/private information they utilize, on the other hand. Different access control systems have been proposed for different IoT environments, many are remaining only at a conceptual level. In this paper, we propose a decentralized, ledger-based, publish-subscribe based architecture for the administration of access in a smart home IoT environment to preside at the assignments of underlying operational authorizations. Proposed architecture is endorsed by a proof-of-concept implementation, which utilizes smart contracts to ensure the integrity of administration supplemented by intrinsic benefits of blockchain to be distributed and transparent. Despite the rising hype around the blockchain technology that stokes its utilization in different domains, utilizing it for access control purposes is not yet promising. Our implementation results assure using blockchain for administrative access control is propitious, while is not yet appropriate for operational access control, which have been mainly the focus of previously proposed blockchain-based access control works.

Recommended citation: Mehrnoosh Shakarami, James Benson, and Ravi Sandhu. 2022. Blockchain-Based Administration of Access in Smart Home IoT. In Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (Sat-CPS '22). Association for Computing Machinery, New York, NY, USA, 57–66. https://doi.org/10.1145/3510547.3517921

Reachability Analysis for Attributes in ABAC With Group Hierarchy

Published in IEEE Transactions on Dependable and Secure Computing, 2022

Attribute-based access control (ABAC) models are widely used to provide fine-grained and adaptable authorization based on the attributes of users, resources, and other relevant entities. Hierarchical group and attribute based access control (HGABAC) model was recently proposed which introduces the novel notion of attribute inheritance through group membership. GURAG was subsequently proposed to provide an administrative model for user attributes in HGABAC, building upon the ARBAC97 and GURA administrative models. The GURA model uses administrative roles to manage user attributes. The reachability problem for the GURA model is to determine what attributes a particular user can acquire, given a predefined set of administrative rules. This problem has been previously analyzed in the literature. In this article, we study the user attribute reachability problem based on directly assigned attributes of the user and attributes inherited via group memberships. We first define a restricted form of GURAG, called rGURAG scheme, as a state transition system with multiple instances having different preconditions and provide reachability analysis for each of these schemes. In general, we show PSPACE-complete complexity for all rGURAG schemes. We further present polynomial time algorithms with empirical experimental evaluation to solve special instances of rGURAG schemes under restricted conditions.

Recommended citation: M. Gupta, R. Sandhu, T. Mawla and J. Benson, "Reachability Analysis for Attributes in ABAC With Group Hierarchy," in IEEE Transactions on Dependable and Secure Computing, vol. 20, no. 1, pp. 841-858, 1 Jan.-Feb. 2023, doi: 10.1109/TDSC.2022.3145358

An Attribute-Based Approach toward a Secured Smart-Home IoT Access Control and a Comparison with a Role-Based Approach

Published in MDPI Information, 2022

The area of smart homes is one of the most popular for deploying smart connected devices. One of the most vulnerable aspects of smart homes is access control. Recent advances in IoT have led to several access control models being developed or adapted to IoT from other domains, with few specifically designed to meet the challenges of smart homes. Most of these models use role-based access control (RBAC) or attribute-based access control (ABAC) models. As of now, it is not clear what the advantages and disadvantages of ABAC over RBAC are in general, and in the context of smart-home IoT in particular. In this paper, we introduce HABACα, an attribute-based access control model for smart-home IoT. We formally define HABACα and demonstrate its features through two use-case scenarios and a proof-of-concept implementation. Furthermore, we present an analysis of HABACα as compared to the previously published EGRBAC (extended generalized role-based access control) model for smart-home IoT by first describing approaches for constructing HABACα specification from EGRBAC and vice versa in order to compare the theoretical expressiveness power of these models, and second, analyzing HABACα and EGRBAC models against standard criteria for access control models. Our findings suggest that a hybrid model that combines both HABACα and EGRBAC capabilities may be the most suitable for smart-home IoT, and probably more generally.

Recommended citation: Ameer, S., Benson, J., & Sandhu, R. (2022). An Attribute-Based Approach toward a Secured Smart-Home IoT Access Control and a Comparison with a Role-Based Approach. Information (Basel), 13(2), 60-. https://doi.org/10.3390/info13020060

Edge Centric Secure Data Sharing with Digital Twins in Smart Ecosystems

Published in 2021 Third IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), 2021

Internet of Things (IoT) is a rapidly growing industry currently being integrated into both consumer and industrial environments on a wide scale. While the technology is available and deployment has a low barrier of entry in future applications, proper security frameworks are still at infancy stage and are being developed to fit varied implementations and device architectures. Further, the need for edge centric mechanisms are critical to offer security in real time smart connected applications with minimal or negligible overhead. In this paper, we propose a novel approach of data security by using multiple device shadows (aka digital twins) for a single physical object. These twins are paramount to separate data among different virtual objects based on tags assigned on-the-fly, and are used to limit access to different data points by authorized users/applications only. The novelty of the proposed architecture resides in the attachment of dynamic tags to key-value pairs reported by physical devices in the system. We further examine the advantages of tagging data in a digital twin system, and the performance impacts of the proposed data separation scheme. The proposed solution is deployed at the edge, supporting low latency and real time security mechanisms with minimal overhead, and is light-weight as reflected by captured performance metrics.

Recommended citation: G. Cathey, J. Benson, M. Gupta and R. Sandhu, "Edge Centric Secure Data Sharing with Digital Twins in Smart Ecosystems," 2021 Third IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), Atlanta, GA, USA, 2021, pp. 70-79, doi: 10.1109/TPSISA52974.2021.00008

Attribute-Based Access Control for AWS Internet of Things and Secure Industries of the Future

Published in IEEE Access, 2021

Internet of Things (IoT) is revolutionizing and enhancing the quality of human lives in every aspect. With a disruption of IoT devices and applications, attackers are leveraging weak authentication and access control mechanisms on these IoT devices and applications to gain unauthorized access on user devices and data and cause them harm. Access control is a critical security mechanism to secure the IoT ecosystem which comprises cloud computing and edge computing services along with smart devices. Today major cloud and IoT service providers including Amazon Web Services (AWS), Google Cloud Platform (GCP), and Azure utilize some customized forms of Role-Based Access Control (RBAC) model along with specific authorization policies enabled by policy-based access control models. To enable fine-grained access control and overcome limitations of existing access control models, there is an imminent need to develop a flexible and dynamic access control model for securing smart devices, data and resources in the cloud-enabled IoT architecture. In this paper, we develop a formal attribute-based access control (ABAC) model for AWS IoT by building upon and extending previously developed access control model for AWS IoT, known as AWS-IoTAC model. We demonstrate the applicability of our proposed model through an industrial IoT use case and its implementation in the AWS IoT platform. Our proposed fine grained model for AWS IoT incorporates its existing capabilities and introduces new attributes for IoT entities and attribute-based policies for enabling expressive access control in AWS IoT. We also evaluate the performance of our model on the AWS cloud and IoT platform with the future smart industries use-case to depict the feasibility of our model in a real-world platform.

Recommended citation: S. Bhatt, T. K. Pham, M. Gupta, J. Benson, J. Park and R. Sandhu, "Attribute-Based Access Control for AWS Internet of Things and Secure Industries of the Future," in IEEE Access, vol. 9, pp. 107200-107223, 2021, doi: 10.1109/ACCESS.2021.3101218

Secure V2V and V2I Communication in Intelligent Transportation Using Cloudlets

Published in IEEE Transactions on Services Computing, 2020

Intelligent Transportation System (ITS) is a vision which offers safe, secure and smart travel experience to drivers. This futuristic plan aims to enable vehicles, roadside transportation infrastructures, pedestrian smart-phones and other devices to communicate with one another to provide safety and convenience services. Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I) communication in ITS offers ability to exchange speed, heading angle, position and other environment related conditions amongst vehicles and with surrounding smart infrastructures. In this intelligent setup, vehicles and users communicate and exchange data with random untrusted entities (like vehicles, smart traffic lights or pedestrians) whom they don’t know or have met before. The concerns of location privacy and secure communication further deter the adoption of this smarter and safe transportation. In this article, we present a secure and trusted V2V and V2I communication approach using edge infrastructures where instead of direct peer to peer communication, we introduce trusted cloudlets to authorize, check and verify the authenticity, integrity and ensure anonymity of messages exchanged in the system. Moving vehicles or road side infrastructure are dynamically connected to nearby cloudlets, where security policies can be implemented to sanitize or stop fake messages and prevent rogue vehicles to exchange messages with other vehicles. We also present a formal attribute-based model for V2V and V2I communication, called AB-ITS, along with proof of concept implementation of the proposed solution in AWS IoT platform. This cloudlet supported architecture complements direct V2V or V2I communication, and serves important use cases such as accident or ice-threat warning and other safety applications. Performance metrics of our proposed architecture are also discussed and compared with existing ITS technologies.

Recommended citation: M. Gupta, J. Benson, F. Patwa and R. Sandhu, "Secure V2V and V2I Communication in Intelligent Transportation Using Cloudlets," in IEEE Transactions on Services Computing, vol. 15, no. 4, pp. 1912-1925, 1 July-Aug. 2022, doi: 10.1109/TSC.2020.3025993

An Attribute-Based Access Control for Cloud Enabled Industrial Smart Vehicles

Published in IEEE Transactions on Industrial Informatics, 2020

Smart cities’ vision will encompass connected industrial vehicles, which will offer data-driven and intelligent services to the user. Such interaction within dispersed connected objects are sometimes referred as the industrial Internet-of-Vehicles (IIoV). The prime motivation of an intelligent transportation system (ITS) is ensuring the safety of the drivers and offering a comfortable experience to the user. However, such complex infrastructures opens broad attack surfaces to the adversaries, which can remotely exploit and control the critical mechanics in the smart vehicles, including engine and brake systems. Security and privacy concerns are significant barriers to the wide adoption of this revolutionary technology that has to be addressed before a comprehensive implementation of the real vision of ITS. This article is a stepping stone to address access control issues in the IIoV ecosystem and propose a formal attribute-based access control system (referred to ITS-ABACG). The proposed model introduces the notion of groups, which are assigned to various smart entities based on the different attributes. It also offers the implementation of fine-grained security policies and considers individualized privacy preferences along with system-wide policies to accept or reject notification, alerts, and advertisements from different participating smart entities. We present the prototype implementation of our proposed model in the Amazon Web Services IoT platform together with extensive performance to reflect the practicality and wide-scale adoption of the proposed system.

Recommended citation: M. Gupta, F. M. Awaysheh, J. Benson, M. Alazab, F. Patwa and R. Sandhu, "An Attribute-Based Access Control for Cloud Enabled Industrial Smart Vehicles," in IEEE Transactions on Industrial Informatics, vol. 17, no. 6, pp. 4288-4297, June 2021, doi: 10.1109/TII.2020.3022759

The EGRBAC Model for Smart Home IoT

Published in IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI), 2020

The Internet of Things (IoT) is enabling smart houses, where multiple users with complex social relationships interact with smart devices. This requires sophisticated access control specification and enforcement models, that are currently lacking. In this paper, we introduce the extended generalized role based access control (EGRBAC) model for smart home IoT. We provide a formal definition for EGRBAC and illustrate its features with a use case. A proof-of-concept demonstration utilizing AWS-IoT Greengrass is discussed in the appendix. EGRBAC is a first step in developing a comprehensive family of access control models for smart home IoT.

Recommended citation: S. Ameer, J. Benson and R. Sandhu, The EGRBAC Model for Smart Home IoT," 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI), Las Vegas, NV, USA, 2020, pp. 457-462, doi: 10.1109/IRI49571.2020.00076

Secure cloud assisted smart cars using dynamic groups and attribute based access control

Published in arXiv preprint arXiv:1908.08112, 2019

Future smart cities and intelligent world will have connected vehicles and smart cars as its indispensable and most essential components. The communication and interaction among such connected entities in this vehicular internet of things (IoT) domain, which also involves smart traffic infrastructure, road-side sensors, restaurant with beacons, autonomous emergency vehicles, etc., offer innumerable real-time user applications and provide safer and pleasant driving experience to consumers. Having more than 100 million lines of code and hundreds of sensors, these connected vehicles (CVs) expose a large attack surface, which can be remotely compromised and exploited by malicious attackers. Security and privacy are serious concerns that impede the adoption of smart connected cars, which if not properly addressed will have grave implications with risk to human life and limb. In this research, we present a formalized dynamic groups and attribute-based access control (ABAC) model (referred as \cvac) for smart cars ecosystem, where the proposed model not only considers system wide attributes-based security policies but also takes into account the individual user privacy preferences for allowing or denying service notifications, alerts and operations to on-board resources. Further, we introduce a novel notion of groups in vehicular IoT, which are dynamically assigned to moving entities like connected cars, based on their current GPS coordinates, speed or other attributes, to ensure relevance of location and time sensitive notification services to the consumers, to provide administrative benefits to manage large numbers of smart entities, and to enable attributes and alerts inheritance for fine-grained security authorization policies. We present proof of concept implementation of our model in AWS cloud platform demonstrating real-world uses cases along with performance metrics.

Recommended citation: Gupta, Maanak, James Benson, Farhan Patwa, and Ravi Sandhu. "Secure cloud assisted smart cars using dynamic groups and attribute based access control." arXiv preprint arXiv:1908.08112 (2019).

Dynamic Groups and Attribute-Based Access Control for Next-Generation Smart Cars

Published in Ninth ACM Conference on Data and Application Security and Privacy (CODASPY '19), 2019

Smart cars are among the essential components and major drivers of future cities and connected world. The interaction among connected entities in this vehicular internet of things (IoT) domain, which also involves smart traffic infrastructure, restaurant beacons, emergency vehicles, etc., offer several real-time applications and provide safer and pleasant driving experience to consumers. With more than 100 million lines of code and hundreds of sensors, these connected vehicles (CVs) expose a large attack surface, which can be remotely compromised and exploited by malicious attackers. Security and privacy are big concerns that deter the adoption of smart cars, which if not properly addressed will have grave implications with risk to human life and limb. In this paper, we present a formalized dynamic groups and attribute-based access control (ABAC) model (referred as CV-ABAC-G) for smart cars ecosystem, where the model not only considers system wide attributes-based security policies but also takes into account the individual user privacy preferences for allowing or denying service notifications, alerts and operations to on-board resources. Further, we introduce a novel notion of groups in vehicular IoT, which are dynamically assigned to moving entities like connected cars, based on their current GPS coordinates, speed or other attributes, to ensure relevance of location and time sensitive notification services, to provide administrative benefits to manage large numbers of entities, and to enable attributes inheritance for fine-grained authorization policies. We present proof of concept implementation of our model in AWS cloud platform demonstrating real-world uses cases along with performance metrics.

Recommended citation: Maanak Gupta, James Benson, Farhan Patwa, and Ravi Sandhu. 2019. Dynamic Groups and Attribute-Based Access Control for Next-Generation Smart Cars. In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy (CODASPY 19). Association for Computing Machinery, New York, NY, USA, 61–72. https://doi.org/10.1145/3292006.3300048

Access Control Model for Virtual Objects (Shadows) Communication for AWS Internet of Things

Published in Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, 2018

In this paper, we study AWS IoT as a major commercial cloud-IoT platform and investigate its suitability for implementing the afore-mentioned academic models of ACO and VO communication control. While AWS IoT has a notion of digital shadows closely analogous to VOs, it lacks explicit capability for VO communication and thereby for VO communication control. Thus there is a significant mismatch between AWS IoT and these academic models. The principal contribution of this paper is to reconcile this mismatch by showing how to use the mechanisms of AWS IoT to effectively implement VO communication models. To this end, we develop an access control model for virtual objects (shadows) communication in AWS IoT called AWS-IoT-ACMVO. We develop a proof-of-concept implementation of the speeding cars use case in AWS IoT under guidance of this model, and provide selected performance measurements. We conclude with a discussion of possible alternate implementations of this use case in AWS IoT.

Recommended citation: Asma Alshehri, James Benson, Farhan Patwa, and Ravi Sandhu. 2018. Access Control Model for Virtual Objects (Shadows) Communication for AWS Internet of Things. In Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy (CODASPY 18). Association for Computing Machinery, New York, NY, USA, 175–185. https://doi.org/10.1145/3176258.3176328

Multi-layer authorization framework for a representative Hadoop ecosystem deployment

Published in Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, 2017

Apache Hadoop is a predominant software framework to store and process vast amount of data, produced in varied formats. Data stored in Hadoop multi-tenant data lake often includes sensitive data such as social security numbers, intelligence sources and medical particulars, which should only be accessed by legitimate users. Apache Ranger and Apache Sentry are important authorization systems providing fine-grained access control across several Hadoop ecosystem services. In this paper, we provide a comprehensive explanation for the authorization framework offered by Hadoop ecosystem, incorporating core Hadoop 2.x native access control features and capabilities offered by Apache Ranger, with prime focus on data services including Apache Hive and Hadoop 2.x core services. A multi-layer authorization system is discussed and demonstrated, reflecting access control for services, data, applications and infrastructure resources inside a representative Hadoop ecosystem instance. A concrete use case is discussed to underline the application of aforementioned access control points. We use Hortonworks Hadoop distribution HDP 2.5 to exhibit this multi-layer access control framework.

Recommended citation: Gupta, M., Benson, J., Patwa, F. and Sandhu, R., 2019. Secure cloud assisted smart cars using dynamic groups and attribute based access control. arXiv preprint arXiv:1908.08112.

Framework for developing automated infrastructure and software deployment for domain specific research

Published in UTSA Proquest, 2016

For the past 10 years the Cloud has been growing steadily. While the Cloud has been utilized heavily in industry, its application for research in academic settings has been limited. This underutilization is primarily due to the lack of time of scholars, lack of funding, and lack of technical expertise to set up a cloud and research platform to do analytics.

Recommended citation: Benson, James. Framework for developing automated infrastructure and software deployment for domain specific research. The University of Texas at San Antonio, 2016.

Survey of automated software deployment for computational and engineering research

Published in 2016 Annual IEEE Systems Conference (SysCon), 2016

Automated, efficient software deployment is essential for today’s modern cloud hosting providers. With advances in cloud technology, on demand cloud services offered by public providers are becoming increasingly powerful, anchoring the ecosystem of cloud services. Cloud infrastructure services are appealing in part because they enable customers to acquire and release infrastructure resources on demand for applications in response to load surges. This paper addresses the challenge of building an effective multi-cloud application deployment controller as a customer add-on outside of the cloud utility service itself. Such external controllers must function within the constraints of the cloud providers’ APIs. In this paper, we describe the different steps necessary to deploy applications using such external controller. Then with a set of candidates for such external controllers, we use the proposed taxonomy to survey several management tools such as Chef, SaltStack, and Ansible for application automation on cloud computing services based on the defined model. We use the taxonomy and survey results not only to identify similarities and differences of the architectural approaches of cloud computing, but also to identify areas requiring further research.

Recommended citation: J. O. Benson, J. J. Prevost and P. Rad, "Survey of automated software deployment for computational and engineering research," 2016 Annual IEEE Systems Conference (SysCon), Orlando, FL, USA, 2016, pp. 1-6, doi: 10.1109/SYSCON.2016.7490666.

Towards understanding of shape formation mechanism of mesoporous silica particles

Published in Physical Chemistry Chemical Physics, 2009

Growth of even simple crystals is a rather hard problem to describe because of the non-equilibrium nature of the process. Meso(nano)porous silica particles, which are self-assembled in a sol-gel template synthesis, demonstrate an example of shapes of high complexity, similar to those observed in the biological world. Despite such complexity, here we present the evidence that at least a part of the formation of these shapes is an equilibrium process. We demonstrate it for an example of mesoporous fibers, one of the abundant shapes. We present a quantitative proof that the fiber free energy is described by the Boltzmann distribution, which is predicted by the equilibrium thermodynamics. This finding may open up new ground for a quantitative description of the morphogenesis of complex self-assembled shapes, including biological hierarchy.

Recommended citation: Volkov, Dmytro & Benson, James & Kievsky, Yaroslav & Sokolov, Igor. (2009). Towards understanding of shape formation mechanism of mesoporous silica particles. Phys Chem Chem Phys. 12. 341-4. 10.1039/b917424a.