Self-Adaptable Framework to Analyse and Evaluate the Behavior of Entities in Commercial Online System

Speaker Bio

Thejas Gubbi Sadashiva is a Ph.D. candidate at the School of Computing and Information Sciences (SCIS), Florida International University (FIU) under the supervision of Dr.S.S. Iyengar and external member Dr. N. R. Sunitha. He received his Bachelor’s degree in Computer Science and Engineering from Sri Siddhartha Institute of Technology (SSIT), India and Master of Technology (M.Tech) in Computer Science and Engineering from Sri Siddhartha Institute of Technology (SSIT), India. He worked as a trainee for one year at Defence Research and Development Organization/Electronic and RADAR Development Establishment (DRDO/LRDE), India. His research interests include Adaptive Security, performance optimization using parallel computing, and Human Computer Interaction (HCI). Since 2011, Thejas is an Assistant Professor from Siddaganga Institute of Technology (SIT), India deputed to pursue his doctoral program at FIU and he is coordinator for the activities that run under the MOU between SIT-FIU. He has several research articles published in reputed conferences, journals and has one India patent. Thejas has authored and co-authored six research papers, since joining SCIS as a doctoral student.

Description

In online commercial systems like e-commerce it is difficult to differentiate honest and dishonest entities as they are dynamic in nature. Here the entities can be an (i) honest user who perform legal transactions and activities, (ii) dishonest user or bad bots/botnets which is a software application that runs automated scripts to perform malicious attacks on the business network like leakage of sensitive information, denial of services, price/information scraping, trying to analyze the business security model (faking the entire system), engaging in negative Search Engine Optimization (SEO) against competitors, check out abuse etc. Entities perform these kind of positive and negative activities when they get access to the required resources. Hence, it is important to have self-adaptable framework to analyze and evaluate the dynamic nature of access requesting entities to authenticate and authorize at runtime environment.

Now in the era of autonomous computing, the expectation is about managing the tasks by automatically adapting to the environment needs. This enables the security mechanism to be intelligent and adaptive. So, the main focus is on: (1) Is it possible to develop self-adaptable access control mechanism which evaluates the user with several factors, builds trust and then analyses the access request efficiently at runtime? And is it possible to protect the system from experienced user or an attacker who attempts to fake the entire system? (2) Is it possible to develop an efficient predictive model to analyse and differentiate honest and dishonest entities?

Hence, to address above said problems: we propose Self-Adaptable Trust Based Access Control framework (SATBAC) which suggest appropriate authentication schemes dynamically from the pool of possibilities at run time based on the analysis which is a novel access control mechanism. We propose a predictive model to analyze honest and dishonest entities behavior and formal verification method to verify the framework smart contract.