Biblio
Filters: Keyword is Access Control [Clear All Filters]
USB Flash Drives Forensic Analysis to Detect Crown Jewel Data Breach in PT. XYZ (Coffee Shop Retail - Case Study). 2021 9th International Conference on Information and Communication Technology (ICoICT). :286–290.
.
2021. USB flash drives are used widely to store or transfer data among the employees in the company. There was greater concern about leaks of information especially company crown jewel or intellectual property data inside the USB flash drives because of theft, loss, negligence or fraud. This study is a real case in XYZ company which aims to find remaining the company’s crown jewel or intellectual property data inside the USB flash drives that belong to the employees. The research result showed that sensitive information (such as user credentials, product recipes and customer credit card data) could be recovered from the employees’ USB flash drives. It could obtain a high-risk impact on the company as reputational damage and sabotage product from the competitor. This result will help many companies to increase security awareness in protecting their crown jewel by having proper access control and to enrich knowledge regarding digital forensic for investigation in the company or enterprise.
A Dynamic Access Control Model Based on Game Theory for the Cloud. 2021 IEEE Global Communications Conference (GLOBECOM). :1–6.
.
2021. The user's access history can be used as an important reference factor in determining whether to allow the current access request or not. And it is often ignored by the existing access control models. To make up for this defect, a Dynamic Trust - game theoretic Access Control model is proposed based on the previous work. This paper proposes a method to quantify the user's trust in the cloud environment, which uses identity trust, behavior trust, and reputation trust as metrics. By modeling the access process as a game and introducing the user's trust value into the pay-off matrix, the mixed strategy Nash equilibrium of cloud user and service provider is calculated respectively. Further, a calculation method for the threshold predefined by the service provider is proposed. Authorization of the access request depends on the comparison of the calculated probability of the user's adopting a malicious access policy with the threshold. Finally, we summarize this paper and make a prospect for future work.
A Dynamic and Secure Migration Method of Cryptographic Service Virtual Machine for Cloud Environment. 2021 7th International Conference on Computer and Communications (ICCC). :583–588.
.
2021. In order to improve the continuity of cryptographic services and ensure the quality of services in the cloud environment, a dynamic migration framework of cryptographic service virtual machines based on the network shared storage system is proposed. Based on the study of the security threats in the migration process, a dynamic migration attack model is established, and the security requirement of dynamic migration is analyzed. It designs and implements the dynamic security migration management software, which includes a dynamic migration security enhancement module based on the Libvirt API, role-based access control policy, and transmission channel protection module. A cryptographic service virtual machine migration environment is built, and the designed management software and security mechanism are verified and tested. The experimental results show that the method proposed in the paper can effectively improve the security of cryptographic service virtual machine migration.
Towards a Trust-based Model for Access Control for Graph-Oriented Databases. 2021 International Conference on Theoretical and Applicative Aspects of Computer Science (ICTAACS). :1—3.
.
2021. Privacy and data security are critical aspects in databases, mainly when the latter are publically accessed such in social networks. Furthermore, for advanced databases, such as NoSQL ones, security models and security meta-data must be integrated to the business specification and data. In the literature, the proposed models for NoSQL databases can be considered as static, in the sense where the privileges for a given user are predefined and remain unchanged during job sessions. In this paper, we propose a novel model for NoSQL database access control that we aim that it will be dynamic. To be able to design such model, we have considered the Trust concept to compute the reputation degree for a given user that plays a given role.
Unified Attribute-Based Encryption Scheme for Industrial Internet of Things. 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP). :12–16.
.
2021. The Internet of Things (IoT) provides significant benefits for industry due to connect the devices together through the internet. Attribute-Based Encryption (ABE) is a technique can enforce an access control over data to guarantee the data security. In this paper, we propose an ABE scheme for data in industrial IoT. The scheme achieves both security and high performance. When there is a shared subpolicy among the access policies of a sensor, the scheme optimizes the encryption of the messages. Through analysis and simulation, we show that our solution is security and efficient.
Accountability in the Decentralised-Adversary Setting. 2021 IEEE 34th Computer Security Foundations Symposium (CSF). :1–16.
.
2021. A promising paradigm in protocol design is to hold parties accountable for misbehavior, instead of postulating that they are trustworthy. Recent approaches in defining this property, called accountability, characterized malicious behavior as a deviation from the protocol that causes a violation of the desired security property, but did so under the assumption that all deviating parties are controlled by a single, centralized adversary. In this work, we investigate the setting where multiple parties can deviate with or without coordination in a variant of the applied-π calculus.We first demonstrate that, under realistic assumptions, it is impossible to determine all misbehaving parties; however, we show that accountability can be relaxed to exclude causal dependencies that arise from the behavior of deviating parties, and not from the protocol as specified. We map out the design space for the relaxation, point out protocol classes separating these notions and define conditions under which we can guarantee fairness and completeness. Most importantly, we discover under which circumstances it is correct to consider accountability in the single-adversary setting, where this property can be verified with off-the-shelf protocol verification tools.
Secure Cloud Data Deduplication with Efficient Re-Encryption. 2021 International Conference on Intelligent Technologies (CONIT). :1–4.
.
2021. After the emergence of the cloud architecture, many companies migrate their data from conventional storage i.e., on bare metal to the cloud storage. Since then huge amount of data was stored on cloud servers, which later resulted in redundancy of huge amount of data. Hence in this cloud world, many data de-duplication techniques has been widely used. Not only the redundancy but also made data more secure and privacy of the existing data were also increased. Some techniques got limitations and some have their own advantages based on the requirements. Some of the attributes like data privacy, tag regularity and interruption to brute-force attacks. To make data deduplication technique more efficient based on the requirements. This paper will discuss schemes that brace user-defined access control, by allowing the service provider to get information of the information owners. Thus our scheme eliminates redundancy of the data without breaching the privacy and security of clients that depends on service providers. Our lastest deduplication scheme after performing various algorithms resulted in conclusion and producing more efficient data confidentiality and tag consistency. This paper has discussion on various techniques and their drawbacks for the effectiveness of the deduplication.
A Study on CP-ABE Based Data Sharing System That Provides Signature-Based Verifiable Outsourcing. 2021 International Conference on Advanced Enterprise Information System (AEIS). :1–5.
.
2021. Recently, with the development of the cloud environment, users can store their data or share it with other users. However, various security threats can occur in data sharing systems in the cloud environment. To solve this, data sharing systems and access control methods using the CP-ABE method are being studied, but the following problems may occur. First, in an outsourcing server that supports computation, it is not possible to prove that the computed result is a properly computed result when performing the partial decryption process of the ciphertext. Therefore, the user needs to verify the message obtained by performing the decryption process, and verify that the data is uploaded by the data owner through verification. As another problem, because the data owner encrypts data with attribute-based encryption, the number of attributes included in the access structure increases. This increases the size of the ciphertext, which can waste space in cloud storage. Therefore, a ciphertext of a constant size must be output regardless of the number of attributes when generating the ciphertext. In this paper, we proposes a CP-ABE based data sharing system that provides signature-based verifiable outsourcing. It aims at a system that allows multiple users to share data safely and efficiently in a cloud environment by satisfying verifiable outsourcing and constant-sized ciphertext output among various security requirements required by CP-ABE.
Research on Security Strategy of Power Internet of Things Devices Based on Zero-Trust. 2021 International Conference on Computer Engineering and Application (ICCEA). :79–83.
.
2021. In order to guarantee the normal operation of the power Internet of things devices, the zero-trust idea was used for studying the security protection strategies of devices from four aspects: user authentication, equipment trust, application integrity and flow baselines. Firstly, device trust is constructed based on device portrait; then, verification of device application integrity based on MD5 message digest algorithm to achieve device application trustworthiness. Next, the terminal network traffic baselines are mined from OpenFlow, a southbound protocol in SDN. Finally, according to the dynamic user trust degree attribute access control model, the comprehensive user trust degree was obtained by weighting the direct trust degree. It obtained from user authentication and the trust degree of user access to terminal communication traffic. And according to the comprehensive trust degree, users are assigned the minimum authority to access the terminal to realize the security protection of the terminal. According to the comprehensive trust degree, the minimum permissions for users to access the terminal were assigned to achieve the security protection of the terminal. The research shows that the zero-trust mechanism is applied to the terminal security protection of power Internet of Things, which can improve the reliability of the safe operation of terminal equipment.
A Novel Fog-based Framework for Preventing Cloud Lock-in while Enabling Searchable Encryption. 2021 International Conference on Digital Futures and Transformative Technologies (ICoDT2). :1—6.
.
2021. Cloud computing has helped in managing big data and providing resources remotely and ubiquitously, but it has some latency and security concerns. Fog has provided tremendous advantages over cloud computing which include low latency rate, improved real-time interactions, reduced network traffic overcrowding, and improved reliability, however, security concerns need to be addressed separately. Another major issue in the cloud is Cloud Lock-in/Vendor Lock-in. Through this research, an effort has been made to extend fog computing and Searchable Encryption technologies. The proposed system can reduce the issue of cloud lock-in faced in traditional cloud computing. The SE schemes used in this paper are Symmetric Searchable Encryption (SSE) and Multi-keyword Ranked Searchable Encryption (MRSE) to achieve confidentiality, privacy, fine-grained access control, and efficient keyword search. This can help to achieve better access control and keyword search simultaneously. An important use of this technique is it helps to prevent the issue of cloud/vendor lock-in. This can shift some computation and storage of index tables over fog nodes that will reduce the dependency on Cloud Service Providers (CSPs).
Self-Sovereign Identity creation on Blockchain using Identity based Encryption. 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS). :299–304.
.
2021. The blockchain technology evolution in recent times has a hopefulness regarding the impression of self-sovereign identity that has a significant effect on the method of interacting with each other with security over the network. The existing system is not complete and procedural. There arises a different idea of self-sovereign identity methodology. To develop to the possibility, it is necessary to guarantee a better understanding in a proper way. This paper has an in-depth analysis of the attributes of the self-sovereign identity and it affects over the laws of identity that are being explored. The Identity management system(IMS) with no centralized authority is proposed in maintaining the secrecy of records, where as traditional systems are replaced by blockchains and identities are generated cryptographically. This study enables sharing of user data on permissioned blockchain which uses identity-based encryption to maintain access control and data security.
Dynamic Access Control Technology Based on Zero-Trust Light Verification Network Model. 2021 International Conference on Communications, Information System and Computer Engineering (CISCE). :712–715.
.
2021. With the rise of the cloud computing and services, the network environments tend to be more complex and enormous. Security control becomes more and more hard due to the frequent and various access and requests. There are a few techniques to solve the problem which developed separately in the recent years. Network Micro-Segmentation provides the system the ability to keep different parts separated. Zero Trust Model ensures the network is access to trusted users and business by applying the policy that verify and authenticate everything. With the combination of Segmentation and Zero Trust Model, a system will obtain the ability to control the access to organizations' or industrial valuable assets. To implement the cooperation, the paper designs a strategy named light verification to help the process to be painless for the cost of inspection. The strategy was found to be effective from the perspective of the technical management, security and usability.
Access Control Scheme Supporting Attribute Revocation in Cloud Computing. 2021 International Conference on Networking and Network Applications (NaNA). :379–384.
.
2021. To break the data barrier of the information island and explore the value of data in the past few years, it has become a trend of uploading data to the cloud by data owners for data sharing. At the same time, they also hope that the uploaded data can still be controlled, which makes access control of cloud data become an intractable problem. As a famous cryptographic technology, ciphertext policy-based attribute encryption (CP-ABE) not only assures data confidentiality but implements fine-grained access control. However, the actual application of CP-ABE has its inherent challenge in attribute revocation. To address this challenge, we proposed an access control solution supporting attribute revocation in cloud computing. Unlike previous attribute revocation schemes, to solve the problem of excessive attribute revocation overhead, we use symmetric encryption technology to encrypt the plaintext data firstly, and then, encrypting the symmetric key by utilizing public-key encryption technology according to the access structure, so that only the key ciphertext is necessary to update when the attributes are revoked, which reduces the spending of ciphertext update to a great degree. The comparative analysis demonstrates that our solution is reasonably efficient and more secure to support attribute revocation and access control after data sharing.
A Trusted Data Storage and Access Control Scheme for Power CPS Combining Blockchain and Attribute-Based Encryption. 2021 IEEE 21st International Conference on Communication Technology (ICCT). :355–359.
.
2021. The traditional data storage method often adopts centralized architecture, which is prone to trust and security problems. This paper proposes a trusted data storage and access control scheme combining blockchain and attribute-based encryption, which allow cyber-physical system (CPS) nodes to realize the fine-grained access control strategy. At the same time, this paper combines the blockchain technology with distributed storage, and only store the access control policy and the data access address on the blockchain, which solves the storage bottleneck of blockchain system. Furthermore, this paper proposes a novel multi-authority attributed-based identification method, which realizes distributed attribute key generation and simplifies the pairwise authentication process of multi-authority. It can not only address the key escrow problem of one single authority, but also reduce the problem of high communication overhead and heavy burden of multi-authority. The analyzed results show that the proposed scheme has better comprehensive performance in trusted data storage and access control for power cyber-physical system.
Aspect-Oriented Adaptation of Access Control Rules. 2021 47th Euromicro Conference on Software Engineering and Advanced Applications (SEAA). :363–370.
.
2021. Cyber-physical systems (CPS) and IoT systems are nowadays commonly designed as self-adaptive, endowing them with the ability to dynamically reconFigure to reflect their changing environment. This adaptation concerns also the security, as one of the most important properties of these systems. Though the state of the art on adaptivity in terms of security related to these systems can often deal well with fully anticipated situations in the environment, it becomes a challenge to deal with situations that are not or only partially anticipated. This uncertainty is however omnipresent in these systems due to humans in the loop, open-endedness and only partial understanding of the processes happening in the environment. In this paper, we partially address this challenge by featuring an approach for tackling access control in face of partially unanticipated situations. We base our solution on special kind of aspects that build on existing access control system and create a second level of adaptation that addresses the partially unanticipated situations by modifying access control rules. The approach is based on our previous work where we have analyzed and classified uncertainty in security and trust in such systems and have outlined the idea of access-control related situational patterns. The aspects that we present in this paper serve as means for application-specific specialization of the situational patterns. We showcase our approach on a simplified but real-life example in the domain of Industry 4.0 that comes from one of our industrial projects.
In-database Auditing Subsystem for Security Enhancement. 2021 44th International Convention on Information, Communication and Electronic Technology (MIPRO). :1642—1647.
.
2021. Many information systems have been around for several decades, and most of them have their underlying databases. The data accumulated in those databases over the years could be a very valuable asset, which must be protected. The first role of database auditing is to ensure and confirm that security measures are set correctly. However, tracing user behavior and collecting a rich audit trail enables us to use that trail in a more proactive ways. As an example, audit trail could be analyzed ad hoc and used to prevent intrusion, or analyzed afterwards, to detect user behavior patterns, forecast workloads, etc. In this paper, we present a simple, secure, configurable, role-separated, and effective in-database auditing subsystem, which can be used as a base for access control, intrusion detection, fraud detection and other security-related analyses and procedures. It consists of a management relations, code and data object generators and several administrative tools. This auditing subsystem, implemented in several information systems, is capable of keeping the entire audit trail (data history) of a database, as well as all the executed SQL statements, which enables different security applications, from ad hoc intrusion prevention to complex a posteriori security analyses.
Methods and Algorithms for Generating a Storage Key Based on Biometric Parameters. 2021 International Russian Automation Conference (RusAutoCon). :137–141.
.
2021. The theoretical basis made it possible to implement software for automated secure biometric verification and personal identification, which can be used by information security systems (including access control and management systems). The work is devoted to solving an urgent problem - the development of methods and algorithms for generating a key for a storage device based on biometric parameters. Biometric cryptosystems take advantage of biometrics to improve the security of encryption keys. The ability not to store a key that is derived from biometric data is a direct advantage of the method of generating cryptographic keys from biometric data of users over other existing encryption methods.
Services for Zero Trust Architectures - A Research Roadmap. 2021 IEEE International Conference on Web Services (ICWS). :14–20.
.
2021. The notion of Zero Trust Architecture (ZTA) has been introduced as a fine-grained defense approach. It assumes that no entities outside and inside the protected system can be trusted and therefore requires articulated and high-coverage deployment of security controls. However, ZTA is a complex notion which does not have a single design solution; rather it consists of numerous interconnected concepts and processes that need to be assessed prior to deciding on a solution. In this paper, we outline a ZTA design methodology based on cyber risks and the identification of known high security risks. We then discuss challenges related to the design and deployment of ZTA and related solutions. We also discuss the role that service technology can play in ZTA.
Algebraic Decision Diagram-Based CP-ABE with Constant Secret and Fast Decryption. 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :98–106.
.
2020. Ciphertext-policy attribute-based encryption (CP-ABE) is applied to many data service platforms to provides secure and fine-grained access control. In this paper, a new CP-ABE system based on the algebraic decision diagram (ADD) is presented. The new system makes full use of both the powerful description ability and the high calculating efficiency of ADD to improves the performance and efficiency of algorithms contained in CP-ABE. First, the new system supports both positive and negative attributes in the description of access polices. Second, the size of the secret key is constant and is not affected by the number of attributes. Third, time complexity of the key generation and decryption algorithms are O(1). Finally, this scheme allows visitors to have different access permissions to access shared data or file. At the same time, PV operation is introduced into CP-ABE framework for the first time to prevent resource conflicts caused by read and write operations on shared files. Compared with other schemes, the new scheme proposed in this paper performs better in function and efficiency.
An Attack-Resilient Architecture for the Internet of Things. IEEE Transactions on Information Forensics and Security. 15:3940–3954.
.
2020. With current IoT architectures, once a single device in a network is compromised, it can be used to disrupt the behavior of other devices on the same network. Even though system administrators can secure critical devices in the network using best practices and state-of-the-art technology, a single vulnerable device can undermine the security of the entire network. The goal of this work is to limit the ability of an attacker to exploit a vulnerable device on an IoT network and fabricate deceitful messages to co-opt other devices. The approach is to limit attackers by using device proxies that are used to retransmit and control network communications. We present an architecture that prevents deceitful messages generated by compromised devices from affecting the rest of the network. The design assumes a centralized and trustworthy machine that can observe the behavior of all devices on the network. The central machine collects application layer data, as opposed to low-level network traffic, from each IoT device. The collected data is used to train models that capture the normal behavior of each individual IoT device. The normal behavioral data is then used to monitor the IoT devices and detect anomalous behavior. This paper reports on our experiments using both a binary classifier and a density-based clustering algorithm to model benign IoT device behavior with a realistic test-bed, designed to capture normal behavior in an IoT-monitored environment. Results from the IoT testbed show that both the classifier and the clustering algorithms are promising and encourage the use of application-level data for detecting compromised IoT devices.
Conference Name: IEEE Transactions on Information Forensics and Security
Blockchain-Based Scheme for Authentication and Capability-Based Access Control in IoT Environment. 2020 11th IEEE Annual Ubiquitous Computing, Electronics Mobile Communication Conference (UEMCON). :0323–0330.
.
2020. Authentication and access control techniques are fundamental security elements to restrict access to critical resources in IoT environment. In the current state-of-the-art approaches in the literature, the architectures do not address the security features of authentication and access control together. Besides, they don't completely fulfill the key Internet-of-Things (IoT) features such as usability, scalability, interoperability and security. In this paper, we introduce a novel blockchain-based architecture for authentication and capability-based access control for IoT environment. A capability is a token which contains the access rights authorized to the device holding it. The architecture uses blockchain technology to carry out all the operations in the scheme. It does not embed blockchain technology into the resource-constrained IoT devices for the purpose of authentication and access control of the devices. However, the IoT devices and blockchain are connected by means of interfaces through which the essential communications are established. The authenticity of such interfaces are verified before any communication is made. Consequently, the architecture satisfies usability, scalability, interoperability and security features. We carried out security evaluation for the scheme. It exhibits strong resistance to threats like spoofing, tampering, repudiation, information disclosure, and Denial-of-Service (DoS). We also developed a proof of concept implementation where cost and storage overhead of blockchain transactions are studied.
ConfigRand: A Moving Target Defense Framework against the Shared Kernel Information Leakages for Container-based Cloud. 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :794—801.
.
2020. Lightweight virtualization represented by container technology provides a virtual environment for cloud services with more flexibility and efficiency due to the kernel-sharing property. However, the shared kernel also means that the system isolation mechanisms are incomplete. Attackers can scan the shared system configuration files to explore vulnerabilities for launching attacks. Previous works mainly eliminate the problem by fixing operating systems or using access control policies, but these methods require significant modifications and cannot meet the security needs of individual containers accurately. In this paper, we present ConfigRand, a moving target defense framework to prevent the information leakages due to the shared kernel in the container-based cloud. The ConfigRand deploys deceptive system configurations for each container, bounding the scan of attackers aimed at the shared kernel. In design of ConfigRand, we (1) propose a framework applying the moving target defense philosophy to periodically generate, distribute, and deploy the deceptive system configurations in the container-based cloud; (2) establish a model to formalize these configurations and quantify their heterogeneity; (3) present a configuration movement strategy to evaluate and optimize the variation of configurations. The results show that ConfigRand can effectively prevent the information leakages due to the shared kernel and apply to typical container applications with minimal system modification and performance degradation.
A Context-Policy-Based Approach to Access Control for Healthcare Data Protection. 2020 International Computer Symposium (ICS). :420–425.
.
2020. Fueled by the emergence of IoT-enabled medical sensors and big data analytics, nations all over the world are widely adopting digitalization of healthcare systems. This is certainly a positive trend for improving the entire spectrum of quality of care, but this convenience is also posing a huge challenge on the security of healthcare data. For ensuring privacy and protection of healthcare data, access control is regarded as one of the first-line-of-defense mechanisms. As none of the traditional enterprise access control models can completely cater to the need of the healthcare domain which includes a myriad of contexts, in this paper, we present a context-policy-based access control scheme. Our scheme relies on the eTRON cybersecurity architecture for tamper-resistance and cryptographic functions, and leverages a context-specific blend of classical discretionary and role-based access models for incorporation into legacy systems. Moreover, our scheme adheres to key recommendations of prominent statutory and technical guidelines including HIPAA and HL7. The protocols involved in the proposed access control system have been delineated, and a proof-of-concept implementation has been carried out - along with a comparison with other systems, which clearly suggests that our approach is more responsive to different contexts for protecting healthcare data.
Covert Channels of Data Communication. 2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT). :0557—0558.
.
2020. The article is dedicated to covert channels of data communication in the protected operating system based on the Linux kernel with mandatory access control. The channel which is not intended by developers violates security policy and can lead to disclosure of confidential information. In this paper the covert storage channels are considered. Authors show opportunities to violate the secrecy policy in the protected operating system based on the Linux kernel experimentally. The first scenario uses time stamps of the last access to the files (“atime” stamp), the second scenario uses unreliable mechanism of the automatic login to the user session with another level of secrecy. Then, there are some recommendations to prevent these violations. The goal of this work is to analyze the methods of using covert channels, both previously known and new. The result of the article is recommendations allowing to eliminate security threats which can be embodied through covert channels.
HBD-Authority: Streaming Access Control Model for Hadoop. 2020 IEEE 6th International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application (DependSys). :16–25.
.
2020. Big data analytics, in essence, is becoming the revolution of business intelligence around the world. This momentum has given rise to the hype around analytic technologies, including Apache Hadoop. Hadoop was not originally developed with security in mind. Despite the evolving efforts to integrate security in Hadoop through developing new tools (e.g., Apache Sentry and Ranger) and employing traditional mechanisms (e.g., Kerberos and LDAP), they mainly focus on providing encryption and authentication features, albeit with limited authorization support. Existing solutions in the literature extended these evolving efforts. However, they suffer from limitations, hindering them from providing robust authorization that effectively meets the unique requirements of big data environments. Towards covering this gap, this paper proposes a hybrid authority (HBD-Authority) as a formal attribute-based access control model with context support. This model is established on a novel hybrid approach of authorization transparency that pertains to three fundamental properties of accuracy: correctness, security, and completeness. The model leverages streaming data analytics to foster distributed parallel processing capabilities that achieve multifold benefits: a) efficiently managing the security policies and promptly updating the privileges assigned to a high number of users interacting with the analytic services; b) swiftly deciding and enforcing authorization of requests over data characterized by the 5Vs; and c) providing dynamic protection for data which is frequently updated. The implementation details and experimental evaluation of the proposed model are presented, demonstrating its performance efficiency.