ABAC as Access Control Solution for Digital Evidence Storage

Tri Kuntoro Priyambodo (1), Yudi Prayudi (2), Rahmat Budiarto (3)
(1) Department of Computer Science and Electronics, Gadjah Mada University, Yogyakarta, 55281, Indonesia
(2) Department of Informatics, Universitas Islam Indonesia, Yogyakarta, Indonesia
(3) College of Computer Science and IT, Albaha University, Saudi Arabia
Fulltext View | Download
How to cite (IJASEIT) :
Priyambodo, Tri Kuntoro, et al. “ABAC As Access Control Solution for Digital Evidence Storage”. International Journal on Advanced Science, Engineering and Information Technology, vol. 14, no. 1, Feb. 2024, pp. 37-44, doi:10.18517/ijaseit.14.1.17502.
Digital evidence is content that must be protected against access and use by parties who should not have the authority to do so. Some protection parameters for access to digital evidence must be implemented to ensure its integrity and authenticity. Access to digital evidence is not enough to be facilitated only with authorization and authentication mechanisms but must also be facilitated with other aspects of access by users according to their level of authority. One approach is to use the concept of access control. The study of access control to digital evidence is essential. However, studies on this matter are still limited. Among the many access control models, the application of access control based on attribute variations is a concept that can be applied to the context of access to digital evidence. This paper discusses policy design and modeling using attribute-based access control (ABAC) with four attributes: subject, resource, action, and environment. Then, it implements and tests various requests to the system based on attribute variations and possible algorithms. This study supports the security of digital evidence storage systems through access control to the resources it manages using the Policy Statement, Policy Modeling, Policy Implementation, and Policy Validation approaches. The application of the access control design shows that the ABAC concept has been successfully applied as an access control solution for digital evidence stored in digital evidence storage systems. The built policy design was successfully validated using ACPT Tools, concluding that there was no inconsistency or incompleteness.

C. Cross, T. Holt, A. Powell, and M. Wilson, “Trends & Issues in Crime and Criminal Justice,” Aust. Inst. Criminal., no. 635, 2021.

(World Economic Forum), “Global Cybersecurity Outlook 2022,” Geneva Switzerland, 2022.

ICCC FBI, “Internet Crime Report 2021,” USA, 2022.

IBM Security, “X-Force Threat Intelligence Index 2022,” 2022.

G. Horsman, “Standardising digital forensic examination procedures: A look at Windows 10 in cases involving images depicting child sexual abuse,” WIREs Forensic Sci., vol. 3, no. 6, pp. 1–12, 2021, DOI: 10.1002/wfs2.1417.

V. Roussev, “Forensics Knowledge Area Version 1.0.1,” New Orleans USA, 2021.

Y. Prayudi, A. Ashari, and T. K. Priyambodo, “The Framework to Support The Digital Evidence Handling : A Case Study of Procedures for The Management of Evidence in Indonesia,” J. Cases Inf. Technol., vol. 22, no. 3, pp. 51–71, 2020.

Y. Prayudi, A. Ashari, and T. K. Priyambodo, “The Pseudo Metadata Concept For The Chain of Custody of Digital Evidence,” Int. J. Electron. Secure. Digit. Forensics, vol. 11, no. 4, pp. 395–419, 2019.

G. Horsman, “Digital evidence and the crime scene,” Sci. Justice, vol. 61, no. 6, pp. 761–770, 2021, doi: 10.1016/j.scijus.2021.10.003.

P. Reedy, “Interpol review of digital evidence 2016 - 2019,” Forensic Sci. Int. Synerg., vol. 2, pp. 489–520, 2020, DOI: 10.1016/j.fsisyn.2020.01.015.

D. Kim, S.-Y. Ihm, and Y. Son, “Two-Level Blockchain System for Digital Crime Evidence Management,” Sensors 2021, vol. 21, no. 3051, pp. 1–17, 2021, DOI: 10.4324/9780429292767-22.

European Union Agency for Law Enforcement Cooperation, “Evidence Situation Report 3rd Annual Report,” 2021.

A. Singh, R. A. Ikuesan, and H. Venter, “Secure Storage Model for Digital Forensic Readiness,” IEEE Access, vol. 10, pp. 19469–19480, 2022, doi: 10.1109/ACCESS.2022.3151403.

A. Al-Dhaqm et al., “Digital Forensics Subdomains: The State of the Art and Future Directions,” IEEE Access, vol. 9, pp. 152476–152502, 2021, doi: 10.1109/ACCESS.2021.3124262.

F. Casino et al., “Research Trends, Challenges, and Emerging Topics in Digital Forensics: A Review of Reviews,” IEEE Access, vol. 10, pp. 25464–25493, 2022, doi: 10.1109/ACCESS.2022.3154059.

C. Hsu and Y. Lin, “A Digital Evidence Protection Method with Hierarchical Access Control Mechanisms,” in IEEE International Carnahan Conference on Security Technology (ICCST), 2011, pp. 1–9.

N. Juma, X. Huang, and M. Tripunitara, “Forensic Analysis in Access Control: Foundations and a Case-Study from Practice,” Proc. ACM Conf. Comput. Commun. Secure., pp. 1533–1550, 2020, DOI: 10.1145/3372297.3417860.

K. Erikson, “Frameworks for Centralized Authentication and Authorization,” Åbo Akademi University, 2020.

Y. Prayudi, A. Ashari, and T. K. Priyambodo, “The pseudo metadata concept for the chain of custody of digital evidence,” Int. J. Electron. Secure. Digit. Forensics, vol. 11, no. 4, 2019, DOI: 10.1504/IJESDF.2019.102554.

S. Bhatt, T. K. Pham, M. Gupta, J. Benson, J. Park, and R. Sandhu, “Attribute-Based Access Control for AWS Internet of Things and Secure Industries of the Future,” IEEE Access, vol. 9, pp. 107200–107223, 2021, doi: 10.1109/ACCESS.2021.3101218.

S. Kern, T. Baumer, S. Groll, L. Fuchs, and G. Pernul, “Optimisation of Access Control Policies,” J. Inf. Secur. Appl., vol. 70, no. September, 2022, doi: 10.1016/j.jisa.2022.103301.

A. Singh, R. A. Ikuesan, and H. Venter, “Secure Storage Model for Digital Forensic Readiness,” IEEE Access, vol. 10, pp. 19469–19480, 2022, DOI: 10.1109/ACCESS.2022.3151403.

B. Kim, W. Shin, D. Y. Hwang, and K. H. Kim, “Attribute-Based Access Control (ABAC) with Decentralised Identifier in the Blockchain-Based Energy Transaction Platform,” Int. Conf. Inf. Netw., vol. 2021-Janua, pp. 845–848, 2021, DOI: 10.1109/ICOIN50884.2021.9333894.

R. Barhoun, M. Ed-Daibouni, and A. Namir, “An extended attribute-based access control (ABAC) model for distributed collaborative healthcare system,” Int. J. Serv. Sci. Manag. Eng. Technol., vol. 10, no. 4, pp. 81–94, 2019, doi: 10.4018/IJSSMET.2019100105.

S. Khan et al., “An Efficient and Secure Revocation-Enabled Attribute-Based Access Control for eHealth in Smart Society,” Sensors, vol. 22, no. 1, pp. 1–23, 2022, DOI: 10.3390/s22010336.

Y. Dahiya and S. Sangwan, “Developing and Enhancing the Security of Digital Evidence Bag,” Int. J. Res. Stud. Comput. Sci. Eng., vol. 1, no. 2, pp. 14–25, 2014.

J. Rajamäki and J. Knuuttila, “Law Enforcement Authorities’ Legal Digital Evidence Gathering: Legal, Integrity and Chain-of-Custody Requirement,” Proc. - 2013 Eur. Intell. Secure. Informatics Conf. EISIC 2013, pp. 198–203, 2013, DOI: 10.1109/EISIC.2013.44.

A. K. Mishra, M. C. Govil, E. S. Pilli, and A. Bijalwan, “Digital Forensic Investigation of Healthcare Data in Cloud Computing Environment,” J. Healthc. Eng., vol. 2022, pp. 1–11, 2022, DOI: 10.1155/2022/9709101.

D. Servos and M. Bauer, “Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control,” 2020.

B. Leander, A. Causevic, H. Hansson, and T. Lindstrom, “Toward an Ideal Access Control Strategy for Industry 4.0 Manufacturing Systems,” IEEE Access, vol. 9, pp. 114037–114050, 2021, doi: 10.1109/ACCESS.2021.3104649.

G. Liu, W. Pei, Y. Tian, C. Liu, and S. Li, “A novel conflict detection method for ABAC security policies,” J. Ind. Inf. Integr., vol. 22, no. 2, p. 100200, 2021, doi: 10.1016/j.jii.2021.100200.

R. Thion, “Access Control Models,” in Cyber Warfare and Cyber Terorism, IGI Global, 2008.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
    2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
    3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).