US Patent Office Grants Patent to QNRF-Funded Project for Adaptive Security

Dr. Khaled Khan and Dr. Armstrong Nhlabatsi from the College of Engineering at Qatar University (QU) have recently obtained a US Patent (No. 10,713,355) for their invention on adaptive security.

This research project was funded by the Qatar National Research Fund (QNRF). The research team led by Dr. Khaled Khan, an Associate Professor in the Department of Computer Science and Engineering at QU in collaboration with The Open University (UK), invented a method to enable security designers of the cloud application to make security mechanisms dynamic and adaptive.

The invention incorporates contextual attributes, which are considered in addition to rules when making an access control decision by the system.

Dr. Khaled Khan pointed out that access rights to information on computer-based systems may depend on contextual factors, such as who is accessing the data, from where, and under which threat conditions.

He said that there is a need for the dynamism of access control mechanisms considering contextual factors that arise at runtime.

Dr. Khan added that security threats in cloud environments are dynamic, requiring access control mechanisms to respond to the changing nature of the threats. Current access control mechanisms in the cloud use static rules expressed as security policies.

Existing solutions focus on pre-designed access control measures at design time, hence not handling unknown threats that may arise at runtime. The current access control mechanisms do not consider runtime context-making security none-adaptive.

This project has rigorously tackled this dynamic issue of security in the cloud.

In terms of practicality of the proposed approach, mobile app developers and cloud service providers can incorporate this invented technology in their access control mechanisms.

The team has also implemented a prototype to demonstrate the feasibility of the solution. The prototype uses AWARE, XACML policy engine, AXIS 2, and machine learning.

Dr. Khaled Khan has concluded that the adaptive nature of this invention by the QU-OU joint team is a turning point in cybersecurity.

Read more at The Peninsula.