{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,2]],"date-time":"2025-10-02T15:41:24Z","timestamp":1759419684506,"version":"build-2065373602"},"reference-count":25,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2025,10,2]],"date-time":"2025-10-02T00:00:00Z","timestamp":1759363200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["www.mdpi.com"],"crossmark-restriction":true},"short-container-title":["Computers"],"abstract":"<jats:p>The Attribute-Based Access Control (ABAC) model provides access control decisions based on subject, object (resource), and contextual attributes. However, the use of sensitive attributes in access control decisions poses many security and privacy challenges, particularly in cloud environment where third parties are involved. To address this shortcoming, we present a novel privacy-preserving Dummy-ABAC model that obfuscates real attributes with dummy attributes before transmission to the cloud server. In the proposed model, only dummy attributes are stored in the cloud database, whereas real attributes and mapping tokens are stored in a local machine database. Only dummy attributes are used for the access request evaluation in the cloud, and real data are retrieved in the post-decision mechanism using secure tokens. The security of the proposed model was assessed using a simulated threat scenario, including attribute inference, policy injection, and reverse mapping attacks. Experimental evaluation using machine learning classifiers (\u201cDecisionTree\u201d DT, \u201cRandomForest\u201d RF), demonstrated that inference accuracy dropped from ~0.65 on real attributes to ~0.25 on dummy attributes confirming improved resistance to inference attacks. Furthermore, the model rejects malformed and unauthorized policies. Performance analysis of dummy generation, token generation, encoding, and nearest-neighbor search, demonstrated minimal latency in both local and cloud environments. Overall, the proposed model ensures an efficient, secure, and privacy-preserving access control in cloud environments.<\/jats:p>","DOI":"10.3390\/computers14100420","type":"journal-article","created":{"date-parts":[[2025,10,2]],"date-time":"2025-10-02T15:07:48Z","timestamp":1759417668000},"page":"420","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Machine Learning-Driven Security and Privacy Analysis of a Dummy-ABAC Model for Cloud Computing"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9297-0009","authenticated-orcid":false,"given":"Baby","family":"Marina","sequence":"first","affiliation":[{"name":"Department of Information Technology, Shaheed Benazir Bhutto University, Shaheed Benazirabad, Nawabshah 67450, Pakistan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0306-1311","authenticated-orcid":false,"given":"Irfana","family":"Memon","sequence":"additional","affiliation":[{"name":"Department of Computer Systems Engineering, Quaid-e-Awam University of Science and Technology, Nawabshah 67450, Pakistan"}]},{"given":"Fizza Abbas","family":"Alvi","sequence":"additional","affiliation":[{"name":"Department of Computer Systems Engineering, Quaid-e-Awam University of Science and Technology, Nawabshah 67450, Pakistan"}]},{"given":"Ubaidullah","family":"Rajput","sequence":"additional","affiliation":[{"name":"Department of Computer Systems Engineering, Quaid-e-Awam University of Science and Technology, Nawabshah 67450, Pakistan"}]},{"given":"Mairaj","family":"Nabi","sequence":"additional","affiliation":[{"name":"Department of Information Technology, Shaheed Benazir Bhutto University, Shaheed Benazirabad, Nawabshah 67450, Pakistan"}]}],"member":"1968","published-online":{"date-parts":[[2025,10,2]]},"reference":[{"key":"ref_1","unstructured":"Microsoft Azure (2025, July 15). Azure Cloud Computing Services. Available online: http:\/\/azure.microsoft.com."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"131723","DOI":"10.1109\/ACCESS.2020.3009876","article-title":"Data Security and Privacy Protection for Cloud Storage: A Survey","volume":"8","author":"Yang","year":"2020","journal-title":"IEEE Access"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"758","DOI":"10.3390\/jcp3040034","article-title":"Security in Cloud-Native Services: A Survey","volume":"3","author":"Theodoropoulos","year":"2023","journal-title":"J. Cybersecur. Priv."},{"key":"ref_4","first-page":"100015","article-title":"Securing Distributed Systems: A Survey on Access Control Techniques for Cloud, Blockchain, IoT, and SDN","volume":"1","author":"Golightly","year":"2023","journal-title":"Cybern. Appl."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.13052\/jcsm2245-1439.731","article-title":"Survey on Access Control Mechanisms in Cloud Computing","volume":"7","author":"Akbulut","year":"2018","journal-title":"J. Cyber Secur. Mobil."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"17777","DOI":"10.1109\/ACCESS.2025.3533145","article-title":"A Systematic Review of Access Control Models: Background, Existing Research, and Challenges","volume":"11","author":"Farhadighalati","year":"2025","journal-title":"IEEE Access"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"3865","DOI":"10.1016\/j.procs.2021.09.161","article-title":"Application of Access Control Model for Confidential Data","volume":"192","author":"Shan","year":"2021","journal-title":"Procedia Comput. Sci."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1241","DOI":"10.1016\/j.procs.2020.09.133","article-title":"Role and Object Domain-Based Access Control Model for Graduate Education Information System","volume":"176","author":"Jin","year":"2020","journal-title":"Procedia Comput. Sci."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"101552","DOI":"10.1016\/j.imu.2024.101552","article-title":"Access Control Solutions in Electronic Health Record Systems: A Systematic Review","volume":"49","author":"Cobrado","year":"2024","journal-title":"Inform. Med. Unlocked"},{"key":"ref_10","first-page":"1","article-title":"Guide to Attribute-Based Access Control (ABAC): Definition and Considerations","volume":"800\u2013162","author":"Hu","year":"2019","journal-title":"NIST Spec. Publ."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"103441","DOI":"10.1016\/j.autcon.2020.103441","article-title":"Cloud Computing in the Construction Industry: Use Cases, Benefits, and Challenges","volume":"122","author":"Bello","year":"2020","journal-title":"Autom. Constr."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/IJRQEH.297076","article-title":"Patient-Controlled Mechanism Using Pseudonymization Technique for Ensuring the Security and Privacy of Electronic Health Records","volume":"11","author":"Rai","year":"2022","journal-title":"Int. J. Reliab. Qual. E-Healthc."},{"key":"ref_13","first-page":"103021","article-title":"Log Pseudonymization: Privacy Maintenance in Practice","volume":"63","author":"Varanda","year":"2021","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Andrew, J., Eunice, R.J., and Karthikeyan, J. (2023). An Anonymization-Based Privacy-Preserving Data Collection Protocol for Digital Health Data. Front. Public Health, 11.","DOI":"10.3389\/fpubh.2023.1125011"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Goncalves, A., Ray, P., Soper, B., Stevens, J., Coyle, L., and Sales, A.P. (2020). Generation and Evaluation of Synthetic Patient Data. BMC Med. Res. Methodol., 20.","DOI":"10.1186\/s12874-020-00977-1"},{"key":"ref_16","unstructured":"Jordon, J., Yoon, J., and van der Schaar, M. (2019, January 6\u20139). PATE-GAN: Generating Synthetic Data with Differential Privacy Guarantees. Proceedings of the International Conference on Learning Representations (ICLR), New Orleans, LA, USA."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"489","DOI":"10.1007\/s10207-021-00565-4","article-title":"Accountable Privacy Preserving Attribute-Based Access Control for Cloud Services Enforced Using Blockchain","volume":"21","author":"Ghorbel","year":"2022","journal-title":"Int. J. Inf. Secur."},{"key":"ref_18","first-page":"104","article-title":"Privacy-Preserving Data Sharing in Cloud Computing Environments","volume":"13","author":"Chandra","year":"2024","journal-title":"Eduzone Int. Peer Rev. Multidiscip. J."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.procs.2024.05.090","article-title":"ABAC-PA2: Attribute-Based Access Control Model with Privacy-Aware Anonymous Access","volume":"237","author":"Chaturvedi","year":"2024","journal-title":"Procedia Comput. Sci."},{"key":"ref_20","first-page":"1182","article-title":"MC-ABAC: An ABAC-Based Model for Collaboration in Multi-Cloud Environment","volume":"14","author":"Madani","year":"2023","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_21","first-page":"5","article-title":"Privacy-Preserving Attribute-Based Access Control Using Homomorphic Encryption","volume":"8","author":"Kerl","year":"2025","journal-title":"Cybern."},{"key":"ref_22","first-page":"e11282","article-title":"Secure EHR Access in the Cloud: An Alloy-Based Formalization of ABAC in Collaborative and Non-Collaborative Models","volume":"5","author":"Abdelkrim","year":"2024","journal-title":"Stud. Eng. Exact Sci."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1007\/978-3-030-05345-1_31","article-title":"A Privacy-Preserving Attribute-Based Access Control Scheme","volume":"Volume 11342","author":"Xu","year":"2018","journal-title":"Proceedings of the International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2018)"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Truong, A.T. (2022, January 12). A Comprehensive Framework Integrating Attribute-Based Access Control and Privacy Protection Models. Proceedings of the International Conference on Advances in Engineering Research and Application (ICERA 2021), Bhubaneswar, India.","DOI":"10.1007\/978-3-030-92574-1_5"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1007\/s10586-024-04696-w","article-title":"Privacy Preserving Spatio-Temporal Attribute-Based Encryption for Cloud Applications","volume":"28","author":"Routray","year":"2025","journal-title":"Clust. Comput."}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/14\/10\/420\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,2]],"date-time":"2025-10-02T15:18:14Z","timestamp":1759418294000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/14\/10\/420"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,2]]},"references-count":25,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2025,10]]}},"alternative-id":["computers14100420"],"URL":"https:\/\/doi.org\/10.3390\/computers14100420","relation":{},"ISSN":["2073-431X"],"issn-type":[{"value":"2073-431X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,2]]}}}