Risk-based decision method for access control systems

Riaz Ahmed Shaikh; Kamel Adi; Luigi Logrippo; Serge Mankovski

doi:10.1109/PST.2011.5971982

Risk-based decision method for access control systems

Riaz Ahmed Shaikh, Kamel Adi, Luigi Logrippo, Serge Mankovski

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

13 Citations (Scopus)

Abstract

Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do not contain automatic mechanisms through which a system can increase or decrease users' access to classified information. Therefore, in this paper, we propose a risk-based decision method for an access control system. Firstly, we dynamically calculate the trust and risk values for each subject-object pair. Both values are adaptive, reflecting the past behavior of the users with particular objects. The past behavior is evaluated based on the history of reward and penalty points. These are assigned by the system after the completion of every transaction. Secondly, based on the trust and risk values, an access decision is made.

Original language	English
Title of host publication	2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011
Pages	189-192
Number of pages	4
DOIs	https://doi.org/10.1109/PST.2011.5971982
Publication status	Published - 2011
Event	2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011 - Montreal, QC, Canada Duration: 19 Jul 2011 → 21 Jul 2011

Publication series

Name	2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011

Conference

Conference	2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011
Country/Territory	Canada
City	Montreal, QC
Period	19/07/11 → 21/07/11

Access to Document

10.1109/PST.2011.5971982

Cite this

@inproceedings{e5652a0227e64c8ea7ece7621da306e0,

title = "Risk-based decision method for access control systems",

abstract = "Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do not contain automatic mechanisms through which a system can increase or decrease users' access to classified information. Therefore, in this paper, we propose a risk-based decision method for an access control system. Firstly, we dynamically calculate the trust and risk values for each subject-object pair. Both values are adaptive, reflecting the past behavior of the users with particular objects. The past behavior is evaluated based on the history of reward and penalty points. These are assigned by the system after the completion of every transaction. Secondly, based on the trust and risk values, an access decision is made.",

author = "Shaikh, {Riaz Ahmed} and Kamel Adi and Luigi Logrippo and Serge Mankovski",

year = "2011",

doi = "10.1109/PST.2011.5971982",

language = "English",

isbn = "9781457705847",

series = "2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011",

pages = "189--192",

booktitle = "2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011",

note = "2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011 ; Conference date: 19-07-2011 Through 21-07-2011",

}

Shaikh, RA, Adi, K, Logrippo, L & Mankovski, S 2011, Risk-based decision method for access control systems. in 2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011., 5971982, 2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011, pp. 189-192, 2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011, Montreal, QC, Canada, 19/07/11. https://doi.org/10.1109/PST.2011.5971982

Risk-based decision method for access control systems. / Shaikh, Riaz Ahmed; Adi, Kamel; Logrippo, Luigi; Mankovski, Serge.

2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011. 2011. p. 189-192 5971982 (2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Risk-based decision method for access control systems

AU - Shaikh, Riaz Ahmed

AU - Adi, Kamel

AU - Logrippo, Luigi

AU - Mankovski, Serge

PY - 2011

Y1 - 2011

N2 - Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do not contain automatic mechanisms through which a system can increase or decrease users' access to classified information. Therefore, in this paper, we propose a risk-based decision method for an access control system. Firstly, we dynamically calculate the trust and risk values for each subject-object pair. Both values are adaptive, reflecting the past behavior of the users with particular objects. The past behavior is evaluated based on the history of reward and penalty points. These are assigned by the system after the completion of every transaction. Secondly, based on the trust and risk values, an access decision is made.

AB - Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do not contain automatic mechanisms through which a system can increase or decrease users' access to classified information. Therefore, in this paper, we propose a risk-based decision method for an access control system. Firstly, we dynamically calculate the trust and risk values for each subject-object pair. Both values are adaptive, reflecting the past behavior of the users with particular objects. The past behavior is evaluated based on the history of reward and penalty points. These are assigned by the system after the completion of every transaction. Secondly, based on the trust and risk values, an access decision is made.

UR - http://www.scopus.com/inward/record.url?scp=80052086152&partnerID=8YFLogxK

U2 - 10.1109/PST.2011.5971982

DO - 10.1109/PST.2011.5971982

M3 - Conference contribution

AN - SCOPUS:80052086152

SN - 9781457705847

T3 - 2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011

SP - 189

EP - 192

BT - 2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011

T2 - 2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011

Y2 - 19 July 2011 through 21 July 2011

ER -

Risk-based decision method for access control systems

Abstract

Publication series

Conference

Access to Document

Other files and links

Cite this