TY - GEN
T1 - Risk-based decision method for access control systems
AU - Shaikh, Riaz Ahmed
AU - Adi, Kamel
AU - Logrippo, Luigi
AU - Mankovski, Serge
PY - 2011
Y1 - 2011
N2 - Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do not contain automatic mechanisms through which a system can increase or decrease users' access to classified information. Therefore, in this paper, we propose a risk-based decision method for an access control system. Firstly, we dynamically calculate the trust and risk values for each subject-object pair. Both values are adaptive, reflecting the past behavior of the users with particular objects. The past behavior is evaluated based on the history of reward and penalty points. These are assigned by the system after the completion of every transaction. Secondly, based on the trust and risk values, an access decision is made.
AB - Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do not contain automatic mechanisms through which a system can increase or decrease users' access to classified information. Therefore, in this paper, we propose a risk-based decision method for an access control system. Firstly, we dynamically calculate the trust and risk values for each subject-object pair. Both values are adaptive, reflecting the past behavior of the users with particular objects. The past behavior is evaluated based on the history of reward and penalty points. These are assigned by the system after the completion of every transaction. Secondly, based on the trust and risk values, an access decision is made.
UR - http://www.scopus.com/inward/record.url?scp=80052086152&partnerID=8YFLogxK
U2 - 10.1109/PST.2011.5971982
DO - 10.1109/PST.2011.5971982
M3 - Conference contribution
AN - SCOPUS:80052086152
SN - 9781457705847
T3 - 2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011
SP - 189
EP - 192
BT - 2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011
T2 - 2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011
Y2 - 19 July 2011 through 21 July 2011
ER -