Risk-based decision method for access control systems

Riaz Ahmed Shaikh, Kamel Adi, Luigi Logrippo, Serge Mankovski

Research output: Chapter in Book/Report/Conference proceedingConference contribution

15 Citations (Scopus)

Abstract

Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do not contain automatic mechanisms through which a system can increase or decrease users' access to classified information. Therefore, in this paper, we propose a risk-based decision method for an access control system. Firstly, we dynamically calculate the trust and risk values for each subject-object pair. Both values are adaptive, reflecting the past behavior of the users with particular objects. The past behavior is evaluated based on the history of reward and penalty points. These are assigned by the system after the completion of every transaction. Secondly, based on the trust and risk values, an access decision is made.

Original languageEnglish
Title of host publication2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011
Pages189-192
Number of pages4
DOIs
Publication statusPublished - 2011
Event2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011 - Montreal, QC, Canada
Duration: 19 Jul 201121 Jul 2011

Publication series

Name2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011

Conference

Conference2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011
Country/TerritoryCanada
CityMontreal, QC
Period19/07/1121/07/11

Cite this