Tools
Tools
Shaikh, Riaz Ahmed 
ORCID: https://orcid.org/0000-0001-6666-0253, Adi, Kamel and Logrippo, Luigi
(2012)
Dynamic risk-based decision methods for access control systems.
Computers and Security, 31 (4).
pp. 447-464.
ISSN 0167-4048
Abstract
In traditional multi-level security systems, trust and risk values are pre-computed. Any change in these values requires manual intervention of an administrator. In many dynamic environments, however, these values should be auto-adaptive, and auto-tunable according to the usage history of the users. Moreover, occasional exceptions on resource needs, which are common in dynamic environments like healthcare, should be allowed if the subjects show a positive record of use toward resources they acquired in the past. Conversely, access of authorized users, who have negative record, should be restricted. These requirements are not taken into consideration in existing risk-based access control systems. In order to overcome these shortcomings and to meet different sensitivity requirements of various applications, we propose two dynamic risk-based decision methods for access control systems. We provide theoretical and simulation-based analysis and evaluation of both schemes. Also, we analytically prove that the proposed methods, not only allow exceptions under certain controlled conditions, but uniquely restrict legitimate access of bad authorized users.
| Item Type: | Article |
|---|---|
| Additional Information: | Funding Information: The work reported in this article was partially supported by the Natural Sciences and Engineering Research Council of Canada, PROMPT Quebec, and CA Technologies. We thank Hemanth Khambhammettu, and Serge Mankovski for useful discussions. We are also thankful to the anonymous referees for comments that have led to improvements in the paper. |
| Uncontrolled Keywords: | access control,policy,risk,security,trust,computer science(all),law ,/dk/atira/pure/subjectarea/asjc/1700 |
| Faculty \ School: | Faculty of Science > School of Computing Sciences |
| UEA Research Groups: | Faculty of Science > Research Groups > Cyber Security Privacy and Trust Laboratory |
| Related URLs: | |
| Depositing User: | LivePure Connector |
| Date Deposited: | 16 Aug 2022 15:31 |
| Last Modified: | 07 May 2023 06:30 |
| URI: | https://ueaeprints.uea.ac.uk/id/eprint/87332 |
| DOI: | 10.1016/j.cose.2012.02.006 |
Actions (login required)
 |
View Item |