Risk-based decision method for access control systems

Riaz Ahmed Shaikh; K. Adi; L. Logrippo; Serge Mankovski; IEEE

doi:10.1109/PST.2011.5971982

Back

Conference proceeding

Risk-based decision method for access control systems

Riaz Ahmed Shaikh, K. Adi, L. Logrippo, Serge Mankovski and IEEE

2011 Ninth Annual International Conference on Privacy, Security and Trust, pp.189-192

07/2011

DOI: https://doi.org/10.1109/PST.2011.5971982

Abstract

Access control

Conferences

Equations

History

Mathematical model

Sensitivity

Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do not contain automatic mechanisms through which a system can increase or decrease users' access to classified information. Therefore, in this paper, we propose a risk-based decision method for an access control system. Firstly, we dynamically calculate the trust and risk values for each subject-object pair. Both values are adaptive, reflecting the past behavior of the users with particular objects. The past behavior is evaluated based on the history of reward and penalty points. These are assigned by the system after the completion of every transaction. Secondly, based on the trust and risk values, an access decision is made.

Metrics

1 Record Views

Details

Title: Risk-based decision method for access control systems
Creators - without role: Riaz Ahmed Shaikh - Université du Québec en Outaouais
K. Adi - Université du Québec en Outaouais
L. Logrippo - Université du Québec en Outaouais
Serge Mankovski - Thornhill Medical
IEEE
Publication Details: 2011 Ninth Annual International Conference on Privacy, Security and Trust, pp.189-192
Publisher: IEEE
Identifiers: 9939404108331
Academic Unit: King Abdulaziz University
Language: English
Resource Type: Conference proceeding