Risk analysis in access control systems

Risk analysis in access control systems

Commonly known access control systems respond to users' requests to perform actions on protected objects by giving binary answers such as permit or deny. The decisions are taken on the basis of access control policies, where the risk of allowing access is not necessarily taken into explicit con...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Ma, J, Adi, K, Mejri, M, Logrippo, L
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Access control
Cognition
Context
Decision making
RBAC
RBACR
risk analysis
Risk management
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Commonly known access control systems respond to users' requests to perform actions on protected objects by giving binary answers such as permit or deny. The decisions are taken on the basis of access control policies, where the risk of allowing access is not necessarily taken into explicit consideration. In this paper, we introduce RBAC R model (Role Based Access Control Model with Risk), in which each access control decision is taken after consideration of risk assessment. The proposed risk assessment method considers partial orderings on objects and actions to capture the notions of importance of objects and criticality of actions, and determines the risk of assigning a specific role to a specific user. The case of role delegation is also considered.
DOI:10.1109/PST.2010.5593248