An Approach to Access Control under Uncertainty

Salim, Farzad; Reid, Jason; Dawson, Ed; Dulleck, Uwe

doi:10.1109/ares.2011.11

Cited by 20 publications

(8 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To solve this problem, risk-based access control has been introduced [ 5 ]. Risk-based access control evaluates risk by considering the access request environment and situation [ 6 ], along with the security policies, and decides the access permissions according to a threshold, below which there is an acceptable level of risk [ 7 , 8 ]. This manner for deciding access permissions makes dynamic access control possible by reflecting the nature of the situation and by preventing unnecessary information access and leakage caused by the misuse and abuse of data by insiders [ 9 ].…”

Section: Introductionmentioning

confidence: 99%

A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

Choi

Kim

Park

2015

Computational and Mathematical Methods in Medicine

View full text Add to dashboard Cite

Since the access control environment has changed and the threat of insider information leakage has come to the fore, studies on risk-based access control models that decide access permissions dynamically have been conducted vigorously. Medical information systems should protect sensitive data such as medical information from insider threat and enable dynamic access control depending on the context such as life-threatening emergencies. In this paper, we suggest an approach and framework for context sensitive risk-based access control suitable for medical information systems. This approach categorizes context information, estimating and applying risk through context- and treatment-based permission profiling and specifications by expanding the eXtensible Access Control Markup Language (XACML) to apply risk. The proposed framework supports quick responses to medical situations and prevents unnecessary insider data access through dynamic access authorization decisions in accordance with the severity of the context and treatment.

show abstract

Section: Introductionmentioning

confidence: 99%

A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

Choi

Kim

Park

2015

Computational and Mathematical Methods in Medicine

View full text Add to dashboard Cite

show abstract

“…Salim et. al [27] claim that this mechanism incentives the users to spend their budget cautiously, activating low cost (low risk) roles. However, this scheme may lead to several problems.…”

Section: Discussion and Related Workmentioning

confidence: 99%

“…In [27] costs of access are assigned to permissions depending on the risk of their operations, and each user is assigned a budget. Users are assigned to roles, but being assigned or not does not necessarily determine whether a user can activate a role.…”

Section: Discussion and Related Workmentioning

confidence: 99%

A trust-and-risk aware RBAC framework

Baracaldo

Joshi

2012

Proceedings of the 17th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

Insider Attacks are one of the most dangerous threats organizations face today. An insider attack occurs when a person authorized to perform certain actions in an organization decides to abuse the trust, and harm the organization. These attacks may negatively impact the reputation of the organization, its productivity, and may produce losses in revenue and clients. Avoiding insider attacks is a daunting task. While it is necessary to provide privileges to employees so they can perform their jobs efficiently, providing too many privileges may backfire when users accidentally or intentionally abuse their privileges. Hence, finding a middle ground, where the necessary privileges are provided and malicious usage are avoided, is necessary. In this paper, we propose a framework that extends the role-based access control (RBAC) model by incorporating a risk assessment process, and the trust the system has on its users. Our framework adapts to suspicious changes in users' behavior by removing privileges when users' trust falls below a certain threshold. This threshold is computed based on a risk assessment process that includes the risk due to inference of unauthorized information. We use a Coloured-Petri net to detect inferences. We also redefine the existing role activation problem, and propose an algorithm that reduces the risk exposure. We present experimental evaluation to validate our work.

show abstract

“…A number of studies suggested resilient access control paradigms to deal with indeterminant data access scenarios. These paradigms include (i) Break-The-Glass Access Control (ii) Optimistic Access Control, and (iii) Risk-Aware Access Control [12], [13]. Ferreira [14] proposed a model called Break-The-Glass (BTG) to allow policy overrides.…”

Section: Background and Related Workmentioning

confidence: 99%

Uncertainty-Aware Authentication Model for Fog Computing in IoT

Heydari

Mylonas

Katos

et al. 2019

2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC)

View full text Add to dashboard Cite

Since the term "Fog Computing" has been coined by Cisco Systems in 2012, security and privacy issues of this promising paradigm are still open challenges. Among various security challenges, Access Control is a crucial concern for all cloud computing-like systems (e.g. Fog computing, Mobile edge computing) in the IoT era. Therefore, assigning the precise level of access in such an inherently scalable, heterogeneous and dynamic environment is not easy to perform. This work defines the uncertainty challenge for authentication phase of the access control in fog computing because on one hand fog has a number of characteristics that amplify uncertainty in authentication and on the other hand applying traditional access control models does not result in a flexible and resilient solution. Therefore, we have proposed a novel prediction model based on the extension of Attribute Based Access Control (ABAC) model. Our data-driven model is able to handle uncertainty in authentication. It is also able to consider the mobility of mobile edge devices in order to handle authentication. In doing so, we have built our model using and comparing four supervised classification algorithms namely as Decision Tree, Naïve Bayes, Logistic Regression and Support Vector Machine. Our model can achieve authentication performance with 88.14% accuracy using Logistic Regression.

show abstract

An Approach to Access Control under Uncertainty

Cited by 20 publications

References 18 publications

A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

A trust-and-risk aware RBAC framework

Uncertainty-Aware Authentication Model for Fog Computing in IoT

Contact Info

Product

Resources

About