Dynamic counter-measures for risk-based access control systems: An evolutive approach

Díaz-López, Daniel; Dólera-Tormo, Ginés; Mármol, Félix Gómez; Martinez-Perez, Gregorio

doi:10.1016/j.future.2014.10.012

Cited by 32 publications

(17 citation statements)

References 36 publications

(47 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…security measures to bring back risk to acceptable levels [23]. An evolution-based genetic algorithm is devised to help lower the risk incurred from the access request by manipulating the security metrics that the organization employs.…”

Section: S S Alaqeeli Et Almentioning

confidence: 99%

“…In the former, risk assessment investigated the ways to assess the riskiness of an access request before granting access to the resources [17]- [21]; namely, quantifying the risk. In the latter, efforts focused on approaches and strategies that bring down the risk that has already been assessed [23] [24] [25].…”

Section: Introductionmentioning

confidence: 99%

“…Obligations are usually a set of rules that the user is expected to behave according to, and can be monitored by the system to evaluate the user's actions towards the resource for future access requests. Alternatively, other studies focused on mitigating the risk by employing security methods such as increasing encryption measures or activating automatic alerts [23].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Privacy Preserving Risk Mitigation Approach for Healthcare Domain

Aqeeli¹,

Al-Rodhaan²,

Tian³

et al. 2018

ETSN

View full text Add to dashboard Cite

In the healthcare domain, protecting the electronic health record (EHR) is crucial for preserving the privacy of the patient. To help protect the sensitive data, access control mechanisms can be utilized to restrict access to only legitimate users. However, an issue arises when the authorized users abuse their access privileges and violate privacy preferences of the patients. While traditional access control schemes fall short of defending against the misbehavior of authorized users, risk-aware access control models can provide adaptable access to the system resources based on assessing the risk of an access request. When an access request is deemed risky, but within acceptable thresholds, risk mitigation strategies can be exploited to minimize the risk calculated. This paper proposes a risk-aware, privacy-preserving risk mitigation approach that can be utilized in the healthcare domain. The risk mitigation approach controls the patient's medical data that can be exposed to healthcare professionals, according to their trust level as well as the risk incurred of such data exposure, by developing a novel Risk Measure formula. The developed Risk Measure is proven to manage the risk effectively. Furthermore, Risk Mitigation Data Disclosure algorithms, RIMIDI 0 and RIMIDI 1 , which utilize the developed risk measures, are proposed. Experimental results show the feasibility and effectiveness of the proposed method in preserving the privacy preferences of the patient. Since the proposed approach exposes the patient's data that are relevant to the undergoing medical procedure while preserving the privacy preferences, positive outcomes can be realized, which will ultimately bring forth quality healthcare services.

show abstract

Section: S S Alaqeeli Et Almentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Privacy Preserving Risk Mitigation Approach for Healthcare Domain

Aqeeli¹,

Al-Rodhaan²,

Tian³

et al. 2018

ETSN

View full text Add to dashboard Cite

show abstract

“…Thus, this research has been the benchmark for this paper in designing the architecture of proposed authentication scheme. Afterwards, most of previous works bypass the need to protect privacy of user in developing risk based access control model [28], [31], [32].…”

Section: Risk-adaptable Access Control (Radac)mentioning

confidence: 99%

Towards Secure Risk-Adaptable Access Control in Cloud Computing

Abdullah

Bakar

2018

ijacsa

View full text Add to dashboard Cite

The emergence of pervasive cloud computing has supported the transition of physical data and machine into virtualization environment. However, security threat and privacy have been identified as a challenge to support the widespread adoption of cloud among user. Moreover, user awareness on the importance of cloud computing has increase the needs to safeguard the cloud by implementing access control that works on dynamic environment. Therefore, the emergence of Risk-Adaptable Access Control (RAdAC) as a flexible medium in handling exceptional access request is a great countermeasure to deal with security and privacy challenges. However, the rising problem in safeguarding users' privacy in RAdAC model has not been discussed in depth by other researcher. This paper explores the architecture of cloud computing and defines the existing solutions influencing the adoption of cloud among user. At the same time, the obscurity factor in protecting privacy of user is found within RAdAC framework. Similarly, the two-tier authentication scheme in RAdAC has been proposed in responding to security and privacy challenges as shown through informal security analysis.

show abstract

“…For [40] risks are closely associated with system vulnerabilities and vulnerabilities refer to any weaknesses that can be exploited. Reference [20] calculates the risk of a threat over an asset by multiplying the probability of occurrence of the threat over the asset by the relevance of the asset and dividing the result by the effectiveness of the security controls implemented. In [21] vulnerabilities are flaws or weaknesses in a system that could be exploited, exploits are ways known to take advantage of specific software vulnerabilities and threats have the potential to violate security.…”

Section: Cyber-security Issuesmentioning

confidence: 99%

An algorithm to find relationships between web vulnerabilities

Muñoz

Villalba

2016

J Supercomput

View full text Add to dashboard Cite

Over the past years, there has been a high increase in web sites using cloud computing. Like usual web site, those web applications can have most of the common web vulnerabilities, like SQL injection or cross-site scripting. Therefore, cloud computing has become more attractive to cyber criminals. Besides, in many cases it is necessary to comply with regulations like PCI DSS or standards like ISO/IEC 27001. To face those threats and requirements it is a common task to analyze web applications to detect and correct their vulnerabilities. The most used tools to analyze web applications are automatic scanners. But it is difficult to comparatively decide which scanner is best or at least is best suited to detect a particular vulnerability. To evaluate scanner capabilities some evaluation criteria have been defined. Often a web vulnerability classification is also used to evaluate scanners, but current web vulnerability classifications do not usually include all vulnerabilities. To face evaluation criteria which are not up-to-date and to have the fullest possible classification, in this paper a new method to map web vulnerability classifications is proposed. The result will be the vulnerabilities an automatic scanner has to detect. As classifications change over time, this new method could be executed when the existing classifications change or when new classifications are developed. The vulnerabilities described this way can B Luis Javier García Villalba javiergv@fdi.ucm.es

show abstract

Dynamic counter-measures for risk-based access control systems: An evolutive approach

Cited by 32 publications

References 36 publications

Privacy Preserving Risk Mitigation Approach for Healthcare Domain

Privacy Preserving Risk Mitigation Approach for Healthcare Domain

Towards Secure Risk-Adaptable Access Control in Cloud Computing

An algorithm to find relationships between web vulnerabilities

Contact Info

Product

Resources

About