Non-zero-sum cooperative access control game model with user trust and permission risk

Helil, Nurmamat; Halik, Azhar; Rahman, Kaysar

doi:10.1016/j.amc.2017.03.006

Cited by 11 publications

(10 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Researchers [25,26] combined user trust with the risk to conduct an access control study. Trust is user-related, risk is permission-related, and these two are intrinsically correlated because the users and permissions are main and indispensable elements in the access control system [10]. Trust and risk are effectively combined together in our paper and risk appears in the game model in an implicit way.…”

Section: Related Workmentioning

confidence: 98%

“…However, static and predefined access control policies cannot measure user's access behavior precisely, especially because users at different levels of trust can bring about benefits or losses in different amounts [9]. Therefore, a service provider demands a reasonable and accurate access control mechanism in which the interactions between information sharing and protection bring about a socially positive result for both the service provider and its users [10]. In 1996, Blaze M [11] proposed the concept of trust management and introduced a trust mechanism into security research for the first time, thus providing a new way of solving security problems.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Game Analysis of Access Control Based on User Behavior Trust

2019

View full text Add to dashboard Cite

Due to the dynamics and uncertainty of the current network environment, access control is one of the most important factors in guaranteeing network information security. How to construct a scientific and accurate access control model is a current research focus. In actual access control mechanisms, users with high trust values bring better benefits, but the losses will also be greater once cheating access is adopted. A general access control game model that can reflect both trust and risk is established in this paper. First, we construct an access control game model with user behavior trust between the user and the service provider, in which the benefits and losses are quantified by using adaptive regulatory factors and the user’s trust level, which enhances the rationality of the policy making. Meanwhile, we present two kinds of solutions for the prisoner’s dilemma in the traditional access control game model without user behavior trust. Then, due to the vulnerability of trust, the user’s trust value is updated according to the interaction situation in the previous stage, which ensures that the updating of the user’s trust value can satisfy the “slow rising-fast falling” principle. Theoretical analysis and the simulation experiment both show that this model has a better performance than a traditional game model and can guarantee scientific decision-making in the access control mechanism.

show abstract

Section: Related Workmentioning

confidence: 98%

Section: Introductionmentioning

confidence: 99%

Game Analysis of Access Control Based on User Behavior Trust

2019

View full text Add to dashboard Cite

show abstract

“…Game theory allows a system to weigh risks and benefits of granting access to a user, and has been used to set thresholds for trust levels [7], [20]. He et al uses game theory to analyze access control in a cloud environments where players include users and cloud service providers [20].…”

Section: Related Workmentioning

confidence: 99%

“…One possible solution to address this issue is to use game theory [7]. However, integrating game theory and maintaining trust in a federated system adds to complexity of the system and incurs extra cost.…”

Section: Introductionmentioning

confidence: 99%

MATS: A Multi-aspect and Adaptive Trust-based Situation-aware Access Control Framework for Federated Data-as-a-Service Systems

Kim

Alodadi

Chen

et al. 2022

2022 IEEE International Conference on Services Computing (SCC)

View full text Add to dashboard Cite

Federated Data-as-a-Service systems are helpful in applications that require dynamic coordination of multiple organizations, such as maritime search and rescue, disaster relief, or contact tracing of an infectious disease. In such systems it is often the case that users cannot be wholly trusted, and access control conditions need to take the level of trust into account. Most existing work on trust-based access control in web services focuses on a single aspect of trust, like user credentials, but trust often has multiple aspects such as users' behavior and their organization. In addition, most existing solutions use a fixed threshold to determine whether a user's trust is sufficient, ignoring the dynamic situation where the trade-off between benefits and risks of granting access should be considered. We have developed a Multi-aspect and Adaptive Trust-based Situation-aware Access Control Framework we call "MATS" for federated data sharing systems. Our framework is built using Semantic Web technologies and uses game theory to adjust a system's access decisions based on dynamic situations. We use query rewriting to implement this framework and optimize the system's performance by carefully balancing efficiency and simplicity. In this paper we present this framework in detail, including experimental results that validate the feasibility of our approach.

show abstract

“…Chunyong et al [7] studied the hybrid recommendation algorithm for large data based on optimization and constructed some trust models, and the results showed that the error was reduced compared with the traditional method. Considering the practical existence and involvement of permission risk, Helil et al [12] constructed a non-zero-sum game model that chose trust, risk, and cost as metrics in the payoff functions of player and analyzed the Pareto efficient strategy from the application system and the user. Based on game theory, Furuncu and Sogukpinar [13] proposed an extensible security risk assessment model in cloud environment, which can assess whether the risk should be determined by the cloud provider or tenant.…”

Section: Related Workmentioning

confidence: 99%

A Trust-Game-Based Access Control Model for Cloud Service

Jun

2020

Mobile Information Systems

View full text Add to dashboard Cite

In order to promote mutual trust and win-win cooperation between the users and the providers, we propose a trust-game-based access control model for cloud service in the paper. First, we construct a trust evaluation model based on multiple factors, such as the direct trust, feedback trust, reward punishment, and trust risk and further propose a weight method by maximum discrete degree and information entropy theory; second, we combine trust evaluation with the payoff matrix for game analysis and calculate the mixed Nash equilibrium strategy for the users and service providers; third, we give the game control condition based on trust level prediction and payment matrix to encourage participants to make honest strategy. Experimental results show that our research has good effect in terms of acceptance probability, deception probability, accuracy of trust evaluation, and cooperation rate in the cloud service.

show abstract

Non-zero-sum cooperative access control game model with user trust and permission risk

Cited by 11 publications

References 16 publications

Game Analysis of Access Control Based on User Behavior Trust

Game Analysis of Access Control Based on User Behavior Trust

MATS: A Multi-aspect and Adaptive Trust-based Situation-aware Access Control Framework for Federated Data-as-a-Service Systems

A Trust-Game-Based Access Control Model for Cloud Service

Contact Info

Product

Resources

About