Towards context-aware security: an authorization architecture for intranet environments

Wullems, Christian; Looi, Mark; Clark, Andrew E.

doi:10.1109/percomw.2004.1276919

Cited by 21 publications

(12 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A generic context-aware RBAC model and a policy specification language for defining contextaware RBAC security polices were proposed in [7], [10]. Similar to the RBAC model in [7], context-aware RBAC approaches were implemented in [1], [11] that can detect changes in context and adjust access control according to the changes. An RBAC approach for enforcing a security policy to security controls or devices that lack in functionalities to be aware of context was proposed in [12] by leveraging the policy decision and enforcement points.…”

Section: Related Workmentioning

confidence: 99%

From Reactionary to Proactive Security: Context-Aware Security Policy Management and Optimization under Uncertainty

Chaisiri

2016

2016 IEEE Trustcom/BigDataSE/Ispa

View full text Add to dashboard Cite

Abstract-At the core of its nature, security is a highly contextual and dynamic challenge. However, current security policy approaches are usually static, and slow to adapt to ever-changing requirements, let alone catching up with reality. In a 2012 Sophos survey, it was stated that a unique malware is created every half a second. This gives a glimpse of the unsustainable nature of a global problem; any improvement in terms of closing the "time window to adapt" would be a significant step forward. To exacerbate the situation, a simple change in threat and attack vector or even an implementation of the so-called "bring-your-owndevice" paradigm will greatly change the frequency of changed security requirements and necessary solutions required for each new context. Current security policies also typically overlook the direct and indirect costs of implementation of policies. As a result, technical teams often fail to have the ability to justify the budget to the management, from a business risk viewpoint. This paper considers both the adaptive and cost-benefit aspects of security, and introduces a novel context-aware technique for designing and implementing adaptive, optimized security policies. Our approach leverages the capabilities of stochastic programming models to optimize security policy planning, and our preliminary results demonstrate a promising step towards proactive, contextaware security policies.

show abstract

Section: Related Workmentioning

confidence: 99%

From Reactionary to Proactive Security: Context-Aware Security Policy Management and Optimization under Uncertainty

Chaisiri

2016

2016 IEEE Trustcom/BigDataSE/Ispa

View full text Add to dashboard Cite

show abstract

“…However, some research has pursued another directionenhancing existing security infrastructures with concepts of context-awareness [30]. A common approach here is extending an existing role-based access control with a dynamic layer, which reassigns roles upon context changes [22], or enabling the access control system with the ability to handle context directly [17].…”

Section: Related Workmentioning

confidence: 99%

Context-aware device self-configuration using self-organizing maps

Batyuk

Scheel

Camtepe

et al. 2011

Proceedings of the 2011 Workshop on Organic Computing

View full text Add to dashboard Cite

Modern mobile computing devices are versatile, but bring the burden of constant settings adjustment according to the current conditions of the environment. While until today, this task has to be accomplished by the human user, the variety of sensors usually deployed in such a handset provides enough data for autonomous self-configuration by a learning, adaptive system. However, this data is not fully available at certain points in time, or can contain false values. Handling potentially incomplete sensor data to detect context changes without a semantic layer represents a scientific challenge which we address with our approach. A novel machine learning technique is presented -the Missing-Values-SOM -which solves this problem by predicting setting adjustments based on context information. Our method is centered around a self-organizing map, extending it to provide a means of handling missing values. We demonstrate the performance of our approach on mobile context snapshots, as well as on classical machine learning datasets.

show abstract

“…While Covington extends the general RBAC model to create context-awareness mainly on the permissions to roles assignment, Wullems [12] defines context-awareness on the users to roles assignment and authentication of users to the system. This approach is designed to augment existing security protocols and therefore he focuses on the implementation of the architecture.…”

Section: Related Workmentioning

confidence: 99%

Rights Management for Role-Based Access Control

Bouwman

Mauw

Petković

2008

2008 5th IEEE Consumer Communications and Networking Conference

View full text Add to dashboard Cite

Abstract-Healthcare requires a new approach with respect to the secure management of information. For this purpose we extend the Role Based Access Control model with context awareness, exceptions and delegation. By combining this extended model with common notions from the field of Enterprise/Digital Rights Management we obtain a framework for controlling shared information in a distributed environment.

show abstract

Towards context-aware security: an authorization architecture for intranet environments

Abstract: Abstract

Cited by 21 publications

References 7 publications

From Reactionary to Proactive Security: Context-Aware Security Policy Management and Optimization under Uncertainty

From Reactionary to Proactive Security: Context-Aware Security Policy Management and Optimization under Uncertainty

Context-aware device self-configuration using self-organizing maps

Rights Management for Role-Based Access Control

Contact Info

Product

Resources

About