Trust and Risk-Based Access Control for Privacy Preserving Threat Detection Systems

Metoui, Nadia; Bezzi, Michele; Armando, Alessandro

doi:10.1007/978-3-319-48057-2_20

Cited by 6 publications

(4 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Metoui et al [49] and Metoui et al [52] The paper [49] proposed a risk-aware framework that combines the privacy risk with the user trust to identify threats related to each access request. The access decision is determined by comparing the privacy-risk with the user trust in which if the user trust is higher than the privacy risk, the access will be granted.…”

Section: Dos Santos Et Al [1] and Dos Santos Et Al [22]mentioning

confidence: 99%

Risk-Based Access Control Model: A Systematic Literature Review

et al. 2020

View full text Add to dashboard Cite

Most current access control models are rigid, as they are designed using static policies that always give the same outcome in different circumstances. In addition, they cannot adapt to environmental changes and unpredicted situations. With dynamic systems such as the Internet of Things (IoT) with billions of things that are distributed everywhere, these access control models are obsolete. Hence, dynamic access control models are required. These models utilize not only access policies but also contextual and real-time information to determine the access decision. One of these dynamic models is the risk-based access control model. This model estimates the security risk value related to the access request dynamically to determine the access decision. Recently, the risk-based access control model has attracted the attention of several organizations and researchers to provide more flexibility in accessing system resources. Therefore, this paper provides a systematic review and examination of the state-of-the-art of the risk-based access control model to provide a detailed understanding of the topic. Based on the selected search strategy, 44 articles (of 1044 articles) were chosen for a closer examination. Out of these articles, the contributions of the selected articles were summarized. In addition, the risk factors used to build the risk-based access control model were extracted and analyzed. Besides, the risk estimation techniques used to evaluate the risks of access control operations were identified.

show abstract

Section: Dos Santos Et Al [1] and Dos Santos Et Al [22]mentioning

confidence: 99%

Risk-Based Access Control Model: A Systematic Literature Review

et al. 2020

View full text Add to dashboard Cite

show abstract

“…The problem of this approach is that it requires an additional resource the cryptographic coprocessor and that the processing entity is a trusted user. In [9] the authors propose a trust-and risk-aware access control framework for Threat Detection Systems, where each access request is evaluated by comparing the privacy-risk and the trustworthiness of the request. In [10], many techniques are investigated, including secure multiparty computation, and homomorphic encryption as possible solution for the privacy aware image processing in a cloud environment.…”

Section: Related Workmentioning

confidence: 99%

Privacy Preserving Intrusion Detection Via Homomorphic Encryption

Sgaglione

Coppolino

D’Antonio

et al. 2019

2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)

View full text Add to dashboard Cite

In the recent years, we are assisting to an undiminished, and unlikely to stop number of cyber threats, that have increased the organizations/companies interest about security concerns. Further, the rising costs of an efficient IT security staff and environment is posing a significant challenge. These have created a new fast growing trend named Managed Security Services (MSS). Often customers turn to MSS providers to alleviate the pressures they face daily related to information security. One of the most critical aspect, related to the outsourcing of security issues, is privacy. Security monitoring and in general security services require access to as much data as possible, in order to provide an effective and reliable service. It is the well known conflict between privacy and security, a particularly evident problem in security monitoring solutions. This paper analyzes a scenario of MSS in order to provide a privacy preserving solution that allows the security monitoring without violating the privacy requirements. The basic idea relies on the usage of the Homomorphic Encryption technology. Encrypting data using homomorphic schemes, cloud computing and MSS providers can perform different computations on encrypted data without ever having access to their decryption. This solution keeps data confidential and secured, not only during exchange and storage, but also during processing. We provide an ad-hoc Intrusion Detection System architecture for privacy preserving security monitoring, considering as counter threats Code Injection attacks on homomorphically encrypted fields.

show abstract

“…The implementation of an access control model can be manipulated in a variety of ways, ranging from an unforeseen situation involving poorly designed access policies to malicious entities gaining access to a group of existing accounts. As a result, traditional access control models, which are based on static and predefined policies, cannot manage unanticipated scenarios and situations [1]. As a result, they are incompatible with a dynamic and distributed system like the IoT.…”

Section: Introductionmentioning

confidence: 99%

Efficient NFS Model for Risk Estimation in a Risk-Based Access Control Model

Atlam

Azad

Fadhel

2022

Sensors

View full text Add to dashboard Cite

Providing a dynamic access control model that uses real-time features to make access decisions for IoT applications is one of the research gaps that many researchers are trying to tackle. This is because existing access control models are built using static and predefined policies that always give the same result in different situations and cannot adapt to changing and unpredicted situations. One of the dynamic models that utilize real-time and contextual features to make access decisions is the risk-based access control model. This model performs a risk analysis on each access request to permit or deny access dynamically based on the estimated risk value. However, the major issue associated with building this model is providing a dynamic, reliable, and accurate risk estimation technique, especially when there is no available dataset to describe risk likelihood and impact. Therefore, this paper proposes a Neuro-Fuzzy System (NFS) model to estimate the security risk value associated with each access request. The proposed NFS model was trained using three learning algorithms: Levenberg–Marquardt (LM), Conjugate Gradient with Fletcher–Reeves (CGF), and Scaled Conjugate Gradient (SCG). The results demonstrated that the LM algorithm is the optimal learning algorithm to implement the NFS model for risk estimation. The results also demonstrated that the proposed NFS model provides a short and efficient processing time, which can provide timeliness risk estimation technique for various IoT applications. The proposed NFS model was evaluated against access control scenarios of a children’s hospital, and the results demonstrated that the proposed model can be applied to provide dynamic and contextual-aware access decisions based on real-time features.

show abstract

Trust and Risk-Based Access Control for Privacy Preserving Threat Detection Systems

Cited by 6 publications

References 18 publications

Risk-Based Access Control Model: A Systematic Literature Review

Risk-Based Access Control Model: A Systematic Literature Review

Privacy Preserving Intrusion Detection Via Homomorphic Encryption

Efficient NFS Model for Risk Estimation in a Risk-Based Access Control Model

Contact Info

Product

Resources

About