A trust-and-risk aware RBAC framework

Baracaldo, Nathalie; Joshi, James

doi:10.1145/2295136.2295168

Cited by 38 publications

(18 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Crampton & Huth [31] discuss the limitation of detecting insiders using access control techniques, they emphasised the insufficiency of relying only on static access and predefined access rules, and they show the press need for considering the context in the access rules. Also we recommend investigating dynamic access control approaches such as Attribute-Base Access Control (ABAC), Risk based adaptive access control [32], and Trust based access control [33]. However, these approaches need be adopted for cloud environments.…”

Section: Future Research Directionsmentioning

confidence: 99%

A Multidimension Taxonomy of Insider Threats in Cloud Computing

Alhanahnah

Jhumka

Alouneh

2016

The Computer Journal

View full text Add to dashboard Cite

Security is considered a significant deficiency in cloud computing, and insider threats problem exacerbate security concerns in the cloud. In addition to that, cloud computing is very complex by itself, because it encompasses numerous technologies and concepts. Apparently, overcoming these challenges requires substantial efforts from information security researchers to develop powerful mitigation solutions for this emerging problem.This entails developing a taxonomy of insider threats in cloud environments encompassing all potential abnormal activities in the cloud, and can be useful for conducting security assessment. This paper describes the first phase of an ongoing research to develop a framework for mitigating insider threats in cloud computing environments. Primarily, it presents a multidimensional taxonomy of insider threats in cloud computing, and demonstrates its viability. The taxonomy provides a fundamental understanding for this complicated problem by identifying five dimensions, it also supports security engineers in identifying hidden paths, thus determining proper countermeasures, and presents a guidance covers all bounders of insiders threats issue in clouds, hence it facilitates researchers' endeavours in tackling this problem. For instance, according to the hierarchical taxonomy, clearly many significant issues exist in public cloud, while conventional insider mitigation solutions can be used in private clouds. Finally, the taxonomy assists in identifying future research directions in this emerging area.

show abstract

Section: Future Research Directionsmentioning

confidence: 99%

A Multidimension Taxonomy of Insider Threats in Cloud Computing

Alhanahnah

Jhumka

Alouneh

2016

The Computer Journal

View full text Add to dashboard Cite

show abstract

“…The model we propose is not only focused on information sharing and covers more aspects of risk management. Baracaldo and Joshi [16] extend the role-based access control model with risk and trust management in order to prevent insider threats that are caused by internal, legitimate users. They evaluate all the risk parameters statically, while in our model risk is estimated dynamically in real-time at request time.…”

Section: Related Workmentioning

confidence: 99%

Formal Modeling and Verification of Opportunity-enabled Risk Management

Aldini

Seigneur

Lafuente

et al. 2015

2015 IEEE Trustcom/BigDataSE/Ispa

View full text Add to dashboard Cite

Abstract-With the advent of the Bring-Your-Own-Device (BYOD) trend, mobile work is achieving a widespread diffusion that challenges the traditional view of security standard and risk management. A recently proposed model, called opportunity-enabled risk management (OPPRIM), aims at balancing the analysis of the major threats that arise in the BYOD setting with the analysis of the potential increased opportunities emerging in such an environment, by combining mechanisms of risk estimation with trust and threat metrics. Firstly, this paper provides a logic-based formalization of the policy and metric specification paradigm of OPPRIM. Secondly, we verify the OPPRIM model with respect to the socio-economic perspective. More precisely, this is validated formally by employing toolsupported quantitative model checking techniques.

show abstract

“…Recently, researchers have proposed the notion of risk-adaptable access control models [9,14,13] and trust-based access control models [7,4,23] to facilitate dynamic adaptation of access control policies based on operational needs and situational awareness. A recent work [1] combines these two philosophies into one comprehensive model. However, none of these works address the problem of delegation in mobile cloud systems.…”

Section: Related Workmentioning

confidence: 99%

A Model for Trust-Based Access Control and Delegation in Mobile Clouds

Ray

Mulamba

Han

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Multi-tenancy, elasticity and dynamicity pose several novel challenges for access control in mobile smartphone clouds such as the Android TM cloud. Accessing subjects may dynamically change, resources requiring protection may be created or modified, and a subject's access requirements to resources may change during the course of the application execution. Cloud tenants may need to acquire permissions from different administrative domains based on the services they require. Moreover, all the entities participating in a cloud may not be trusted to the same degree. Traditional access control models are not adequate for mobile clouds. In this work, we propose a new access control framework for mobile smartphone clouds. We formalize a trust-based access control model with delegation for providing fine-grained access control. Our model incorporates the notion of trust in the Role-Based Access Control (RBAC) model and also formalizes the concept of trustworthy delegation.

show abstract

A trust-and-risk aware RBAC framework

Cited by 38 publications

References 28 publications

A Multidimension Taxonomy of Insider Threats in Cloud Computing

A Multidimension Taxonomy of Insider Threats in Cloud Computing

Formal Modeling and Verification of Opportunity-enabled Risk Management

A Model for Trust-Based Access Control and Delegation in Mobile Clouds

Contact Info

Product

Resources

About