2011 Sixth International Conference on Availability, Reliability and Security 2011
DOI: 10.1109/ares.2011.11
|View full text |Cite
|
Sign up to set email alerts
|

An Approach to Access Control under Uncertainty

Abstract: Abstract-In dynamic and uncertain environments such as healthcare, where the needs of security and information availability are difficult to balance, an access control approach based on a static policy will be suboptimal regardless of how comprehensive it is. The uncertainty stems from the unpredictability of users' operational needs as well as their private incentives to misuse permissions. In Role Based Access Control (RBAC), a user's legitimate access request may be denied because its need has not been anti… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
8
0

Year Published

2011
2011
2022
2022

Publication Types

Select...
5
3
1

Relationship

1
8

Authors

Journals

citations
Cited by 21 publications
(8 citation statements)
references
References 18 publications
0
8
0
Order By: Relevance
“…To solve this problem, risk-based access control has been introduced [ 5 ]. Risk-based access control evaluates risk by considering the access request environment and situation [ 6 ], along with the security policies, and decides the access permissions according to a threshold, below which there is an acceptable level of risk [ 7 , 8 ]. This manner for deciding access permissions makes dynamic access control possible by reflecting the nature of the situation and by preventing unnecessary information access and leakage caused by the misuse and abuse of data by insiders [ 9 ].…”
Section: Introductionmentioning
confidence: 99%
“…To solve this problem, risk-based access control has been introduced [ 5 ]. Risk-based access control evaluates risk by considering the access request environment and situation [ 6 ], along with the security policies, and decides the access permissions according to a threshold, below which there is an acceptable level of risk [ 7 , 8 ]. This manner for deciding access permissions makes dynamic access control possible by reflecting the nature of the situation and by preventing unnecessary information access and leakage caused by the misuse and abuse of data by insiders [ 9 ].…”
Section: Introductionmentioning
confidence: 99%
“…Salim et. al [27] claim that this mechanism incentives the users to spend their budget cautiously, activating low cost (low risk) roles. However, this scheme may lead to several problems.…”
Section: Discussion and Related Workmentioning
confidence: 99%
“…In [27] costs of access are assigned to permissions depending on the risk of their operations, and each user is assigned a budget. Users are assigned to roles, but being assigned or not does not necessarily determine whether a user can activate a role.…”
Section: Discussion and Related Workmentioning
confidence: 99%
“…A number of studies suggested resilient access control paradigms to deal with indeterminant data access scenarios. These paradigms include (i) Break-The-Glass Access Control (ii) Optimistic Access Control, and (iii) Risk-Aware Access Control [12], [13]. Ferreira [14] proposed a model called Break-The-Glass (BTG) to allow policy overrides.…”
Section: Background and Related Workmentioning
confidence: 99%