Influence of Attribute Freshness on Decision Making in Usage Control

Krautsevich, Leanid; Lazouski, Aliaksandr; Martinelli, Fabio; Yautsiukhin, Artsiom

doi:10.1007/978-3-642-22444-7_3

Cited by 8 publications

(14 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An example of how the probability is computed can be found in the work of Krautsevich et. al., [19,18], though, in general, the way of acquiring the probability does not affect the following discussion.…”

Section: Uncertain Availabilitymentioning

confidence: 99%

“…Krautsevich et al, [19,18] model position and movement of a subject with a Markov chain (assuming that Markovian property holds 3 ). States (nodes) of the Markov chain represent possible spatial positions of the subject.…”

Section: Uncertain Availabilitymentioning

confidence: 99%

“…Krautsevich et al [20,19,18] applied risk analysis for usage control model. In [20] the authors considered the selection of the less risky data processor in service-oriented architecture.…”

Section: Related Workmentioning

confidence: 99%

“…The authors indicated how risk can change after granting the access to a data processor and how the data processor can reduce its risk level to provide better service. In [19,18] authors described the approaches for risk-aware usage decision making under uncertainties caused by freshness of the policy attributes. The approaches exploits discrete-time and continuous-time Markov chains.…”

Section: Related Workmentioning

confidence: 99%

“…In practice, the availability of a user can depend on many parameters, such as her localisation, her level of commitment for other projects, etc. Thus, availability can be only estimated with some uncertainty, due to the staleness or freshness of the security attributes, as identified in [18].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Risk-Based Auto-delegation for Probabilistic Availability

Krautsevich

Martinelli

Morisset

et al. 2012

Data Privacy Management and Autonomous Spontaneus Security

Self Cite

View full text Add to dashboard Cite

Abstract. Dynamic and evolving systems might require flexible access control mechanisms, in order to make sure that the unavailability of some users does not prevent the system to be functional, in particular for emergency-prone environments, such as healthcare, natural disaster response teams, or military systems. The auto-delegation mechanism, which combines the strengths of delegation systems and "break-theglass" policies, was recently introduced to handle such situations, by stating that the most qualified available user for a resource can access this resource. In this work we extend this mechanism by considering availability as a quantitative measure, such that each user is associated with a probability of availability. The decision to allow or deny an access is based on the utility of each outcome and on a risk strategy. We describe a generic framework allowing a system designer to define these different concepts. We also illustrate our framework with two specific use cases inspired from healthcare systems and resource management systems.

show abstract

Section: Uncertain Availabilitymentioning

confidence: 99%

Section: Uncertain Availabilitymentioning

confidence: 99%

“…Krautsevich et al [20,19,18] applied risk analysis for usage control model. In [20] the authors considered the selection of the less risky data processor in service-oriented architecture.…”

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Risk-Based Auto-delegation for Probabilistic Availability

Krautsevich

Martinelli

Morisset

et al. 2012

Data Privacy Management and Autonomous Spontaneus Security

Self Cite

View full text Add to dashboard Cite

show abstract

Location–Aware RBAC Based on Spatial Feature Models and Realistic Positioning

Marcus

Schauer

Linnhoff‐Popien

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Cost-effective enforcement of UCON<inf>A</inf> policies

Krautsevich

Lazouski

Martinelli

et al. 2011

2011 6th International Conference on Risks and Security of Internet and Systems (CRiSIS)

Self Cite

View full text Add to dashboard Cite

In Usage CONtrol (UCON) access decisions rely on mutable attributes. A reference monitor should re-evaluate security policies each time when attributes change their values. Catching timely all attribute changes is a challenging issue, especially if the attribute provider and the reference monitor reside in different security domains. Some attribute changes might be missed, corrupted, and delayed. As a result, the reference monitor may erroneously grant the access to malicious users and forbid it for eligible users. This paper proposes a set of policy enforcement models which help to tolerate uncertainties associated with mutable attributes. In our model the reference monitor as usually evaluates logical predicates over attributes and additionally makes some estimates on how much observed attribute values differ from the real state of the world. The final access decision counts both factors. We assign monetary outcomes for granting and revoking access to legitimate and malicious users and compare the proposed policy enforcement models in terms of cost-efficiency.

show abstract

Influence of Attribute Freshness on Decision Making in Usage Control

Cited by 8 publications

References 15 publications

Risk-Based Auto-delegation for Probabilistic Availability

Risk-Based Auto-delegation for Probabilistic Availability

Location–Aware RBAC Based on Spatial Feature Models and Realistic Positioning

Cost-effective enforcement of UCON<inf>A</inf> policies

Contact Info

Product

Resources

About