Risk-Aware Role-Based Access Control

Chen, Liang; Crampton, Jason

doi:10.1007/978-3-642-29963-6_11

Cited by 64 publications

(48 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The works in risk-aware access control models focus on the concept of risk-awareness in the view of managing the trade-off between the risk of allowing an unauthorized access, and the cost of not permitting it [29]. While we draw the focus on adapting the model to have a fine-grained access control considering several risk attributes calculated by the risk management system.…”

Section: Related Workmentioning

confidence: 99%

A web-based cooperative tool for risk management with adaptive security

Fugini

Teimourikia

Hadjichristofi

2016

Future Generation Computer Systems

View full text Add to dashboard Cite

Risk management can benefit from Web-based tools fostering actions for treating risks in an environment, while having several individuals collaborating to face the endeavors related to risks. During the intervention, the security rules in place to preserve resources from unauthorized access, might need to be modified on the fly, e.g., increasing the privileges of risk managers or letting rescue teams view the exact position of the victims. Modifications should respect the overall security policies and avoid security conflicts. This paper presents a dynamic access control model for environmental risks involving physical resources. Data structures included in our Web application to represent both risk and security are given. To keep the dynamic security rules compliant with overall organization security objectives, we consider rules grouped in Access Control Domains so that changes do not create security conflicts during collaboration in risk management. Considering work environments as an example, risk and access control models are introduced. Security is built on the ABAC (Attribute Based Access Control) paradigm. A Risk Management System (RMS) is illustrated: it captures events, signals potential risks, and outputs strategies to prevent the risk. Dynamic authorization is included in the RMS to vary subjects' privileges on physical resources based on risk level, people position and so on. These concepts are implemented in a prototype Web application appearing as a Web Dashboard for risk management

show abstract

Section: Related Workmentioning

confidence: 99%

A web-based cooperative tool for risk management with adaptive security

Fugini

Teimourikia

Hadjichristofi

2016

Future Generation Computer Systems

View full text Add to dashboard Cite

show abstract

“…This predicate is used with role based access control in open systems to produce the authorization decisions. Recently, a similar cost based risk evaluation is proposed by extending the widely accepted role based access control [30] (M04). In [31] (M03), risk is treated as a finite resource which can be quantified as a liability for performing an action.…”

Section: Risk Based Authorization Modelsmentioning

confidence: 99%

Location-dependent disclosure risk based decision support framework for persistent authentication in pervasive computing applications

2015

View full text Add to dashboard Cite

“…The authors proposed an approach for the risk estimation under incomplete and imprecise data using fuzzy inferences. Similarly, Chen and Crampton propose a mitigation strategy [5] in the context of risk-based access control for RBAC models. The use of mitigations can provide the access control monitor with a wider range of possible decisions: denying a request, allowing it with some mitigations, or allowing it with no condition.…”

Section: Related Workmentioning

confidence: 99%

Risk-Based Auto-delegation for Probabilistic Availability

Krautsevich

Martinelli

Morisset

et al. 2012

Data Privacy Management and Autonomous Spontaneus Security

View full text Add to dashboard Cite

Abstract. Dynamic and evolving systems might require flexible access control mechanisms, in order to make sure that the unavailability of some users does not prevent the system to be functional, in particular for emergency-prone environments, such as healthcare, natural disaster response teams, or military systems. The auto-delegation mechanism, which combines the strengths of delegation systems and "break-theglass" policies, was recently introduced to handle such situations, by stating that the most qualified available user for a resource can access this resource. In this work we extend this mechanism by considering availability as a quantitative measure, such that each user is associated with a probability of availability. The decision to allow or deny an access is based on the utility of each outcome and on a risk strategy. We describe a generic framework allowing a system designer to define these different concepts. We also illustrate our framework with two specific use cases inspired from healthcare systems and resource management systems.

show abstract

Risk-Aware Role-Based Access Control

Cited by 64 publications

References 16 publications

A web-based cooperative tool for risk management with adaptive security

A web-based cooperative tool for risk management with adaptive security

Location-dependent disclosure risk based decision support framework for persistent authentication in pervasive computing applications

Risk-Based Auto-delegation for Probabilistic Availability

Contact Info

Product

Resources

About