Risk-Based Access Control Model: A Systematic Literature Review

Atlam, Hany F.; Azad, Muhammad Ajmal; Alassafi, Madini O.; Alshdadi, Abdulrahman A.; Alenezi, Ahmed

doi:10.3390/fi12060103

Cited by 30 publications

(10 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, privileges are often used with slightly differing semantics (Center, Computer Security Resource, 2022), which may lead to misconceptions. Atlam et al (2020) even explicitly distinguish between action and privilege. While actions represent the types of activities subjects can perform on objects, the privileges are the permissions granted to a subject to be able to perform particular activities on certain objects.…”

Section: Authorizationmentioning

confidence: 99%

“…Several methods for estimating access risks are proposed by various works including machine learning (Molloy et al , 2012), probability theory (Rajbhandari and Snekkenes, 2010) and fuzzy logic (Cheng et al , 2007 and Ni et al , 2010). The work of Atlam et al (2020) provides a survey of the state-of-the-art risk-based access control model along with the existing risk estimation techniques (Section 5).…”

Section: Access Control Modelsmentioning

confidence: 99%

“…Risk-based access control model: a systematic literature review ( Atlam et al ., 2020 ) . A systematic review of the risk-based access control model is provided.…”

Section: Comparative Studiesmentioning

confidence: 99%

See 2 more Smart Citations

A systematic literature review for authorization and access control: definitions, strategies and models

Mohamed

Auer

Hofer

et al. 2022

IJWIS

View full text Add to dashboard Cite

Purpose Authorization and access control have been a topic of research for several decades. However, existing definitions are inconsistent and even contradicting each other. Furthermore, there are numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and decide for an appropriate one satisfying security needs. Therefore, this study aims to guide through the plenty of access control models in the current state of the art besides this opaque accumulation of terms meaning and how they are related. Design/methodology/approach This study follows the systematic literature review approach to investigate current research regarding access control models and illustrate the findings of the conducted review. To provide a detailed understanding of the topic, this study identified the need for an additional study on the terms related to the domain of authorization and access control. Findings The authors’ research results in this paper are the distinction between authorization and access control with respect to definition, strategies, and models in addition to the classification schema. This study provides a comprehensive overview of existing models and an analysis according to the proposed five classes of access control models. Originality/value Based on the authors’ definitions of authorization and access control along with their related terms, i.e. authorization strategy, model and policy as well as access control model and mechanism, this study gives an overview of authorization strategies and propose a classification of access control models providing examples for each category. In contrast to other comparative studies, this study discusses more access control models, including the conventional state-of-the-art models and novel ones. This study also summarizes each of the literature works after selecting the relevant ones focusing on the database system domain or providing a survey, a classification or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology.

show abstract

Section: Authorizationmentioning

confidence: 99%

Section: Access Control Modelsmentioning

confidence: 99%

See 1 more Smart Citation

A systematic literature review for authorization and access control: definitions, strategies and models

Mohamed

Auer

Hofer

et al. 2022

IJWIS

View full text Add to dashboard Cite

show abstract

“…The authors in [15] consider elements such as the status of the aircraft systems, climate conditions, the payload condition, and knowledge of the operator on both the platform capabilities and dynamic aspects involved (level 1). The importance of data processing is highlighted in [16] [17] and it may come from different sources and emphasize a proper decision-making process to manage successfully crises situations (level 2). The authors in (1) state that operators' SA depends on data availability and their understanding based on the context in order to design actions in the future for a semi-autonomous mode (level 3).…”

Section: Related Workmentioning

confidence: 99%

Unmanned Aerial Vehicles Flight Safety Improvement Using In-Flight fd

Mattei¹,

Orbital²,

Toledo³

et al. 2021

IIM

View full text Add to dashboard Cite

This paper presents a novel onboard system called In-Flight Awareness Augmentation System (IFA 2 S) to improve flight safety. IFA 2 S is designed to semi-automatically (with human supervision) avoid hazards and accidents due to either internal or external causal factors. The requirements were defined in an innovative way using Systems-Theoretic Process Analysis (STPA) method and applied next to model the system. IFA 2 S increases aircraft awareness regarding both itself and its environment and, at the same time, recognizes platform and operational constraints to act in accordance to predefined decision algorithms. Results are presented through simulations and flight tests using state machines designed to allow the adoption of appropriate actions for the identified hazards. The different decision algorithms are evaluated over as many as possible hazard situations by simulations conducted with software Labview and XPlane flight simulator. Flight tests are performed in a small fixed wing aircraft and make use of a limited version IFA 2 S, partially attending identified requirements. Results support the conclusion that IFA 2 S is capable of improving flight safety.

show abstract

“…An interesting access control scheme is the so-called risk-based access control model which estimates the security risk value related to the access request in order to dynamically determine the access decision. Authors in [48] perform a review of risk-based access control works.…”

Section: ) Risk-based Access Controlmentioning

confidence: 99%

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

et al. 2021

View full text Add to dashboard Cite

In this paper, we introduce a new methodology for network access control for Android devices based on app risk assessment. Named ARANAC (which stands for Application Risk Assessment based Network Access Control), this methodology is specially tailored for scenarios using the Bring-Your-Own-Device (BYOD) policy, where the adoption of some solutions can lead to problems in security and privacy for both the employees and the business organization. ARANAC mainly relies on the analysis of an aggregate of permissions declared in the manifests of installed applications on users' devices. The access control scheme combines three operational modules: i) a device monitoring tool, ii) a novel permission-based risk model, and iii) an anomaly-based detection machine learning module based on a methodology (called MSNM, from Multivariate Statistical Network Monitoring) that provides both detection and diagnostic capabilities. ARANAC's novelty is in the combination of four features. Firstly, it is privacy-aware, and thus, it does not require detailed information about installed applications but only an aggregate of permissions. Secondly, it builds a normality model by combining expert knowledge with data, capturing the behavior of a complete population of mobile devices. Thirdly, it is dynamic, as permissions are updated in real time, allowing the network to re-assess access control on a continuous basis. Finally, its diagnostic capabilities allow for giving recommendations to final users so that they are capable of mitigating their risks when accessing networks. We evaluated the approach with more than 80 Android devices at a university campus network and obtained interesting results regarding security risks in the usual deployment of device apps.INDEX TERMS Android permissions, bring-your-own-device, mobile security, network access control, risk assessment.

show abstract

Risk-Based Access Control Model: A Systematic Literature Review

Cited by 30 publications

References 48 publications

A systematic literature review for authorization and access control: definitions, strategies and models

A systematic literature review for authorization and access control: definitions, strategies and models

Unmanned Aerial Vehicles Flight Safety Improvement Using In-Flight fd

ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices

Contact Info

Product

Resources

About