Risk-Based Auto-delegation for Probabilistic Availability

Abstract: Abstract. Dynamic and evolving systems might require flexible access control mechanisms, in order to make sure that the unavailability of some users does not prevent the system to be functional, in particular for emergency-prone environments, such as healthcare, natural disaster response teams, or military systems. The auto-delegation mechanism, which combines the strengths of delegation systems and "break-theglass" policies, was recently introduced to handle such situations, by stating that the most qualified… Show more

“…Usually, such policy defines a decision about the access for a subject independently from the other subjects [2]. For instance, in a health-care system, a nurse cannot access a medical record regardless of the fact that a physician can or cannot access this medical record.…”

“…Although this independence property makes sense in the general case, in some situations, subjects who have access to a critical object may be unavailable. In such situations the object cannot be accessed by anyone and this limitation of the access control system leads to a potentially life-threatening situation [2]. An example could be a patient record required for curing a person who is having an heart attack or essential military intelligence report when it is unknown if the responsible officer is alive or not.…”

“…To overcome the limitation of [1] further the work is extended in [2] they assumed a level of uncertainty for availability of users to be a quantitative value (probability of availability), and proposed a quantitative approach to the problem of autodelegation. Whether an access should be granted to a user is decided according to the probability that a more qualified user is available.…”

“…patient medical record) while the availability of more qualified subject is uncertain. Uncertainty is usually expressed with probability [2]. Probability that a person is available could be simply assigned by an analyst, could be derived out of statistics, could be computed, etc.…”

“…But the system in which the set of available, authorized subjects fluctuates unpredictably over time requires delegation mechanisms that can respond automatically in the unavailability of appropriately authorized users. Such systems are defined in [1] and [2]. Both have studied about availability of subject.…”

Decision Theory based Auto-delegation (DTA-d) scheme for Ubiquitous Computing

“…Usually, such policy defines a decision about the access for a subject independently from the other subjects [2]. For instance, in a health-care system, a nurse cannot access a medical record regardless of the fact that a physician can or cannot access this medical record.…”

“…Although this independence property makes sense in the general case, in some situations, subjects who have access to a critical object may be unavailable. In such situations the object cannot be accessed by anyone and this limitation of the access control system leads to a potentially life-threatening situation [2]. An example could be a patient record required for curing a person who is having an heart attack or essential military intelligence report when it is unknown if the responsible officer is alive or not.…”

“…To overcome the limitation of [1] further the work is extended in [2] they assumed a level of uncertainty for availability of users to be a quantitative value (probability of availability), and proposed a quantitative approach to the problem of autodelegation. Whether an access should be granted to a user is decided according to the probability that a more qualified user is available.…”

“…patient medical record) while the availability of more qualified subject is uncertain. Uncertainty is usually expressed with probability [2]. Probability that a person is available could be simply assigned by an analyst, could be derived out of statistics, could be computed, etc.…”

“…But the system in which the set of available, authorized subjects fluctuates unpredictably over time requires delegation mechanisms that can respond automatically in the unavailability of appropriately authorized users. Such systems are defined in [1] and [2]. Both have studied about availability of subject.…”

Decision Theory based Auto-delegation (DTA-d) scheme for Ubiquitous Computing

Towards Attribute-Based Access Control Policy Engineering Using Risk

Towards Attribute-Based Access Control Policy Engineering Using Risk