Risk Models for Trust-Based Access Control(TBAC)

Dimmock, Nathan; Bacon, Jean; Ingram, D.G.W.; Moody, Ken

doi:10.1007/11429760_25

Cited by 40 publications

(21 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Risk-based access control [1], [8], [11], [12], [14], [27], [33] has recently been proposed as a mechanism for providing flexible authorization in complex and unpredictable environments. The key idea is to maximize productivity while bounding risk instead of eliminating risk.…”

Section: Related Workmentioning

confidence: 99%

Towards Quantitative Analysis of Proofs of Authorization: Applications, Framework, and Techniques

Lee

2010

2010 23rd IEEE Computer Security Foundations Symposium

View full text Add to dashboard Cite

Abstract-Although policy compliance testing is generally treated as a binary decision problem, the evidence gathered during the trust management process can actually be used to examine these outcomes within a more continuous space. In this paper, we develop a formal model that allows us to quantitatively reason about the outcomes of the policy enforcement process in both absolute (i.e., user to ideal case) and relative (i.e., user to user) terms. Within this framework, it becomes possible to quantify, e.g., the robustness of a user's proof of authorization to possible perturbations in the system, how close an unauthorized user is to satisfying a particular policy, and relative "top-k" style rankings of the best users to carry out a particular task. To this end, we explore several interesting classes of scoring functions for assessing the robustness of authorization decisions, and develop criteria under which these types of functions can be composed with one another. We further show that these types of functions can be extended to quantify how close unauthorized users are to satisfying policies, which can be a useful risk metric for decision making under unexpected circumstances.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards Quantitative Analysis of Proofs of Authorization: Applications, Framework, and Techniques

Lee

2010

2010 23rd IEEE Computer Security Foundations Symposium

View full text Add to dashboard Cite

show abstract

“…However, service providers are exposed to requestors scattered across multiple organizational domains, so can be exploited by untrustworthy requestors while providing services [1]. 1 Given that, provider software need to SOCA (2009 automatically decide on which entity they should trust for service collaboration [2].…”

Section: Introductionmentioning

confidence: 99%

Collaboration through computation: incorporating trust model into service-based software systems

Uddin

Zulkernine

Ahamed

2009

SOCA

View full text Add to dashboard Cite

The open and dynamic nature of service-based software systems necessitates spontaneous and trustworthy interactions between collaborating entities. Service providers are exposed to users spanned across multiple organizational domains, so can be exploited by potentially untrustworthy service requestors. Given that, service providers need to trust requestors before granting them with services. Trust encompasses a number of quality attributes (e.g., security, competence, honesty) and helps in dynamic decision making. In this paper, we present a trust-based service collaboration approach, facilitated by the analysis of service-based interactions between service providers and requestors, and recommendations between service providers. Service providers exchange recommendations to convey their trust on requestors. This collaboration is quantified using our proposed trust model, called CAT, a Context-Aware Trust model based on service-based interactions by considering services as contexts. We identify a number of collaboration-based trust properties including risk and context-awareness and incorporate them in CAT. A context-similarity parameter is introduced to decide on similar services. A time-based ageing parameter is proposed to decrease trust values over time without any further interactions. Direct and indirect recommendations from other service providers are included in total trust calculation, with a path-based ageing parameter applying over indirect recommendations. A mechanism to calculate the accuracy of recommendations is proposed to differentiate between reliable and unreliable recommendations. These calculation schemes are employed in a trust-based service collaboration algorithm to automatically decide on granting services to requestors. The approach is elaborated using examples from file sharing applications, and successfully evaluated by implementing a prototype service-based file sharing grid.

show abstract

“…Some recent research used trust as the fundamental component [2,3,4]. Some combine trust with risk to create a stronger security service to support peer-topeer environment [4,9].…”

Section: Introductionmentioning

confidence: 99%