Dynamic and risk-aware network access management

Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)

Volumn , Issue , 2003, Pages 217-230

  Teo, Lawrence ^a,b   Ahn, Gail Joon ^a   Zheng, Yuliang ^a,b  

^a UNIVERSITY OF NORTH CAROLINA AT CHARLOTTE   (United States)

^b Calyptix Security Corporation   (United States)

Author keywords

Dynamic access control; Network management; Risk; Risk awareness; Role

Indexed keywords

ALGORITHMS; COMPUTER NETWORKS; COMPUTER SIMULATION; COMPUTER SYSTEM FIREWALLS; DATA ACQUISITION; DATA COMMUNICATION SYSTEMS; TELECOMMUNICATION TRAFFIC;

DYNAMIC ACCESS CONTROL; INTRUSION DETECTION SYSTEMS; NETWORK MANAGEMENT;

SECURITY OF DATA;

EID: 0242456725     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/775412.775441     Document Type: Conference Paper

References (18)

1. M. D. Abrams, J. Heaney, O. King, L. J. LaPadula, M. Lazear, and I. M. Olson. Generalized framework for access control: Towards prototyping the ORGCON policy. In Proceedings of the 14th National Computer Security Conference, Washington, D.C., October 1991.
2. ForeScout. ActiveScout. World Wide Web, 2002. http://www.forescout.com/activescout.html.
3. L. Harn and H. Lin. Integration of user authentication and access control. In IEE Proceedings-E, volume 139, number 2, pages 139-143, 1992.
4. Internet Assigned Numbers Authority. Port numbers. World Wide Web. http://www.iana.org/assignments/port-numbers.
5. T. Jaeger. On the increasing importance of constraints. In Proceedings of the 4th ACM Workshop on Role-Based Access Control, pages 33-42, Fairfax, VA, October 1999.
6. K. Knorr. Dynamic access control through petri net workflows. In Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC), New Orleans, LA, December 2000.
7. C. H. Lin, R. C. T. Lee, and C. C. Chang. A dynamic access control mechanism in information protection systems. Journal of Information Science and Engineering, 6(1):25-35, March 1990.
8. D. L. Mills. Network Time Protocol (version 3) specification, implementation and analysis. RFC 1305, March 1992.
9. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. The spread of the Sapphire/Slammer worm. Technical report, January 2003. http://www.caida.org/outreach/papers/2003/sapphire/sapphire.html.
10. P. Naldurg and R. H. Campbell. Dynamic access control policies in Seraphim. Technical Report UIUCDCS-R-2002-2260, Computer Science Department, University of Illinois at Urbana-Champaign, February 2002.
11. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38-47, February 1996.
12. L. Spitzner. Know your enemy: Passive fingerprinting. World Wide Web, March 2002. http://project.honeynet.org/papers/finger/.
13. S. Staniford, V. Paxson, and N. Weaver. How to Own the Internet in your spare time. In Proceedings of the 11th USENIX Security Symposium (Security '02), San Francisco, CA, August 2002.
14. R. K. Thomas and R. S. Sandhu. Towards a task-based paradigm for flexible and adaptable access control in distributed applications. In Proceedings on the 1992-1993 Workshop on New Security Paradigms, pages 138-142, Little Compton, RI, 1993.
15. R. K. Thomas and R. S. Sandhu. Conceptual foundations for a model of task-based authorizations. In Proceedings of the 7th IEEE Computer Security Foundations Workshop, pages 66-79, Franconia, NH, June 1994.
16. R. K. Thomas and R. S. Sandhu. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Tahoe, CA, August 1997.
17. D. Verton. Insider threat to security may be harder to detect, experts say. Computerworld, April 12, 2002.
18. S.-M. Yen and C.-S. Laih. On the design of dynamic access control scheme with user authentication. International Journal of Computers and Mathematics with Applications, 25(7):27-32, 1993.