Risk-aware usage decision making in highly dynamic systems

5th International Conference on Internet Monitoring and Protection, ICIMP 2010

Volumn , Issue , 2010, Pages 29-34

  Krautsevich, Leanid ^a   Lazouski, Aliaksandr ^a   Martinelli, Fabio ^b   Yautsiukhin, Artsiom ^b  

^a UNIVERSITY OF PISA   (Italy)

^b Istituto di informatica e telematica del Consiglio nazionale delle ricerche   (Italy)

Author keywords

Freshness of attributes; Risk assessment; Security; Trustworthiness of attributes; UCON; Usage control

Indexed keywords

ACCESS DECISION; DYNAMIC SYSTEMS; IMPRECISE VALUES; MARKOV CHAIN; POLICY ENFORCEMENT; USAGE CONTROL;

DECISION MAKING; DYNAMICAL SYSTEMS; FUZZY CONTROL; INTERNET; MARKOV PROCESSES; NETWORK SECURITY; RISK ANALYSIS; RISK MANAGEMENT;

RISK ASSESSMENT;

EID: 77954531374     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICIMP.2010.13     Document Type: Conference Paper

References (18)

1. C. Skalka, X. S. Wang, and P. Chapin, "Risk management for distributed authorization," J. Comp. Sec., vol. 15, no. 4, pp. 447-489, 2007.
2. B. Aziz, S. N. Foley, J. Herbert, and G. Swart, "Reconfiguring role based access control policies using risk, semantics," J. High Speed Networks, vol. 15, no. 3, pp. 261-273, 2006.
3. N. N. Diep, L. X. Hung, Y. Zhung, S. Lee, Y-K. Lee, and H. Lee, "Enforcing access control using risk assessment," in Proc. of ECUMN-07, 2007, pp. 419-424.
4. R. S. Sandhu and J. Park, "Usage control: A vision for next generation access control," in. Proc. of MMM-ACNS-03, 2003, pp. 17-31.
5. M. Nauman, M. Alam, X. Zhang, and T. Ali, "Remote attestation of attribute updates and information flows in a ucon system," in Proc. of Trust-09, ser. LNCS, Springer-Verlag, 2009, vol. 5471, pp 63-80.
6. X. Zhang, R. Sandhu, and F. Parisi-Presicce, "Safety analysis of usage control authorization models," in Proc. of ASIACCS, 2006, pp. 243-254.
7. A. Lazouski, F. Martinelli, and P. Mori, "A survey of usage control in computer security," IIT-CNR, Tech. Rep. HT TR12/2008, December 2008.
8. ABC usage control model," TISSEC, vol. 7, no. 1, pp. 128-174, 2004.
9. C. J. Alberts and A. J. Dorofee, "Octave criteria, version 2.0," CMU/SEI-2001-TR-016, Tech. Rep., December 2001.
10. L. Krautsevich, A. .Lazouski, F. Martinelli, and A. Yautsiukhin, "Risk-based usage control for service oriented architecture," in Proc. of PDP-I0, IEEE, 2010.
11. A. Pretschner, M. Hilty, and D. Basin, "Distributed usage control," ACM Comm., vol. 49, no. 9, pp. 39-44, 2006.
12. M. Bouzeghoub and V. Peralta, "A framework for analysis of data freshness," in Proc. of IQIS-04, 2004, pp. 59-67.
13. G. Stoneburner, A. Goguen, and A. Feringa, "Risk management guide for information technology systems," NIST, Tech. Rep. 800-30, 2001.
14. O. C. Ibe, Fundamentals of Applied Probability and Random Processes, T. Singer, Ed. Elsevier Academic Press, 2005.
15. S. O. Hansson, "Decision theory, a brief introduction," available via http://www.infra.kth.se/soh/decisiontheory.pdf on 20/11/2009, 1994.
16. Y. Han, Y. Hori, and K. Sakurai, "Security policy preevaluation towards risk analysis," in Proc. of ISA-08, IEEE, 2008, pp. 415-420.
17. L. Zhang, A. Brodsky, and S. Jajodia, "Toward information sharing: Benefit and risk access control (BARAC)," in Proc. of POLICY-06, IEEE, 2006, pp. 45-53.
18. Y. Li, H. Sun, Z. Chen, J. Ren, and H. Luo, "Using trust and risk in access control for grid environment," Proc. of SecTech08, 2008, pp. 13-16.