Specify and enforce the policies of quantified risk adaptive access control

Proceedings of the 2010 14th International Conference on Computer Supported Cooperative Work in Design, CSCWD 2010

Volumn , Issue , 2010, Pages 110-115

  Chen, Chen ^a   Han, Weili ^a   Yong, Jianming ^b  

^a FUDAN UNIVERSITY   (China)

^b UNIVERSITY OF SOUTHERN QUEENSLAND   (Australia)

Author keywords

Policy enforcement; Quantified risk; Risk adaptive access control; XACML

Indexed keywords

ADAPTIVE POLICY; POLICY ENFORCEMENT; QUANTIFIED RISK; REFERENCE IMPLEMENTATION; RISK LEVELS; XACML;

DESIGN; ENGINEERING RESEARCH; GROUPWARE; INTERACTIVE COMPUTER SYSTEMS; RISK MANAGEMENT; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 79953803060     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSCWD.2010.5471991     Document Type: Conference Paper

References (16)

1. JASON, "Horizontal integration: Broader access models for realizing information dominance," MITRE Corporation, http://www.fas.org/irp/agency/ dod/jason/classpol.pdf, Tech. Rep. JSR-04-132, 2004.
2. P. Cheng, P. Rohatgi, C. Keser, P. A. Karger, G. M. Wagner, and A. S. Reninger, "Fuzzy multi-level security: An experiment on quantified risk adaptive access control," in Proceedings of 2007 IEEE Symposium on Security and Privacy (SP'07). Oakland, California, USA: ACM, May 2007, pp. 222 - 230.
3. I. Molloy, P.-C. Cheng, and P. Rohatgi, "Trading in risk: Using markets to improve access control," in Proceedings of New Security Paradigms Workshop (NSPW'08). Lake Tahoe, California, USA: ACM, September 2008, pp. 1-19.
4. D. Liu, X. Wang, and L. J. Camp, "Mitigating inadvertent insider threats with incentives," in Proceedings of the Thirteenth International Conference on Financial Cryptography and Data Security (FC2009), Barbados, 2009.
5. A. Fokoue, M. Srivatsa, P. Rohatgi, P. Wrobel, and J. Yesberg, "A decision support system for secure information sharing," in Proceedings of the 14th ACM Symposium on Access Control Models and Technologies. Stresa, Italy: ACM, June 2009, pp. 105 - 114.
6. W. Han, Q. Ni, and H. Chen, "Apply measurable risk to strengthen security of a role-based delegation supporting workflow system," in IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2009). London, UK: IEEE, July 2009.
7. D. F. Ferraiola, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, "Proposed nist standard for role-based access control," ACM Transactions on Information and System Security (TISSEC), vol. 4, no. 3, pp. 224-274, August 2001.
8. E. Rissanen, "Extensible access control markup language (xacml) version 3.0," OASIS Standard, April 2009.
9. Sun, "Sun's xacml implementation," http://sunxacml.sourceforge. net/, June 2006.
10. N. Dimmock, A. Belokosztolszki, and D. Eyers, "Using trust and risk in role-based access control policies," in Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies, (SACMAT'04). Yorktown Heights, New York, USA: ACM, June 2004, pp. 156-162.
11. Q. Ni, E. Bertino, and J. Lobo, "Risk-based access control systems built on fuzzy inferences," in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010), Beijing, China, April 13-16 2010.
12. X. Zhang, M. Nakae, M. J. Covington, and R. Sandhu, "A usage-based authorization framework for collaborative computing systems," in Proceedings of the 11th ACM symposium on Access control models and technologies (SACMAT 2006), Lake Tahoe, California, USA, June.
13. M. Xu, D. Wijesekera, X. Zhang, and D. Cooray, "Towards session-aware rbac administration and enforcement with xacml," in Proceedings of IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2009), Imperial College London, UK, July.
14. M. V. Tripunitara and B. Carbunar, "Efficient access enforcement in distributed role-based access control (rbac) deployments," in Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT 2009), Stresa, Italy, June, pp. 155-164.
15. N. Li, Q. Wang, W. H. Qardaji, E. Bertino, P. Rao, J. Lobo, and D. Lin, "Access control policy combining: theory meets practice," in Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT 2009), Stresa, Italy, June 2009, pp. 135-144.
16. L. Zadeh, "Outline of a new approach to the analysis of complex systems and decision processes," IEEE Transactions on Systems, Man and Cybernetics, vol. 1, pp. 28-44.