Dynamic risk-based decision methods for access control systems

Computers and Security

Volumn 31, Issue 4, 2012, Pages 447-464

  Shaikh, Riaz Ahmed ^a   Adi, Kamel ^a   Logrippo, Luigi ^a  

^a UNIVERSITÉ DU QUÉBEC EN OUTAOUAIS   (Canada)

Author keywords

Access control; Policy; Risk; Security; Trust

Indexed keywords

AUTHORIZED USERS; CONTROLLED CONDITIONS; DYNAMIC ENVIRONMENTS; MANUAL INTERVENTION; MULTI-LEVEL SECURITY; RISK VALUE; RISK-BASED; RISK-BASED DECISIONS; SECURITY; SIMULATION-BASED ANALYSIS; TRUST;

HEALTH CARE; PUBLIC POLICY; RISKS;

ACCESS CONTROL;

EID: 84861100364     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2012.02.006     Document Type: Article

References (17)

1. D.E. Bell, and L.J. LaPadula Secure computer system: unified exposition and multics interpretation Tech. Rep. ESD-TR-75-306 Mar 1976 The Mitre Corporation
2. K.J. Biba Integrity considerations for secure computer systems Tech. Rep. MTR-3153 Apr 1977 The Mitre Corporation
3. P.-C. Cheng, P. Rohatgi, C. Keser, P.A. Karger, G.M. Wagner, and A.S. Reninger Fuzzy multi-level security: an experiment on quantified risk-adaptive access control IEEE symposium on security and privacy 2007 IEEE Computer Society Los Alamitos, CA, USA 222 230
4. C.L. Clark Shopping without cash: the emergence of the e-purse Economic Perspectives 29 4 2005 34 51
5. M.L. Crossley The desk reference of statistical quality methods 2007 American Society for Quality
6. L. Dickens, A. Russo, P.-C. Cheng, and J. Lob Towards learning risk estimation functions for access control Snowbird learning workshop 2010
7. N.E. Dimmock Using trust and risk for access control in global computing Tech. Rep. UCAM-CL-TR-643 Aug 2005 University of Cambridge, Computer Laboratory
8. D. Ferraiolo, D.R. Kuhn, and R. Chandramouli Role-based access control 2003 Artech House Publishers
9. R.C. Mayer, J.H. Davis, and F.D. Schoorman An integrative model of organizational trust The Academy of Management Review 20 3 1995 709 734
10. R. McGraw Risk-adaptable access control RADAC Privilege (Access) management workshop 2009 NIST-National Institute of Standards and Technology-Information Technology Laboratory
11. I. Molloy, P.-C. Cheng, and P. Rohatgi Trading in risk: using markets to improve access control Proceedings of the 2008 Workshop on New Security Paradigms, NSPW'08 2008 ACM New York, NY, USA 107 125
12. Q. Ni, E. Bertino, and J. Lobo Risk-based access control systems built on fuzzy inferences Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS'10 2010 ACM New York, NY, USA 250 260
13. F. Salim, J. Reid, and E. Dawson Authorization models for secure information sharing: a survey and research agenda The ISC International Journal of Information Security 2 2 2010 69 87
14. G. Stoneburner, A. Goguen, and A. Feringa Risk management guide for information technology systems Tech. Rep. SP 800-30 July 2002 NIST
15. M. Verma Xml security: control information access with XACML Oct 2004
16. Q. Wang, and H. Jin Quantified risk-adaptive access control for patient privacy protection in health information systems Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS'11) 2011 ACM New York, NY, USA 406 410
17. L. Zhang, A. Brodsky, and S. Jajodia Toward information sharing: benefit and risk access control BARAC Proceedings of the seventh IEEE international workshop on policies for distributed systems and networks 2006 IEEE Computer Society Washington, DC, USA 45 53 (Pubitemid 44888885)