Chen, Liang and Crampton, Jason (2011) Risk-aware role-based access control. In: Proceedings of the 7th International Workshop on Security and Trust Management, June 27-28, 2011, Copenhagen, Denmark.Full text not available from this repository.
The increasing need to share information in dynamic environments has created a requirement for risk-aware access control systems. The standard RBAC model is designed to operate in a relatively stable, closed environment and does not include any support for risk. In this paper, we explore a number of ways in which the RBAC model can be extended to incorporate notions of risk. In particular, we develop three simple risk-aware RBAC models that differ in the way in which risk is represented and accounted for in making access control decisions. We also propose a risk-aware RBAC model that combines all the features of three simple models and consider some issues related to its implementation. Compared with existing work, our models have clear authorization semantics and support richer types of access control decisions.
|Item Type:||Conference or Workshop Item (Paper)|
|Depositing User:||Liang Chen|
|Date Deposited:||22 Mar 2016 18:08|
|Last Modified:||23 Mar 2016 09:44|
Actions (login required)