Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do not contain automatic mechanisms through which a system can increase or decrease users' access to classified information. Therefore, in this paper, we propose a risk-based decision method for an access control system. Firstly, we dynamically calculate the trust and risk values for each subject-object pair. Both values are adaptive, reflecting the past behavior of the users with particular objects. The past behavior is evaluated based on the history of reward and penalty points. These are assigned by the system after the completion of every transaction. Secondly, based on the trust and risk values, an access decision is made
The increasing need to share information in dynamic environments has created a requirement for risk-...
Abstract. The functioning of modern IT-systems with autonomously acting components requires an elabo...
With development of grid technology, sensitive data protection becomes a difficult task for accesses...
In traditional multi-level security systems, trust and risk values are pre-computed. Any change in t...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Context-based access control is an emerging approach for modeling adaptive solution, making access c...
We describe a framework for risk assessment specifically within the context of risk-based access con...
Abstract—Over the years, role based access control (RBAC) has remained a dominant form of access con...
Risk assessment and access control are important issues in cloud computing. In this paper, we propos...
Risk-based access control systems are a new element in access control categories, incorporating risk...
This paper addresses the making of security decisions, such as access-control decisions or spam filt...
In monitored environments, where risks can be prevented via sensors and spatial data technologies, s...
Currently, control of access to information and physical resources has become extremely important. N...
Fuzzy inference is a promising approach to implement risk-based access control systems. However, its...
Qualitative security policy design methods suffer from over-reliance on expertise. This paper presen...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Abstract. The functioning of modern IT-systems with autonomously acting components requires an elabo...
With development of grid technology, sensitive data protection becomes a difficult task for accesses...
In traditional multi-level security systems, trust and risk values are pre-computed. Any change in t...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Context-based access control is an emerging approach for modeling adaptive solution, making access c...
We describe a framework for risk assessment specifically within the context of risk-based access con...
Abstract—Over the years, role based access control (RBAC) has remained a dominant form of access con...
Risk assessment and access control are important issues in cloud computing. In this paper, we propos...
Risk-based access control systems are a new element in access control categories, incorporating risk...
This paper addresses the making of security decisions, such as access-control decisions or spam filt...
In monitored environments, where risks can be prevented via sensors and spatial data technologies, s...
Currently, control of access to information and physical resources has become extremely important. N...
Fuzzy inference is a promising approach to implement risk-based access control systems. However, its...
Qualitative security policy design methods suffer from over-reliance on expertise. This paper presen...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Abstract. The functioning of modern IT-systems with autonomously acting components requires an elabo...
With development of grid technology, sensitive data protection becomes a difficult task for accesses...