An approach to access control under uncertainty

Farzad Salim, Jason Reid, Ed Dawson, Uwe Dulleck

Research output: A Conference proceeding or a Chapter in BookConference contributionpeer-review

22 Citations (Scopus)

Abstract

In dynamic and uncertain environments such as healthcare, where the needs of security and information availability are difficult to balance, an access control approach based on a static policy will be suboptimal regardless of how comprehensive it is. The uncertainty stems from the unpredictability of users' operational needs as well as their private incentives to misuse permissions. In Role Based Access Control (RBAC), a user's legitimate access request may be denied because its need has not been anticipated by the security administrator. Alternatively, even when the policy is correctly specified an authorised user may accidentally or intentionally misuse the granted permission. This paper introduces a novel approach to access control under uncertainty and presents it in the context of RBAC. By taking insights from the field of economics, in particular the insurance literature, we propose a formal model where the value of resources are explicitly defined and an RBAC policy (entailing those predictable access needs) is only used as a reference point to determine the price each user has to pay for access, as opposed to representing hard and fast rules that are always rigidly applied.

Original languageEnglish
Title of host publicationProceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011
Pages1-8
Number of pages8
DOIs
Publication statusPublished - 2011
Externally publishedYes
Event2011 6th International Conference on Availability, Reliability and Security, ARES 2011 - Vienna, Austria
Duration: 22 Aug 201126 Aug 2011

Publication series

NameProceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Conference

Conference2011 6th International Conference on Availability, Reliability and Security, ARES 2011
Country/TerritoryAustria
CityVienna
Period22/08/1126/08/11

Fingerprint

Dive into the research topics of 'An approach to access control under uncertainty'. Together they form a unique fingerprint.

Cite this