Optimal budget allocation in budget-based access control

Farzad Salim; Uwe Dulleck; Jason Reid; Ed Dawson

doi:10.1109/ARES.2011.122

Optimal budget allocation in budget-based access control

Farzad Salim, Uwe Dulleck, Jason Reid, Ed Dawson

Research output: A Conference proceeding or a Chapter in Book › Conference contribution › peer-review

1 Citation (Scopus)

Abstract

In dynamic and uncertain environments, where the needs of security and information availability are difficult to balance, an access control approach based on a static policy will be suboptimal regardless of how comprehensive it is. Risk-based approaches to access control attempt to address this problem by allocating a limited budget to users, through which they pay for the exceptions deemed necessary. So far the primary focus has been on how to incorporate the notion of budget into access control rather than what or if there is an optimal amount of budget to allocate to users. In this paper we discuss the problems that arise from a sub-optimal allocation of budget and introduce a generalised characterisation of an optimal budget allocation function that maximises organisations expected benefit in the presence of self-interested employees and costly audit.

Original language	English
Title of host publication	Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011
Pages	591-596
Number of pages	6
DOIs	https://doi.org/10.1109/ARES.2011.122
Publication status	Published - 2011
Externally published	Yes
Event	2011 6th International Conference on Availability, Reliability and Security, ARES 2011 - Vienna, Austria Duration: 22 Aug 2011 → 26 Aug 2011

Publication series

Name	Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Conference

Conference	2011 6th International Conference on Availability, Reliability and Security, ARES 2011
Country/Territory	Austria
City	Vienna
Period	22/08/11 → 26/08/11

Access to Document

10.1109/ARES.2011.122

Cite this

Salim, F., Dulleck, U., Reid, J., & Dawson, E. (2011). Optimal budget allocation in budget-based access control. In Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011 (pp. 591-596). Article 6045982 (Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011). https://doi.org/10.1109/ARES.2011.122

@inproceedings{76a37b1097fd4bda8ff82a65b3fb2e99,

title = "Optimal budget allocation in budget-based access control",

abstract = "In dynamic and uncertain environments, where the needs of security and information availability are difficult to balance, an access control approach based on a static policy will be suboptimal regardless of how comprehensive it is. Risk-based approaches to access control attempt to address this problem by allocating a limited budget to users, through which they pay for the exceptions deemed necessary. So far the primary focus has been on how to incorporate the notion of budget into access control rather than what or if there is an optimal amount of budget to allocate to users. In this paper we discuss the problems that arise from a sub-optimal allocation of budget and introduce a generalised characterisation of an optimal budget allocation function that maximises organisations expected benefit in the presence of self-interested employees and costly audit.",

keywords = "Access control, Credence good, Dynamic environments, Economics, Insider problem, Optimal budget",

author = "Farzad Salim and Uwe Dulleck and Jason Reid and Ed Dawson",

year = "2011",

doi = "10.1109/ARES.2011.122",

language = "English",

isbn = "9780769544854",

series = "Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011",

pages = "591--596",

booktitle = "Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011",

note = "2011 6th International Conference on Availability, Reliability and Security, ARES 2011 ; Conference date: 22-08-2011 Through 26-08-2011",

}

Salim, F, Dulleck, U, Reid, J & Dawson, E 2011, Optimal budget allocation in budget-based access control. in Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011., 6045982, Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011, pp. 591-596, 2011 6th International Conference on Availability, Reliability and Security, ARES 2011, Vienna, Austria, 22/08/11. https://doi.org/10.1109/ARES.2011.122

Optimal budget allocation in budget-based access control. / Salim, Farzad; Dulleck, Uwe; Reid, Jason et al.
Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011. 2011. p. 591-596 6045982 (Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011).

Research output: A Conference proceeding or a Chapter in Book › Conference contribution › peer-review

TY - GEN

T1 - Optimal budget allocation in budget-based access control

AU - Salim, Farzad

AU - Dulleck, Uwe

AU - Reid, Jason

AU - Dawson, Ed

PY - 2011

Y1 - 2011

N2 - In dynamic and uncertain environments, where the needs of security and information availability are difficult to balance, an access control approach based on a static policy will be suboptimal regardless of how comprehensive it is. Risk-based approaches to access control attempt to address this problem by allocating a limited budget to users, through which they pay for the exceptions deemed necessary. So far the primary focus has been on how to incorporate the notion of budget into access control rather than what or if there is an optimal amount of budget to allocate to users. In this paper we discuss the problems that arise from a sub-optimal allocation of budget and introduce a generalised characterisation of an optimal budget allocation function that maximises organisations expected benefit in the presence of self-interested employees and costly audit.

AB - In dynamic and uncertain environments, where the needs of security and information availability are difficult to balance, an access control approach based on a static policy will be suboptimal regardless of how comprehensive it is. Risk-based approaches to access control attempt to address this problem by allocating a limited budget to users, through which they pay for the exceptions deemed necessary. So far the primary focus has been on how to incorporate the notion of budget into access control rather than what or if there is an optimal amount of budget to allocate to users. In this paper we discuss the problems that arise from a sub-optimal allocation of budget and introduce a generalised characterisation of an optimal budget allocation function that maximises organisations expected benefit in the presence of self-interested employees and costly audit.

KW - Access control

KW - Credence good

KW - Dynamic environments

KW - Economics

KW - Insider problem

KW - Optimal budget

UR - http://www.scopus.com/inward/record.url?scp=80455144592&partnerID=8YFLogxK

U2 - 10.1109/ARES.2011.122

DO - 10.1109/ARES.2011.122

M3 - Conference contribution

AN - SCOPUS:80455144592

SN - 9780769544854

T3 - Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

SP - 591

EP - 596

BT - Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

T2 - 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Y2 - 22 August 2011 through 26 August 2011

ER -

Optimal budget allocation in budget-based access control

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this