Towards a game theoretic authorisation model

Farzad Salim, Jason Reid, Uwe Dulleck, Ed Dawson

Research output: A Conference proceeding or a Chapter in BookConference contributionpeer-review

5 Citations (Scopus)

Abstract

Authorised users (insiders) are behind the majority of security incidents with high financial impacts. Because authorisation is the process of controlling users' access to resources, improving authorisation techniques may mitigate the insider threat. Current approaches to authorisation suffer from the assumption that users will (can) not depart from the expected behaviour implicit in the authorisation policy. In reality however, users can and do depart from the canonical behaviour. This paper argues that the conflict of interest between insiders and authorisation mechanisms is analogous to the subset of problems formally studied in the field of game theory. It proposes a game theoretic authorisation model that can ensure users' potential misuse of a resource is explicitly considered while making an authorisation decision. The resulting authorisation model is dynamic in the sense that its access decisions vary according to the changes in explicit factors that influence the cost of misuse for both the authorisation mechanism and the insider.

Original languageEnglish
Title of host publicationDecision and Game Theory for Security - First International Conference, GameSec 2010, Proceedings
Pages208-219
Number of pages12
DOIs
Publication statusPublished - 2010
Externally publishedYes
Event1st International Conference on Decision and Game Theory for Security, GameSec 2010 - Berlin, Germany
Duration: 22 Nov 201023 Nov 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6442 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference1st International Conference on Decision and Game Theory for Security, GameSec 2010
Country/TerritoryGermany
CityBerlin
Period22/11/1023/11/10

Fingerprint

Dive into the research topics of 'Towards a game theoretic authorisation model'. Together they form a unique fingerprint.

Cite this