Sciweavers

Share
ARESEC
2011

An Attribute Based Framework for Risk-Adaptive Access Control Models

9 years 4 months ago
An Attribute Based Framework for Risk-Adaptive Access Control Models
—The concept of risk-based adaptive access control (RAdAC, pronounced Raid-ack) has been recently introduced in the literature. It seeks to automatically (or semi-automatically) adjust security risk for providing access to resources accounting for operational needs, risk factors and situational factors. In make progress in this arena we need abstract models analogous to those that underlie the sustained and successful practice of discretionary, mandatory and role-based access control. Such models define a formal structure and components for policy specifications, while allowing for a variety of enforcement architectures and detailed implementation. In this paper we develop a novel approach to capture these characteristics of RAdAC using attribute-based access control. We further show that this RAdAC model can be expressed in the UCON usage control model with suitable extensions, and discuss how other UCON elements not used in this construction could beneficially improve the RAdAC ...
Savith Kandala, Ravi S. Sandhu, Venkata Bhamidipat
Added 12 Dec 2011
Updated 12 Dec 2011
Type Journal
Year 2011
Where ARESEC
Authors Savith Kandala, Ravi S. Sandhu, Venkata Bhamidipati
Comments (0)
books