Skip to Main Content
We extend existing work on security metrics by proposing a method to monitor the state of system entities in real-time. The primary focus is assessing the risk to and from access control request sources and targets. This process is critical in building effective dynamic access control methods that utilize assessment data for policy enforcement. Information on vulnerability exploitation attempts is used to derive risk assessments for entities in the system. To validate the approach, we demonstrate the use of our assessment method on analyzing the sources and targets in a widely used intrusion detection data set.