Scheduled System Maintenance:
Some services will be unavailable Sunday, March 29th through Monday, March 30th. We apologize for the inconvenience.
By Topic

Research on risk property of access control policy

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Zhuo Tang ; Sch. of Comput. & Commun., Hunan Univ., Changsha, China ; Bo Li ; Renfa Li ; Kenli Li

There are leaks in the permission distribution and delegation for the traditional access control based on roles. By introducing the concept of risk, this study establishes an integrated theoretic framework. This paper represents access control policy and the ordering relation among roles based on risk. The concept of risk distance is proposed, which made the security of access control polices can be compared according their various risk bands. We also illuminate the basic relationship between roles. The properties and principle are proposed for the policies' delegation and reassignment based on risk. Through these properties and principle, this article proposed a method to optimize users' access control polices. It ensures the executions of policies are under the minimum risk. The risk-based method can limit the highly risky authorization and delegation. And it can improve the security of the system.

Published in:

Management of Innovation and Technology (ICMIT), 2010 IEEE International Conference on

Date of Conference:

2-5 June 2010