By Topic

An Attribute Based Framework for Risk-Adaptive Access Control Models

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)

The concept of risk-based adaptive access control (RAdAC, pronounced Raid-ack) has been recently introduced in the literature. It seeks to automatically (or semi-automatically) adjust security risk for providing access to resources accounting for operational needs, risk factors and situational factors. In order to make progress in this arena we need abstract models analogous to those that underlie the sustained and successful practice of discretionary, mandatory and role-based access control. Such models define a formal structure and components for policy specifications, while allowing for a variety of enforcement architectures and detailed implementation. In this paper we develop a novel approach to capture these characteristics of RAdAC using attribute-based access control. We further show that this RAdAC model can be expressed in the UCON usage control model with suitable extensions, and discuss how other UCON elements not used in this construction could beneficially improve the RAdAC vision.

Published in:

Availability, Reliability and Security (ARES), 2011 Sixth International Conference on

Date of Conference:

22-26 Aug. 2011