Title :
Optimal Budget Allocation in Budget-based Access Control
Author :
Salim, Farzad ; Dulleck, Uwe ; Reid, Jason ; Dawson, Ed
Author_Institution :
Inf. Security Inst., Queensland Univ. of Technol., Brisbane, QLD, Australia
Abstract :
In dynamic and uncertain environments, where the needs of security and information availability are difficult to balance, an access control approach based on a static policy will be suboptimal regardless of how comprehensive it is. Risk-based approaches to access control attempt to address this problem by allocating a limited budget to users, through which they pay for the exceptions deemed necessary. So far the primary focus has been on how to incorporate the notion of budget into access control rather than what or if there is an optimal amount of budget to allocate to users. In this paper we discuss the problems that arise from a sub-optimal allocation of budget and introduce a generalised characterisation of an optimal budget allocation function that maximises organisations expected benefit in the presence of self-interested employees and costly audit.
Keywords :
authorisation; budgeting; budget notion; budget-based access control; optimal budget allocation function; risk-based access control; Authorization; Educational institutions; Hospitals; Monitoring; Resource management;
Conference_Titel :
Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
Conference_Location :
Vienna
Print_ISBN :
978-1-4577-0979-1
Electronic_ISBN :
978-0-7695-4485-4
DOI :
10.1109/ARES.2011.122
