Title :
Risk analysis in access control systems
Author :
Ma, J. ; Adi, K. ; Mejri, M. ; Logrippo, L.
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. du Quebec en Outaouais, Québec, QC, Canada
Abstract :
Commonly known access control systems respond to users´ requests to perform actions on protected objects by giving binary answers such as permit or deny. The decisions are taken on the basis of access control policies, where the risk of allowing access is not necessarily taken into explicit consideration. In this paper, we introduce RBACR model (Role Based Access Control Model with Risk), in which each access control decision is taken after consideration of risk assessment. The proposed risk assessment method considers partial orderings on objects and actions to capture the notions of importance of objects and criticality of actions, and determines the risk of assigning a specific role to a specific user. The case of role delegation is also considered.
Keywords :
authorisation; decision making; risk analysis; RBACR model; access control policy; risk analysis; risk assessment; role based access control model; Access control; Cognition; Context; Decision making; Risk management; Access control; RBAC; RBACR; model; risk analysis;
Conference_Titel :
Privacy Security and Trust (PST), 2010 Eighth Annual International Conference on
Conference_Location :
Ottawa, ON
Print_ISBN :
978-1-4244-7551-3
Electronic_ISBN :
978-1-4244-7549-0
DOI :
10.1109/PST.2010.5593248
