Title :
Specify and enforce the policies of quantified risk adaptive access control
Author :
Chen, Chen ; Han, Weili ; Yong, Jianming
Author_Institution :
Laboratory of Cryptography and Information Security, Software School, Fudan University, 825 Zhangheng Road, Shanghai China
Abstract :
XACML and its reference implementation can not directly support quantified risk adaptive access control, because there are several special requirements to specify and enforce the policies in risk adaptive access control: the elements in these policies, such as risk, risk level, are not covered; and risk in quantified risk adaptive access control would be mutable, accumulated and required to be continuously controlled. This paper, therefore, extends XACML and its reference implementation to support quantified risk adaptive access control. This paper makes two contributions: design a risk adaptive policy language extended from XACML; and propose a framework to enforce the policies. To the best of our knowledge, this paper is the first research work to discuss this topic.
Keywords :
Access control; Adaptive control; Australia; Collaborative work; Cryptography; Information security; Information systems; Laboratories; Programmable control; Risk analysis; Policy Enforcement; Quantified Risk; Risk Adaptive Access Control; XACML;
Conference_Titel :
Computer Supported Cooperative Work in Design (CSCWD), 2010 14th International Conference on
Conference_Location :
Shanghai, China
Print_ISBN :
978-1-4244-6763-1
DOI :
10.1109/CSCWD.2010.5471991
