Title :
Integration of Quantitative Methods for Risk Evaluation within Usage Control Policies
Author :
Krautsevich, Leanid ; Lazouski, Aliaksandr ; Martinelli, F. ; Mori, Paolo ; Yautsiukhin, Artsiom
Author_Institution :
Ist. di Inf. e Telematica, Consiglio Naz. delle Ric., Pisa, Italy
fDate :
July 30 2013-Aug. 2 2013
Abstract :
Usage Control (UCON) enhances traditional access control introducing mutable attributes and continuous policy enforcement. UCON addresses security requirements of dynamic computer environments like Grid and Cloud, but also raises new challenges. This paper considers two problems of usage control. The first problem arises when a value of a mutable attribute required for an access decision is uncertain. The second problem questions when to retrieve fresh values of mutable attributes and to trigger the access reevaluation during the continuous control. We propose quantitative risk-based methods to tackle these problems. The authorisation system grants the access if the security policy is satisfied and the risk level is acceptable. The authorisation system retrieves fresh attribute values following the strategy which minimises the risk of the usage sessions. We integrate the authorisation system based on the U-XACML language with quantitative methods for risk evaluation. We present the architecture, the implementation, and the evaluation of the overhead posed by the risk computation.
Keywords :
authorisation; computer network security; cryptography; decision making; U-XACML language; access control; authorisation system; dynamic computer environment; mutable attribute retrieval; quantitative method; quantitative risk-based method; risk evaluation; usage control policy; Authorization; Computer architecture; Decision making; Delays; Markov processes;
Conference_Titel :
Computer Communications and Networks (ICCCN), 2013 22nd International Conference on
Conference_Location :
Nassau
Print_ISBN :
978-1-4673-5774-6
DOI :
10.1109/ICCCN.2013.6614144
