Automated Security Management by Ehab Al-Shaer Xinming Ou & Geoffrey Xie

Author:Ehab Al-Shaer, Xinming Ou & Geoffrey Xie
Language: eng
Format: epub
Publisher: Springer International Publishing, Cham

5.6 Conclusions

Decision outcomes of traditional access control systems are based on hard coded access control policies. In reality, it is not possible to hard code all situations. When any unforeseen situation occurs, traditional access control models lack the ability to handle them. Moreover, traditional access control systems do not incorporate dynamics associated with situation, in decision making process. In this paper we presented two approaches for facilitating Risk Based Access Control. Our first approach addresses the problem of quantifying risk that is based on dynamics of a situation. Our second approach is based on identifying situational role for a user under uncertain circumstances. Our approaches are based on allowing maximum permissiveness and least restrictiveness in a secure manner. Our experimental evaluation validates the effectiveness of the approach. There are several possible future directions of this work such as: analyzing how well these approaches can work in collaborative environments where requesting users may belong to an inter domain organization. For now, we plan to extend these approaches to address the problem of misconfiguration in access control.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.