An Access Control Architecture for Context-Risk-Aware Access Control: Architectural Design and Performance Evaluation

Abstract

Risk assessment plays a significant role in Decision Support Systems (DSS). Recently, there have been efforts to exploit the potential of linking risk assessment to security provisioning to provide risk-aware security services. One of these efforts is the Context-Risk-Aware Access Control (CRAAC) model that links requesters’ access privileges to the risk level in the underlying access environment in the context of Pervasive Computing (PerComp). The idea is to link an access control decision to an attribute value that reflects the aggregated assurance level in identifying a subject. This attribute value is named as Requester’s Level of Assurance (RLoA) and is influenced by the requester’s run-time contextual information. This paper proposes the CRAAC architecture along with its components to support this novel access control model. This architecture provides high level functional transparency, extensibility, and flexibility to cope with the PerComp dynamic nature. It describes the fundamental services provided by CRAAC, namely context monitoring, RLoA derivation, and RLoA-linked access control decision making. The paper also shows the results of some experiments, conducted on a CRAAC prototype, to evaluate the CRAAC performance (configured in the RLoA-only working mode). The experimental results show that the RLoA-only mode introduces only marginal access delays and is more resilient to Denial of Service (DoS) attacks compared to the traditional Role-Based Access Control (RBAC) model.