Abstract

Traditional access control operates under the principle that a user’s request to a specific resource is denied if there does not exist an explicit specification of the permission in the system. In many emergency and disaster management situations, access to critical information is expected because of the ‘need to share’, and in some cases, because of the ‘responsibility to provide’ information. Therefore, the importance of situational semantics cannot be underestimated when access control decisions are made. There is a need for providing access based on the (unforeseen) situation, where simply denying an access may have more deleterious effects than granting access, if the underlying risk is small. These requirements have significantly increased the demand for new access control solutions that provide flexible, yet secure access. In this paper, we quantify the risk associated with granting an access based on the technique of classification. We propose two approaches for risk-based access control. The first approach, considers only the simple access control matrix model, and evaluates the risk of granting a permission based on the existing user-permission assignments. The second assumes role-based access control, and determines the best situational role that has least risk and allows maximum permissiveness when assigned under uncertainty. We experimentally evaluate both approaches with real and synthetic datasets.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.