Risk Based Access Control with Uncertain and Time-dependent Sensitivity

John A. Clark, Juan E. Tapiador, John A. McDermid, Pau-Chen Cheng, Dakshi Agrawal, Natalie Ivanic, Dave Slogget

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In traditional multi-level security (MLS) models, object labels are fixed assessments of sensitivity. In practice there will inevitably be some uncertainty about the damage that might be caused if a document falls into the wrong hands. Furthermore, unless specific management action is taken to regrade the label on an object, it does not change. This does not reflect the operational reality of many modern systems where there is clearly a temporal element to the actual sensitivity of information. Tactical information may be highly sensitive right now but comparatively irrelevant tomorrow whilst strategic secrets may need to be maintained for many years, decades, or even longer. In this paper we propose to model both security labels and clearances as probability distributions. We provide practical templates to model both uncertainty and temporally characterized dependencies, and show how these features can be naturally integrated into a recently proposed access control framework based on quantified risk.
Original languageEnglish
Title of host publicationProceedings of the 2010 International Conference on Security and Cryptography
EditorsSokratis Katsikas, Pierangela Samarati
PublisherSciTePress
Pages1-9
Number of pages9
Publication statusPublished - 2010
EventInternational Conference on Security and Cryptography (SECRYPT) - Athens, Greece
Duration: 26 Jun 201028 Jun 2010

Conference

ConferenceInternational Conference on Security and Cryptography (SECRYPT)
Country/TerritoryGreece
CityAthens
Period26/06/1028/06/10

Bibliographical note

SECRYPT is part of ICETE - The International Joint Conference on e-Business and Telecommunications

Cite this