By the same authors

Risk Based Access Control with Uncertain and Time-dependent Sensitivity

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Author(s)

Department/unit(s)

Publication details

Title of host publicationProceedings of the 2010 International Conference on Security and Cryptography
DatePublished - 2010
Pages1-9
Number of pages9
PublisherSciTePress
EditorsSokratis Katsikas, Pierangela Samarati
Original languageEnglish

Abstract

In traditional multi-level security (MLS) models, object labels are fixed assessments of sensitivity. In practice there will inevitably be some uncertainty about the damage that might be caused if a document falls into the wrong hands. Furthermore, unless specific management action is taken to regrade the label on an object, it does not change. This does not reflect the operational reality of many modern systems where there is clearly a temporal element to the actual sensitivity of information. Tactical information may be highly sensitive right now but comparatively irrelevant tomorrow whilst strategic secrets may need to be maintained for many years, decades, or even longer. In this paper we propose to model both security labels and clearances as probability distributions. We provide practical templates to model both uncertainty and temporally characterized dependencies, and show how these features can be naturally integrated into a recently proposed access control framework based on quantified risk.

Bibliographical note

SECRYPT is part of ICETE - The International Joint Conference on e-Business and Telecommunications

Discover related content

Find related publications, people, projects, datasets and more using interactive charts.

View graph of relations