Decision analysis: practice and promise
Management Science
CRYPTO '88 Proceedings on Advances in cryptology
Untraceable off-line cash in wallet with observers
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
MarketNet: market-based protection of information systems
Proceedings of the first international conference on Information and computation economies
Role delegation in role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Protection in operating systems
Communications of the ACM
A rule-based framework for role based delegation
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A role-based delegation framework for healthcare information systems
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A logic for uncertain probabilities
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Principles of Trust for MAS: Cognitive Anatomy, Social Importance, and Quantification
ICMAS '98 Proceedings of the 3rd International Conference on Multi Agent Systems
A case study in access control requirements for a Health Information System
ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
Using trust and risk in role-based access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
A game theoretic approach to provide incentive and service differentiation in P2P networks
Proceedings of the joint international conference on Measurement and modeling of computer systems
Why Johnny Can't Evaluate Security Risk
IEEE Security and Privacy
Toward Information Sharing: Benefit And Risk Access Control (BARAC)
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Reputation-based policies that provide the right incentives in peer-to-peer environments
Computer Networks: The International Journal of Computer and Telecommunications Networking - Management in peer-to-peer systems
Silver Bullet Speaks with Dan Geer
IEEE Security and Privacy
Truthful mechanism design for multi-dimensional scheduling via cycle monotonicity
Proceedings of the 8th ACM conference on Electronic commerce
Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Mechanism Design via Differential Privacy
FOCS '07 Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
Security and privacy system architecture for an e-hospital environment
Proceedings of the 7th symposium on Identity and trust on the Internet
Using Trust for Secure Collaboration in Uncertain Environments
IEEE Pervasive Computing
Thirteen Reasons Why the Vickrey-Clarke-Groves Process Is Not Practical
Operations Research
Mechanism design for fractional scheduling on unrelated machines
ICALP'07 Proceedings of the 34th international conference on Automata, Languages and Programming
A new schema for security in dynamic uncertain environments
SARNOFF'09 Proceedings of the 32nd international conference on Sarnoff symposium
Apply measurable risk to strengthen security of a role-based delegation supporting workflow system
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Modeling data flow in socio-information networks: a risk estimation approach
Proceedings of the 16th ACM symposium on Access control models and technologies
Risk-based security decisions under uncertainty
Proceedings of the second ACM conference on Data and Application Security and Privacy
Quantitative access control with partially-observable Markov decision processes
Proceedings of the second ACM conference on Data and Application Security and Privacy
Beyond risk-based access control: towards incentive-based access control
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Risk-Based auto-delegation for probabilistic availability
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Optimal workflow-aware authorizations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Risk-Aware role-based access control
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Insured access: an approach to ad-hoc information sharing for virtual organizations
Proceedings of the third ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
With the increasing need to securely share information, current access control systems are proving too in flexible and difficult to adapt. Recent work on risk-based access control systems has shown promise at resolving the inadequacies of traditional access control systems, and promise to increase information sharing and security. We consider some of the core open problems in risk-based access control systems, namely where and how much risk to take. We propose the use of market mechanisms to determine an organization's risk tolerance and allocation. We show that with the correct incentives, an employee will make optimal choices for the organization. We also comment on how the market can be used to ensure employees behave honestly and detect those who are malicious. Through simulations, we empirically show the advantage of risk-based access control systems and market mechanisms at increasing information sharing and security.