Toward Information Sharing: Benefit And Risk Access Control (BARAC)
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Trust management for secure information flows
Proceedings of the 15th ACM conference on Computer and communications security
Trading in risk: using markets to improve access control
Proceedings of the 2008 workshop on New security paradigms
Predicate encryption supporting disjunctions, polynomial equations, and inner products
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Hi-index | 0.00 |
It is our hypothesis that for a complex system of systems operating in a dynamic, uncertain environment the traditional approach of forward, static security is insufficient. What is required are macroscopic schemata for security that incorporate mechanisms which monitor the overall environment and feed their observations back into the security mechanisms so that they can adjust their 'posture' accordingly. Such schemata must also account for system-wide aggregated security risks in addition to risk presented by the individual users and information objects. We propose one such schema in this work. To illustrate the utility of macroscopic schemata, we use the examples of two recent studies of access control systems and map their results to the proposed schema and distill macroscopic insights that are otherwise lost in details. We hope that such security schemata will lead to a systematic analysis of security of complex systems akin to what is already available for complex social, biological, and mechanical systems. We hope that macroscopic models based on such schemata will be able to provide, through analysis, large-scale simulations, or by other means, a quantified assessment of the resilience of the security of a system of systems, and in the long run, provide systematic controls that can be used to adjust the security posture of a complex system.