Fuzzy set connectives as combinations of belief structures
Information Sciences: an International Journal
Managing Information Security Risks: The Octave Approach
Managing Information Security Risks: The Octave Approach
Using Genetic Algorithms in Structuring a Fuzzy Rulebase
Proceedings of the 5th International Conference on Genetic Algorithms
On the structure of left-continuous t-norms that have a continuous contour line
Fuzzy Sets and Systems
Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Choice of conjunctive operator of TSK fuzzy systems and stability domain study
Mathematics and Computers in Simulation
Auto-focus control of a CMOS image sensing module
Journal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Quantified risk-adaptive access control for patient privacy protection in health information systems
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Access Control for Databases: Concepts and Systems
Foundations and Trends in Databases
xfACL: an extensible functional language for access control
Proceedings of the 16th ACM symposium on Access control models and technologies
Influence of attribute freshness on decision making in usage control
STM'10 Proceedings of the 6th international conference on Security and trust management
An analytical solution for consent management in patient privacy preservation
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Quantitative access control with partially-observable Markov decision processes
Proceedings of the second ACM conference on Data and Application Security and Privacy
Risk-Based auto-delegation for probabilistic availability
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Practical risk aggregation in RBAC models
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Risk-Aware role-based access control
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Risk-based adaptive security for smart IoT in eHealth
Proceedings of the 7th International Conference on Body Area Networks
CASA: context-aware scalable authentication
Proceedings of the Ninth Symposium on Usable Privacy and Security
| Hi-index | 0.00 |
Fuzzy inference is a promising approach to implement risk-based access control systems. However, its application to access control raises some novel problems that have not been yet investigated. First, because there are many different fuzzy operations, one must choose the fuzzy operations that best address security requirements. Second, risk-based access control, though it improves information flow and better addresses requirements from critical organizations, may result in damages by malicious users before mitigating steps are taken. Third, the scalability of a fuzzy inference-based access control system is questionable. The time required by a fuzzy inference engine to estimate risks may be quite high especially when there are tens of parameters and hundreds of fuzzy rules. However, an access control system may need to serve hundreds or thousands of users. In this paper, we investigate these issues and present our solutions or answers to them.