The complexity of Markov decision processes
Mathematics of Operations Research
Acting optimally in partially observable stochastic domains
AAAI'94 Proceedings of the twelfth national conference on Artificial intelligence (vol. 2)
AAAI '99/IAAI '99 Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence
MITRE technical report 2547, volume II
Journal of Computer Security
Optimal Policies for Partially Observable Markov Decision Processes
Optimal Policies for Partially Observable Markov Decision Processes
Comparing the expressive power of access control models
Proceedings of the 11th ACM conference on Computer and communications security
Heuristic search value iteration for POMDPs
UAI '04 Proceedings of the 20th conference on Uncertainty in artificial intelligence
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
Why Johnny Can't Evaluate Security Risk
IEEE Security and Privacy
Enforcing Access Control Using Risk Assessment
ECUMN '07 Proceedings of the Fourth European Conference on Universal Multiservice Networks
Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Regulating Exceptions in Healthcare Using Policy Spaces
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Stale-safe security properties for group-based secure information sharing
Proceedings of the 6th ACM workshop on Formal methods in security engineering
D-algebra for composing access control policy decisions
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Trading in risk: using markets to improve access control
Proceedings of the 2008 workshop on New security paradigms
Perseus: randomized point-based value iteration for POMDPs
Journal of Artificial Intelligence Research
Anytime point-based approximations for large POMDPs
Journal of Artificial Intelligence Research
Risk-based access control systems built on fuzzy inferences
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Risk-Based Usage Control for Service Oriented Architecture
PDP '10 Proceedings of the 2010 18th Euromicro Conference on Parallel, Distributed and Network-based Processing
Risk-Aware Usage Decision Making in Highly Dynamic Systems
ICIMP '10 Proceedings of the 2010 Fifth International Conference on Internet Monitoring and Protection
An authorization framework resilient to policy evaluation failures
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Analysis of a Markov decision process model for intrusion tolerance
DSNW '10 Proceedings of the 2010 International Conference on Dependable Systems and Networks Workshops (DSN-W)
Distributed data usage control for web applications: a social network implementation
Proceedings of the first ACM conference on Data and application security and privacy
An auto-delegation mechanism for access control systems
STM'10 Proceedings of the 6th international conference on Security and trust management
Influence of attribute freshness on decision making in usage control
STM'10 Proceedings of the 6th international conference on Security and trust management
Risk-Aware role-based access control
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Satisfiability and resiliency in workflow systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
A quantitative approach for inexact enforcement of security policies
ISC'12 Proceedings of the 15th international conference on Information Security
From qualitative to quantitative enforcement of security policy
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
| Hi-index | 0.00 |
This paper presents a novel access control framework reducing the access control problem to a traditional decision problem, thus allowing a policy designer to reuse tools and techniques from the decision theory. We propose here to express, within a single framework, the notion of utility of an access, decisions beyond the traditional allowing/denying of an access, the uncertainty over the effect of executing a given decision, the uncertainty over the current state of the system, and to optimize this process for a (probabilistic) sequence of requests. We show that an access control mechanism including these different concepts can be specified as a (Partially Observable) Markov Decision Process, and we illustrate this framework with a running example, which includes notions of conflict, critical resource, mitigation and auditing decisions, and we show that for a given sequence of requests, it is possible to calculate an optimal policy different from the naive one. This optimization is still possible even for several probable sequences of requests.