Protection in operating systems
Communications of the ACM
A State-Transition Model of Trust Management and Access Control
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Why Johnny Can't Evaluate Security Risk
IEEE Security and Privacy
Toward Information Sharing: Benefit And Risk Access Control (BARAC)
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Enforcing Access Control Using Risk Assessment
ECUMN '07 Proceedings of the Fourth European Conference on Universal Multiservice Networks
Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Risk management for distributed authorization
Journal of Computer Security
Security Policy Pre-evaluation towards Risk Analysis
ISA '08 Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)
Regulating Exceptions in Healthcare Using Policy Spaces
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Using Trust and Risk in Access Control for Grid Environment
SECTECH '08 Proceedings of the 2008 International Conference on Security Technology
Trading in risk: using markets to improve access control
Proceedings of the 2008 workshop on New security paradigms
Risk-based access control systems built on fuzzy inferences
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Risk-Based Usage Control for Service Oriented Architecture
PDP '10 Proceedings of the 2010 18th Euromicro Conference on Parallel, Distributed and Network-based Processing
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Risk-Aware Usage Decision Making in Highly Dynamic Systems
ICIMP '10 Proceedings of the 2010 Fifth International Conference on Internet Monitoring and Protection
An auto-delegation mechanism for access control systems
STM'10 Proceedings of the 6th international conference on Security and trust management
Influence of attribute freshness on decision making in usage control
STM'10 Proceedings of the 6th international conference on Security and trust management
Risk-Aware role-based access control
STM'11 Proceedings of the 7th international conference on Security and Trust Management
From qualitative to quantitative enforcement of security policy
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
| Hi-index | 0.00 |
Dynamic and evolving systems might require flexible access control mechanisms, in order to make sure that the unavailability of some users does not prevent the system to be functional, in particular for emergency-prone environments, such as healthcare, natural disaster response teams, or military systems. The auto-delegation mechanism, which combines the strengths of delegation systems and "break-the-glass" policies, was recently introduced to handle such situations, by stating that the most qualified available user for a resource can access this resource. In this work we extend this mechanism by considering availability as a quantitative measure, such that each user is associated with a probability of availability. The decision to allow or deny an access is based on the utility of each outcome and on a risk strategy. We describe a generic framework allowing a system designer to define these different concepts. We also illustrate our framework with two specific use cases inspired from healthcare systems and resource management systems.