Role-Based Access Control Models
Computer
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Using trust and risk in role-based access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
Toward Information Sharing: Benefit And Risk Access Control (BARAC)
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
The Security Risk Assessment Handbook
The Security Risk Assessment Handbook
Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
On spatio-temporal constraints and inheritance in role-based access control
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Trust management for secure information flows
Proceedings of the 15th ACM conference on Computer and communications security
Extending access control models with break-glass
Proceedings of the 14th ACM symposium on Access control models and technologies
Trading in risk: using markets to improve access control
Proceedings of the 2008 workshop on New security paradigms
Risk-based access control systems built on fuzzy inferences
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
An auto-delegation mechanism for access control systems
STM'10 Proceedings of the 6th international conference on Security and trust management
Quantitative access control with partially-observable Markov decision processes
Proceedings of the second ACM conference on Data and Application Security and Privacy
Risk-Based auto-delegation for probabilistic availability
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
A trust-and-risk aware RBAC framework: tackling insider threat
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Beyond accountability: using obligations to reduce risk exposure and deter insider attacks
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
The increasing need to share information in dynamic environments has created a requirement for risk-aware access control systems. The standard RBAC model is designed to operate in a relatively stable, closed environment and does not include any support for risk. In this paper, we explore a number of ways in which the RBAC model can be extended to incorporate notions of risk. In particular, we develop three simple risk-aware RBAC models that differ in the way in which risk is represented and accounted for in making access control decisions. We also propose a risk-aware RBAC model that combines all the features of three simple models and consider some issues related to its implementation. Compared with existing work, our models have clear authorization semantics and support richer types of access control decisions.