The Caernarvon secure embedded operating system
ACM SIGOPS Operating Systems Review
Verified enforcement of stateful information release policies
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
MLS security policy evolution with genetic programming
Proceedings of the 10th annual conference on Genetic and evolutionary computation
ARUBA: A Risk-Utility-Based Algorithm for Data Disclosure
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Trust management for secure information flows
Proceedings of the 15th ACM conference on Computer and communications security
Specifying and enforcing high-level semantic obligation policies
Web Semantics: Science, Services and Agents on the World Wide Web
Policy Evolution with Grammatical Evolution
SEAL '08 Proceedings of the 7th International Conference on Simulated Evolution and Learning
Verified enforcement of stateful information release policies
ACM SIGPLAN Notices
A decision support system for secure information sharing
Proceedings of the 14th ACM symposium on Access control models and technologies
Trading in risk: using markets to improve access control
Proceedings of the 2008 workshop on New security paradigms
A metadata calculus for secure information sharing
Proceedings of the 16th ACM conference on Computer and communications security
Dynamic security policy learning
Proceedings of the first ACM workshop on Information security governance
Laissez-faire file sharing: access control designed for individuals at the endpoints
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
A new schema for security in dynamic uncertain environments
SARNOFF'09 Proceedings of the 32nd international conference on Sarnoff symposium
Risk-based access control systems built on fuzzy inferences
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Apply measurable risk to strengthen security of a role-based delegation supporting workflow system
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
A calculus for the qualitative risk assessment of policy override authorization
Proceedings of the 3rd international conference on Security of information and networks
RAR: A role-and-risk based flexible framework for secure collaboration
Future Generation Computer Systems
Towards a game theoretic authorisation model
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Fuzzy Role-Based Access Control
Information Processing Letters
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Quantified risk-adaptive access control for patient privacy protection in health information systems
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Modeling data flow in socio-information networks: a risk estimation approach
Proceedings of the 16th ACM symposium on Access control models and technologies
NetQuery: a knowledge plane for reasoning about network properties
Proceedings of the ACM SIGCOMM 2011 conference
Proactive defense of insider threats through authorization management
Proceedings of 2011 international workshop on Ubiquitous affective awareness and intelligent interaction
Influence of attribute freshness on decision making in usage control
STM'10 Proceedings of the 6th international conference on Security and trust management
Poster: using quantified risk and benefit to strengthen the security of information sharing
Proceedings of the 18th ACM conference on Computer and communications security
An analytical solution for consent management in patient privacy preservation
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Risk-based security decisions under uncertainty
Proceedings of the second ACM conference on Data and Application Security and Privacy
Quantitative access control with partially-observable Markov decision processes
Proceedings of the second ACM conference on Data and Application Security and Privacy
Understanding and protecting privacy: formal semantics and principled audit mechanisms
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Fast track article: Balancing behavioral privacy and information utility in sensory data flows
Pervasive and Mobile Computing
Risk-Based auto-delegation for probabilistic availability
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Intra-role progression in RBAC: an RPG-Like access control scheme
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Optimal workflow-aware authorizations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Risk-Aware role-based access control
STM'11 Proceedings of the 7th international conference on Security and Trust Management
From qualitative to quantitative enforcement of security policy
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Towards provenance and risk-awareness in social computing
Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems
Insured access: an approach to ad-hoc information sharing for virtual organizations
Proceedings of the third ACM conference on Data and application security and privacy
CASA: context-aware scalable authentication
Proceedings of the Ninth Symposium on Usable Privacy and Security
A model for trust-based access control and delegation in mobile clouds
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
A Systematic Survey of Self-Protecting Software Systems
ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2012
| Hi-index | 0.00 |
This paper presents a new model for, or rather a new way of thinking about adaptive, risk-based access control. Our basic premise is that there is always inherent uncertainty and risk in access control decisions that is best addressed in an explicit way. We illustrate this concept by showing how the rationale of the well-known, Bell-Lapadula model based, Multi-Level Security (MLS) access control model could be used to develop a risk-adaptive access control model. This new model is more like a Fuzzy Logic control system [9] than a traditional access control system and hence the name "Fuzzy MLS". The long version of this paper is published as an IBM Research Report [3].