RISK BASED ACCESS CONTROL WITH UNCERTAIN AND TIME-DEPENDENT SENSITIVITY

John A. Clark; Juan E. Tapiador; John McDermid; Pau-Chen Cheng; Dakshi Agrawal; Natalie Ivanic; Dave Slogget

doi:10.5220/0002935200050013

RISK BASED ACCESS CONTROL WITH UNCERTAIN AND TIME-DEPENDENT SENSITIVITY

John A. Clark, Juan E. Tapiador, John McDermid, Pau-Chen Cheng, Dakshi Agrawal, Natalie Ivanic, Dave Slogget

2010

Abstract

In traditional multi-level security (MLS) models, object labels are fixed assessments of sensitivity. In practice there will inevitably be some uncertainty about the damage that might be caused if a document falls into the wrong hands. Furthermore, unless specific management action is taken to regrade the label on an object, it does not change. This does not reflect the operational reality of many modern systems where there is clearly a temporal element to the actual sensitivity of information. Tactical information may be highly sensitive right now but comparatively irrelevant tomorrow whilst strategic secrets may need to be maintained for many years, decades, or even longer. In this paper we propose to model both security labels and clearances as probability distributions. We provide practical templates to model both uncertainty and temporally characterized dependencies, and show how these features can be naturally integrated into a recently proposed access control framework based on quantified risk.

Download

Paper Citation

in Harvard Style

A. Clark J., E. Tapiador J., McDermid J., Cheng P., Agrawal D., Ivanic N. and Slogget D. (2010). RISK BASED ACCESS CONTROL WITH UNCERTAIN AND TIME-DEPENDENT SENSITIVITY . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010) ISBN 978-989-8425-18-8, pages 5-13. DOI: 10.5220/0002935200050013

in Bibtex Style

@conference{secrypt10,
author={John A. Clark and Juan E. Tapiador and John McDermid and Pau-Chen Cheng and Dakshi Agrawal and Natalie Ivanic and Dave Slogget},
title={RISK BASED ACCESS CONTROL WITH UNCERTAIN AND TIME-DEPENDENT SENSITIVITY},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)},
year={2010},
pages={5-13},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002935200050013},
isbn={978-989-8425-18-8},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2010)
TI - RISK BASED ACCESS CONTROL WITH UNCERTAIN AND TIME-DEPENDENT SENSITIVITY
SN - 978-989-8425-18-8
AU - A. Clark J.
AU - E. Tapiador J.
AU - McDermid J.
AU - Cheng P.
AU - Agrawal D.
AU - Ivanic N.
AU - Slogget D.
PY - 2010
SP - 5
EP - 13
DO - 10.5220/0002935200050013