Trust and Risk based Access Control and Access Control Constraints
- Authors
- Nurmamat Heli; Kim, Mu Cheol; Sangyong Han
- Issue Date
- Nov-2011
- Publisher
- 한국인터넷정보학회
- Keywords
- Trust; risk; role-based access control; constraints
- Citation
- KSII Transactions on Internet and Information Systems, v.5, no.11, pp 2254 - 2271
- Pages
- 18
- Journal Title
- KSII Transactions on Internet and Information Systems
- Volume
- 5
- Number
- 11
- Start Page
- 2254
- End Page
- 2271
- URI
- https://scholarworks.bwise.kr/cau/handle/2019.sw.cau/60428
- ISSN
- 1976-7277
1976-7277
- Abstract
- Access control in dynamic environments needs the ability to provide more access opportunities of information to users, while also ensuring protection information from malicious users. Trust and risk are essential factors and can be combined together in access control decision-making to meet the above requirement. In this paper, we propose the combination of the trust and risk in access control to balance information accessibility and protection. Access control decision is made on the basis of trustworthiness of users and risk value of permissions. We use potential relations between users and relations between permissions in access control. Our approach not only provides more access opportunities for trustworthy users in accessing permissions, but also enforces traditional access control constraints such as Chinese Wall policy and Separation of Duty (SoD) of Role-Based Access Control (RBAC) model in an effective way.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - College of Software > School of Computer Science and Engineering > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.