Dynamic, Flexible, and Optimistic Access Control
نویسندگان
چکیده
Traditional access controls have evolved from being static and coarse-grained to being dynamic and very fine-grained. However, a balance still must be struck: too little access inhibits usefulness, effectively creating a denial of service for people trying to do their jobs; and too much access invites breaches of security. “Break-the-glass’ techniques and adaptive access control have previously been developed to address this issue. But gaps in these techniques still exist. We extend these techniques as follows: consider a system in which prohibitions fall into two classes. Core prohibitions prevent disaster, and are axiomatic to the system. Ancillary prohibitions, derived from core prohibitions, hinder the ability of an attacker to violate core prohibitions, but are not in and of themselves critical to the security of the system. We introduce optimistic access control, a framework in which core prohibitions are always enforced, and ancillary prohibitions are enforced only when a specific threshold is crossed. The threshold depends upon history, trust, and a variety of non-binary countermeasures. This control deals with many scenarios—including the insider threat and remote access with limited communication— that are extremely difficult to address or even characterize using current techniques. Therefore, these controls address certain gaps. Finally, we present a formal mapping to lattice models, and describe implementation ideas and issues of this method in practice.
منابع مشابه
Authorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملA Flexible Access Control Model for Distributed Collaborative Editors
Distributed Collaborative Editors (DCE) provide computer support for modifying simultaneously shared documents, such as articles, wiki pages and programming source code, by dispersed users. Controlling access in such systems is still a challenging problem, as they need dynamic access changes and low latency access to shared documents. In this paper, we propose a flexible access control model wh...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملDynamic Load Carrying Capacity of Mobile-Base Flexible-Link Manipulators: Feedback Linearization Control Approach
This paper focuses on the effects of closed- control on the calculation of the dynamic load carrying capacity (DLCC) for mobile-base flexible-link manipulators. In previously proposed methods in the literature of DLCC calculation in flexible robots, an open-loop control scheme is assumed, whereas in reality, robot control is achieved via closed loop approaches which could render the calculated ...
متن کاملPlanning and Control of Two-Link Rigid Flexible Manipulators in Dynamic Object Manipulation Missions
This research focuses on proposing an optimal trajectory planning and control method of two link rigid-flexible manipulators (TLRFM) for Dynamic Object Manipulation (DOM) missions. For the first time, achievement of DOM task using a rotating one flexible link robot was taken into account in [20]. The authors do not aim to contribute on either trajectory tracking or vibration control of the End-...
متن کامل