Balancing Trust and Risk in Access Control
نویسندگان
چکیده
The increasing availability of large and diverse datasets (big data) calls for increased flexibility in access control so to improve the exploitation of the data. Risk-aware access control systems offer a natural approach to the problem. We propose a novel access control framework that combines trust with risk and supports access control in dynamic contexts through trust enhancement mechanisms and risk mitigation strategies. This allows to strike a balance between the risk associated with a data request and the trustworthiness of the requester. If the risk is too large compared to the trust level, then the framework can identify adaptive strategies leading to a decrease of the risk (e.g., by removing/obfuscation part of the data through anonymization) or to increase the trust level (e.g., by asking for additional obligation to the requester). We outline a modular architecture to realize our model, and we describe how these strategies can be actually realized in a realistic use case.
منابع مشابه
On Effective Protection of Security and Privacy in XML Information Brokering
In contrast with the situations when the information seeker knows where the needed data is located, XML Information Brokering System (IBS) needs to help each information seeking query ”locate” the corresponding data source(s). Unlike early information sharing approaches that only involve a small number of databases, new information sharing applications are often assumed to be built atop a large...
متن کاملA trust negotiation based security framework for service provisioning in load-balancing clusters
The OKKAM project aims at enabling the Web of Entities, a global digital space for publishing and managing information about entities. The project provides a scalable and sustainable infrastructure, called the Entity Name System (ENS), for the systematic reuse of global and unique entity identifiers. The ENS provides a collection of core services supporting entity identifiers pervasive reuse. T...
متن کاملTrust and Risk based Access Control and Access Control Constraints
Access control in dynamic environments needs the ability to provide more access opportunities of information to users, while also ensuring protection information from malicious users. Trust and risk are essential factors and can be combined together in access control decision-making to meet the above requirement. In this paper, we propose the combination of the trust and risk in access control ...
متن کاملA Literature Review on Trust Management in Web Services Access Control
Web Service is a reusable component which has set of related functionalities that service requesters can programmatically access from the service provider and manipulate through the Web. One of the main security issue is to secure web services from the malicious requesters. Since trust plays an important role in many kinds of human communication, it allows people to work under insecurity and wi...
متن کاملRisk Models for Trust-Based Access Control(TBAC)
The importance of risk in trust-based systems is well established. This paper presents a novel model of risk and decision-making based on economic theory. Use of the model is illustrated by way of a collaborative spam detection application.
متن کامل