Risk-Based Auto-delegation for Probabilistic Availability
نویسندگان
چکیده
Dynamic and evolving systems might require flexible access control mechanisms, in order to make sure that the unavailability of some users does not prevent the system to be functional, in particular for emergency-prone environments, such as healthcare, natural disaster response teams, or military systems. The auto-delegation mechanism, which combines the strengths of delegation systems and “break-theglass” policies, was recently introduced to handle such situations, by stating that the most qualified available user for a resource can access this resource. In this work we extend this mechanism by considering availability as a quantitative measure, such that each user is associated with a probability of availability. The decision to allow or deny an access is based on the utility of each outcome and on a risk strategy. We describe a generic framework allowing a system designer to define these different concepts. We also illustrate our framework with two specific use cases inspired from healthcare systems and resource management systems.
منابع مشابه
Decision Theory based Auto-delegation (DTA-d) scheme for Ubiquitous Computing
Access control is a fundamental and essential mechanism to maintain security in ubiquitous computing (UbiComp). Flexibility is an important property for general access control system, which can be achieved by access or authority delegation. Existing delegation mechanisms are "subject-centered", thus in order to make sure that the unavailability of some users does not prevent the syste...
متن کاملAn Auto-delegation Mechanism for Access Control Systems
Delegation is a widely used and widely studied mechanism in access control systems. Delegation enables an authorized entity to nominate another entity as its authorized proxy for the purposes of access control. Existing delegation mechanisms tend to rely on manual processes initiated by end-users. We believe that systems in which the set of available, authorized entities fluctuates considerably...
متن کاملDevelopment of simulation model for performance evaluation of feed water system in a typical thermal power plant
The present paper deals with development of a simulation model for the performance evaluation of feed water system of a thermal power plant using Markov Birth-Death process and probabilistic approach. In present paper, the feed water system consists of four subsystems. After drawing transition diagram for feed water system, differential equations are developed and then solved recursively using ...
متن کاملA Lightweight Mutual Authentication Based on Proxy Certificate Trust List
We propose Proxy Certificate Trust List (PCTL) to efficiently record delegation traces for grid computing. Our security solution based on PCTL provides functions as follows: (1) On-demand inquiries about real time delegation information of grid computing underway; (2) Lightweight mutual authentication that is beneficial for proxy nodes with limited computation power as wireless devices in mobil...
متن کاملSub-delegation and trust
We investigate trust propagation in delegation situations, which often occur in hierarchical organisations and coalition structures. In doing so we define a delegation chain representing the sub-delegation process. Such delegation chains present a problem for current trust evaluation mechanisms, which are unable to accurately divide trust among the chain members, resulting in degraded system pe...
متن کامل