Specify and enforce the policies of quantified risk adaptive access control

Chen, Chen and Han, Weili and Yong, Jianming (2010) Specify and enforce the policies of quantified risk adaptive access control. In: CSCWD 2010: 14th International Conference on Computer Supported Cooperative Work in Design , 14-16 Apr 2010, Shanghai, China.

[img]
Preview
Text (Documentation)
Documentation.pdf

Download (126Kb)

Abstract

XACML and its reference implementation can not directly support quantified risk adaptive access control, because there are several special requirements to specify and enforce the policies in risk adaptive access control: the elements in these policies, such as risk, risk level, are not covered; and risk in quantified risk adaptive access control would be mutable, accumulated and required to be continuously controlled. This paper, therefore, extends XACML and its reference implementation to support quantified risk adaptive access control. This paper makes two contributions: design a risk adaptive policy language extended from XACML; and propose a framework to enforce the policies. To the best of our knowledge, this paper is the first research work to discuss this topic.


Statistics for USQ ePrint 9103
Statistics for this ePrint Item
Item Type: Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)
Refereed: Yes
Item Status: Live Archive
Additional Information: Permanent restricted access to published version due to publisher copyright policy. ©2010 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Depositing User: Dr Jianming Yong
Faculty / Department / School: Historic - Faculty of Business - School of Information Systems
Date Deposited: 08 Dec 2010 05:13
Last Modified: 11 Nov 2014 02:26
Uncontrolled Keywords: quantified risk; risk adaptive access control; policy enforcement; XACML
Fields of Research (FOR2008): 08 Information and Computing Sciences > 0806 Information Systems > 080699 Information Systems not elsewhere classified
08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
09 Engineering > 0915 Interdisciplinary Engineering > 091507 Risk Engineering (excl. Earthquake Engineering)
Socio-Economic Objective (SEO2008): E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences
URI: http://eprints.usq.edu.au/id/eprint/9103

Actions (login required)

View Item Archive Repository Staff Only