Chen, Chen and Han, Weili and Yong, Jianming (2010) Specify and enforce the policies of quantified risk adaptive access control. In: CSCWD 2010: 14th International Conference on Computer Supported Cooperative Work in Design , 14-16 Apr 2010, Shanghai, China.
XACML and its reference implementation can not directly support quantified risk adaptive access control, because there are several special requirements to specify and enforce the policies in risk adaptive access control: the elements in these policies, such as risk, risk level, are not covered; and risk in quantified risk adaptive access control would be mutable, accumulated and required to be continuously controlled. This paper, therefore, extends XACML and its reference implementation to support quantified risk adaptive access control. This paper makes two contributions: design a risk adaptive policy language extended from XACML; and propose a framework to enforce the policies. To the best of our knowledge, this paper is the first research work to discuss this topic.
Statistics for this ePrint Item
|Item Type:||Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)|
|Item Status:||Live Archive|
|Additional Information:||Permanent restricted access to published version due to publisher copyright policy. ©2010 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.|
|Faculty / Department / School:||Historic - Faculty of Business - School of Information Systems|
|Date Deposited:||08 Dec 2010 05:13|
|Last Modified:||11 Nov 2014 02:26|
|Uncontrolled Keywords:||quantified risk; risk adaptive access control; policy enforcement; XACML|
|Fields of Research :||08 Information and Computing Sciences > 0806 Information Systems > 080699 Information Systems not elsewhere classified
08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
09 Engineering > 0915 Interdisciplinary Engineering > 091507 Risk Engineering (excl. Earthquake Engineering)
|Socio-Economic Objective:||E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences|
Actions (login required)
|Archive Repository Staff Only|