Daniel O. Díaz López, Ginés Dólera Tormo, Félix Gómez Mármol, Gregorio Martínez Pérez
Future Generation Computer Systems, Special Issue on Trust, Security and Privacy in Distributed Systems, vol. 55, pp. 321-335
Publication year: 2016

Abstract

Risk-based access control systems are a new element in access control categories, incorporating risk analysis as part of the inputs to consider when taking an authorization decision. A risk analysis over a resource leads generally to temporal allocation of the resource in a risk level (e.g. high, medium, low). Ideally, for each risk level and kind of resource, the access control system should take an authorization decision (expressed like a permit or deny) and the system administrator should also trigger specific counter-measures to protect resources according to their risk level. In a small access control system with few resources it is possible for an administrator to follow the risk level changes and react promptly with counter-measures; but in medium/large access control systems it is almost unfeasible to react in a customized way to thousands of risk level emergencies asking for attention. In this paper we propose the adoption of dynamic counter-measures (which can be integrated within access control policies) changing along time to face variations in the risk level of every resource, bringing two main benefits, namely: (i) a suitable resource protection according to the risk level (not under or over estimated) and (ii) an access control system granting/denying access depending on the fulfillment of a set of security controls applicable in an authorization access request. To define the most appropriate set of counter-measures applicable for a specific situation we define a method based on genetic algorithms, which allows to find a solution in a reasonable time frame satisfying different required conditions. Finally, the conducted experiments show the applicability of our proposal in a real scenario.

Related Publications


I don't Trust ICT: Research challenges in Cyber Security

Conference
Félix Gómez Mármol, Manuel Gil Pérez, Gregorio Martínez Pérez
10th IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2016), IFIP AICT 473, pp. 129-136, ISBN: 978-3-319-41353-2, Darmstadt, Germany
Publication year: 2016

Managing XACML systems in distributed environments through Meta-Policies

JournalQ2
Daniel O. Díaz López, Ginés Dólera Tormo, Félix Gómez Mármol, Gregorio Martínez Pérez
Computers & Security, vol. 48, pp. 92-115
Publication year: 2015

Co-Authors

This work would not have been possible without the inestimable contribution of:

  • Daniel O. Díaz López
  • Ginés Dólera Tormo
  • Gregorio Martínez Pérez

Daniel O. Díaz López

Daniel O. Díaz López

University of Murcia

Web

Ginés Dólera Tormo

Ginés Dólera Tormo

University of Murcia

Web

Gregorio Martínez Pérez

Gregorio Martínez Pérez

University of Murcia

Web

Citation

Daniel O. Díaz López, Ginés Dólera Tormo, Félix Gómez Mármol, Gregorio Martínez Pérez, «Dynamic counter-measures for risk-based access control systems: an evolutive approach«, Future Generation Computer Systems, Special Issue on Trust, Security and Privacy in Distributed Systems, vol. 55, pp. 321-335, 2016

Journal Ranking & Impact Factor