Cited by
- Game Analysis of Access Control Based on User Behavior Trust vol.10, pp.4, 2011, https://doi.org/10.3390/info10040132
- Risk-Based Access Control Model: A Systematic Literature Review vol.12, pp.6, 2011, https://doi.org/10.3390/fi12060103
KSII Transactions on Internet and Information Systems (TIIS)
- Volume 5 Issue 11
- /
- Pages.2254-2271
- /
- 2011
- /
- 1976-7277(pISSN)
- /
- 1976-7277(eISSN)
DOI QR Code
Trust and Risk based Access Control and Access Control Constraints
- Helil, Nurmamat (School of Computer Science and Engineering, Chung-Ang University) ;
-
Kim, Mu-Cheol
(School of Computer Science and Engineering, Chung-Ang University)
;
- Han, Sang-Yong (School of Computer Science and Engineering, Chung-Ang University)
- Received : 2011.04.08
- Accepted : 2011.09.26
- Published : 2011.11.29
Abstract
Access control in dynamic environments needs the ability to provide more access opportunities of information to users, while also ensuring protection information from malicious users. Trust and risk are essential factors and can be combined together in access control decision-making to meet the above requirement. In this paper, we propose the combination of the trust and risk in access control to balance information accessibility and protection. Access control decision is made on the basis of trustworthiness of users and risk value of permissions. We use potential relations between users and relations between permissions in access control. Our approach not only provides more access opportunities for trustworthy users in accessing permissions, but also enforces traditional access control constraints such as Chinese Wall policy and Separation of Duty (SoD) of Role-Based Access Control (RBAC) model in an effective way.