Towards more pro-active access control in computer systems and networks

Access control is a core security technology which has been widely used in computer systems and networks to protect sensitive information and critical resources and to counter malicious attacks. Although many access control models have been developed in the past, such as discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC), these models are designed primarily as a defensive measure in that they are used for examining access requests and making authorization decisions based on established access control policies. As the result, even after a malicious access is identified, the requester can still keep issuing more malicious access requests without much fear of punitive consequences from the access control system in subsequent accesses. Such access control may be acceptable in closed systems and networks but is not adequate in open systems and networks where the real identities and other critical information about requesters may not be known to the systems and networks. In this paper, we propose to design pro-active access control so that access control systems can respond to malicious access pro-actively to suit the needs of open systems and networks. We will first apply some established principles in the Game Theory to analyze current access control models to identify the limitations that make them inadequate in open systems and networks. To design pro-active access control (PAC), we incorporate a constraint mechanism that includes feedback and evaluation components and show based on the Game Theory how to make such access control respond to malicious access in a pro-active manner. We also present a framework design of PAC and demonstrate through the implementation of trust-based access control the feasibility of design, implementation and application of pro-active access control. Such kind of models and mechanisms can serve as the foundation for the design of access control systems that will be made more effective in deterring malicious attacks in open systems and networks. We analyzed current access control models to identify their drawbacks.We proposed pro-active access control for open systems and networks.We based our design and analysis on well-established principles in the Game Theory.We used trust-based access control to demonstrate the feasibility of our proposal.

[1]  Tian Li,et al.  A Kind of Game-Theoretic Control Mechanism of User Behavior Trust Based on Prediction in Trustworthy Network , 2007 .

[2]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[3]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[4]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[5]  J. Nash Equilibrium Points in N-Person Games. , 1950, Proceedings of the National Academy of Sciences of the United States of America.

[6]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[7]  Marvin K. Nakayama,et al.  A sampling procedure to estimate risk probabilities in access-control security systems , 2000, Eur. J. Oper. Res..

[8]  Indrajit Ray,et al.  TrustBAC: integrating trust relationships into the RBAC model for access control in open systems , 2006, SACMAT '06.

[9]  Jingsha He,et al.  Application of Fuzzy Comprehensive Evaluation Method in Trust Quantification , 2011 .

[10]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[11]  Wang Lina,et al.  A Trust Game Method Basing on Probability Model in Networks , 2010 .

[12]  Zhang Shengbing,et al.  A Game-Theory Based Access Control Method Suitable for Social Network , 2011 .

[13]  Lawrence Snyder,et al.  Formal Models of Capability-Based Protection Systems , 1981, IEEE Transactions on Computers.

[14]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[15]  Hong Fan,et al.  An Access Control Model for Ubiquitous Computing Application , 2005, 2005 2nd Asia Pacific Conference on Mobile Technology, Applications and Systems.

[16]  Martin J. Osborne,et al.  An Introduction to Game Theory , 2003 .

[17]  Wang Lan-jing Design of Attribute-based Access Control Model for Power Information Systems , 2007 .

[18]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[19]  P. Sztompka Trust: A Sociological Theory , 2000 .

[20]  Pierangela Samarati,et al.  Authentication, access control, and audit , 1996, CSUR.

[21]  Jingsha He,et al.  Analysis of Trust-based Access Control Using Game Theory , 2013 .

[22]  Ruixuan Li,et al.  Request-driven role mapping framework for secure interoperation in multi-domain environments , 2008, Comput. Syst. Sci. Eng..

[23]  Athanasios D. Panagopoulos,et al.  A survey on game theory applications in wireless networks , 2010, Comput. Networks.

[24]  Ruixuan Li,et al.  Dynamic Role and Context-Based Access Control for Grid Applications , 2005, Sixth International Conference on Parallel and Distributed Computing Applications and Technologies (PDCAT'05).

[25]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[26]  Ravi S. Sandhu,et al.  Peer-to-peer access control architecture using trusted computing technology , 2005, SACMAT '05.