论文信息 - Fuzzy MLS : An Experiment on Quantified Risk – Adaptive Access Control

Fuzzy MLS : An Experiment on Quantified Risk – Adaptive Access Control

The goal of this paper is to present a new model for, or rather a new way of thinking of adaptive, risk–based access control. Our basic premise is that there is always inherent uncertainty in access control decisions and such uncertainty leads to unpredictable risk that should be quantified and addressed in an explicit way. The ability to quantify risk makes it possible to treat risk as countable resource. This enables the use of economic principles to manage this resource with the goal of achieving the optimal utilization of risk, i.e, allocate risk in a manner that optimizes the risk vs. benefit tradeoff. We choose to expand the well known and practiced Bell–Lapadula multi–level security (MLS) access control model as a proof–of–concept case study for our basic premise. The resulting access control model is more like a Fuzzy Logic control system [Jyh97] than a traditional access control system and hence the name “Fuzzy MLS”.

P. Rohatgi | P. Cheng | C. Keser

[1] Dorothy E. Denning,et al. A lattice model of secure information flow , 1976, CACM.

[2] Roger R. Schell,et al. Designing the GEMSOS security kernel for security and performance , 1985 .

[3] Daniel F. Sterne,et al. Confining Root Programs with Domain and Type Enforcement , 1996, USENIX Security Symposium.

[4] Chuen-Tsai Sun,et al. Neuro-fuzzy And Soft Computing: A Computational Approach To Learning And Machine Intelligence [Books in Brief] , 1997, IEEE Transactions on Neural Networks.

[5] Axel Schairer,et al. Verification of a Formal Security Model for Multiapplicative Smart Cards , 2000, ESORICS.

[6] Pau-Chen Cheng,et al. BlueBoX: A policy-driven, host-based intrusion detection system , 2003, TSEC.

[7] Etienne J. Khayat,et al. Risk Based Security Analysis of Permissions in RBAC , 2004, WOSIS.

[8] Anton Riabov,et al. Planning for Stream Processing Systems , 2005, AAAI.

[9] David Ingram,et al. Risk Models for Trust-Based Access Control(TBAC) , 2005, iTrust.

[10] Anton Riabov,et al. Scalable Planning for Distributed Stream Processing Systems , 2006, ICAPS.