Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach

Risk-based access control systems are a new element in access control categories, incorporating risk analysis as part of the inputs to consider when taking an authorization decision. A risk analysis over a resource leads generally to temporal allocation of the resource in a risk level (e.g. high, me...

Full description

Autores:
Tipo de recurso:
Fecha de publicación:
2016
Institución:
Universidad del Rosario
Repositorio:
Repositorio EdocUR - U. Rosario
Idioma:
eng
OAI Identifier:
oai:repository.urosario.edu.co:10336/27550
Acceso en línea:
https://doi.org/10.1016/j.future.2014.10.012
https://repository.urosario.edu.co/handle/10336/27550
Palabra clave:
ISO 27001
ISMS
Risk management
Access control systems
Genetic algorithms
Counter-measures
Rights
License
Restringido (Acceso a grupos específicos)
id EDOCUR2_f92942693c58124572996bc00ce80d4f
oai_identifier_str oai:repository.urosario.edu.co:10336/27550
network_acronym_str EDOCUR2
network_name_str Repositorio EdocUR - U. Rosario
repository_id_str
spelling 1061695713600c1fc4eb8-7c03-4cd6-91e2-1cda74090326-1531e6ddc-fc78-4240-a2e6-31d5578e5a28-1d69e31ab-85df-4ddb-9216-bef85db91deb-12020-08-19T14:42:41Z2020-08-19T14:42:41Z2016-02-01Risk-based access control systems are a new element in access control categories, incorporating risk analysis as part of the inputs to consider when taking an authorization decision. A risk analysis over a resource leads generally to temporal allocation of the resource in a risk level (e.g. high, medium, low). Ideally, for each risk level and kind of resource, the access control system should take an authorization decision (expressed like a permit or deny) and the system administrator should also trigger specific counter-measures to protect resources according to their risk level. In a small access control system with few resources it is possible for an administrator to follow the risk level changes and react promptly with counter-measures; but in medium/large access control systems it is almost unfeasible to react in a customized way to thousands of risk level emergencies asking for attention. In this paper we propose the adoption of dynamic counter-measures (which can be integrated within access control policies) changing along time to face variations in the risk level of every resource, bringing two main benefits, namely: (i) a suitable resource protection according to the risk level (not under or over estimated) and (ii) an access control system granting/denying access depending on the fulfillment of a set of security controls applicable in an authorization access request. To define the most appropriate set of counter-measures applicable for a specific situation we define a method based on genetic algorithms, which allows to find a solution in a reasonable time frame satisfying different required conditions. Finally, the conducted experiments show the applicability of our proposal in a real scenario.application/pdfhttps://doi.org/10.1016/j.future.2014.10.012ISSN: 0167-739Xhttps://repository.urosario.edu.co/handle/10336/27550engElsevier335321Future Generation Computer SystemsVol. 55Future Generation Computer Systems, ISSN: 0167-739X, Vol.55 (February, 2016); pp. 321-335https://www.sciencedirect.com/science/article/abs/pii/S0167739X14002052Restringido (Acceso a grupos específicos)http://purl.org/coar/access_right/c_16ecFuture Generation Computer Systemsinstname:Universidad del Rosarioreponame:Repositorio Institucional EdocURISO 27001ISMSRisk managementAccess control systemsGenetic algorithmsCounter-measuresDynamic Counter-measures for Risk-based Access Control Systems: An Evolutive ApproachContramedidas dinámicas para sistemas de control de acceso basados ??en riesgos: un enfoque evolutivoarticleArtículohttp://purl.org/coar/version/c_970fb48d4fbd8a85http://purl.org/coar/resource_type/c_6501Díaz López, Daniel OrlandoDólera-Tormo, GinésGómez-Mármol, FélixMartínez-Pérez, Gregorio10336/27550oai:repository.urosario.edu.co:10336/275502022-05-02 07:37:21.916958https://repository.urosario.edu.coRepositorio institucional EdocURedocur@urosario.edu.co
dc.title.spa.fl_str_mv Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach
dc.title.TranslatedTitle.spa.fl_str_mv Contramedidas dinámicas para sistemas de control de acceso basados ??en riesgos: un enfoque evolutivo
title Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach
spellingShingle Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach
ISO 27001
ISMS
Risk management
Access control systems
Genetic algorithms
Counter-measures
title_short Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach
title_full Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach
title_fullStr Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach
title_full_unstemmed Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach
title_sort Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach
dc.subject.keyword.spa.fl_str_mv ISO 27001
ISMS
Risk management
Access control systems
Genetic algorithms
Counter-measures
topic ISO 27001
ISMS
Risk management
Access control systems
Genetic algorithms
Counter-measures
description Risk-based access control systems are a new element in access control categories, incorporating risk analysis as part of the inputs to consider when taking an authorization decision. A risk analysis over a resource leads generally to temporal allocation of the resource in a risk level (e.g. high, medium, low). Ideally, for each risk level and kind of resource, the access control system should take an authorization decision (expressed like a permit or deny) and the system administrator should also trigger specific counter-measures to protect resources according to their risk level. In a small access control system with few resources it is possible for an administrator to follow the risk level changes and react promptly with counter-measures; but in medium/large access control systems it is almost unfeasible to react in a customized way to thousands of risk level emergencies asking for attention. In this paper we propose the adoption of dynamic counter-measures (which can be integrated within access control policies) changing along time to face variations in the risk level of every resource, bringing two main benefits, namely: (i) a suitable resource protection according to the risk level (not under or over estimated) and (ii) an access control system granting/denying access depending on the fulfillment of a set of security controls applicable in an authorization access request. To define the most appropriate set of counter-measures applicable for a specific situation we define a method based on genetic algorithms, which allows to find a solution in a reasonable time frame satisfying different required conditions. Finally, the conducted experiments show the applicability of our proposal in a real scenario.
publishDate 2016
dc.date.created.spa.fl_str_mv 2016-02-01
dc.date.accessioned.none.fl_str_mv 2020-08-19T14:42:41Z
dc.date.available.none.fl_str_mv 2020-08-19T14:42:41Z
dc.type.eng.fl_str_mv article
dc.type.coarversion.fl_str_mv http://purl.org/coar/version/c_970fb48d4fbd8a85
dc.type.coar.fl_str_mv http://purl.org/coar/resource_type/c_6501
dc.type.spa.spa.fl_str_mv Artículo
dc.identifier.doi.none.fl_str_mv https://doi.org/10.1016/j.future.2014.10.012
dc.identifier.issn.none.fl_str_mv ISSN: 0167-739X
dc.identifier.uri.none.fl_str_mv https://repository.urosario.edu.co/handle/10336/27550
url https://doi.org/10.1016/j.future.2014.10.012
https://repository.urosario.edu.co/handle/10336/27550
identifier_str_mv ISSN: 0167-739X
dc.language.iso.spa.fl_str_mv eng
language eng
dc.relation.citationEndPage.none.fl_str_mv 335
dc.relation.citationStartPage.none.fl_str_mv 321
dc.relation.citationTitle.none.fl_str_mv Future Generation Computer Systems
dc.relation.citationVolume.none.fl_str_mv Vol. 55
dc.relation.ispartof.spa.fl_str_mv Future Generation Computer Systems, ISSN: 0167-739X, Vol.55 (February, 2016); pp. 321-335
dc.relation.uri.spa.fl_str_mv https://www.sciencedirect.com/science/article/abs/pii/S0167739X14002052
dc.rights.coar.fl_str_mv http://purl.org/coar/access_right/c_16ec
dc.rights.acceso.spa.fl_str_mv Restringido (Acceso a grupos específicos)
rights_invalid_str_mv Restringido (Acceso a grupos específicos)
http://purl.org/coar/access_right/c_16ec
dc.format.mimetype.none.fl_str_mv application/pdf
dc.publisher.spa.fl_str_mv Elsevier
dc.source.spa.fl_str_mv Future Generation Computer Systems
institution Universidad del Rosario
dc.source.instname.none.fl_str_mv instname:Universidad del Rosario
dc.source.reponame.none.fl_str_mv reponame:Repositorio Institucional EdocUR
repository.name.fl_str_mv Repositorio institucional EdocUR
repository.mail.fl_str_mv edocur@urosario.edu.co
_version_ 1814167545687572480