Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach
Risk-based access control systems are a new element in access control categories, incorporating risk analysis as part of the inputs to consider when taking an authorization decision. A risk analysis over a resource leads generally to temporal allocation of the resource in a risk level (e.g. high, me...
- Autores:
- Tipo de recurso:
- Fecha de publicación:
- 2016
- Institución:
- Universidad del Rosario
- Repositorio:
- Repositorio EdocUR - U. Rosario
- Idioma:
- eng
- OAI Identifier:
- oai:repository.urosario.edu.co:10336/27550
- Acceso en línea:
- https://doi.org/10.1016/j.future.2014.10.012
https://repository.urosario.edu.co/handle/10336/27550
- Palabra clave:
- ISO 27001
ISMS
Risk management
Access control systems
Genetic algorithms
Counter-measures
- Rights
- License
- Restringido (Acceso a grupos específicos)
id |
EDOCUR2_f92942693c58124572996bc00ce80d4f |
---|---|
oai_identifier_str |
oai:repository.urosario.edu.co:10336/27550 |
network_acronym_str |
EDOCUR2 |
network_name_str |
Repositorio EdocUR - U. Rosario |
repository_id_str |
|
spelling |
1061695713600c1fc4eb8-7c03-4cd6-91e2-1cda74090326-1531e6ddc-fc78-4240-a2e6-31d5578e5a28-1d69e31ab-85df-4ddb-9216-bef85db91deb-12020-08-19T14:42:41Z2020-08-19T14:42:41Z2016-02-01Risk-based access control systems are a new element in access control categories, incorporating risk analysis as part of the inputs to consider when taking an authorization decision. A risk analysis over a resource leads generally to temporal allocation of the resource in a risk level (e.g. high, medium, low). Ideally, for each risk level and kind of resource, the access control system should take an authorization decision (expressed like a permit or deny) and the system administrator should also trigger specific counter-measures to protect resources according to their risk level. In a small access control system with few resources it is possible for an administrator to follow the risk level changes and react promptly with counter-measures; but in medium/large access control systems it is almost unfeasible to react in a customized way to thousands of risk level emergencies asking for attention. In this paper we propose the adoption of dynamic counter-measures (which can be integrated within access control policies) changing along time to face variations in the risk level of every resource, bringing two main benefits, namely: (i) a suitable resource protection according to the risk level (not under or over estimated) and (ii) an access control system granting/denying access depending on the fulfillment of a set of security controls applicable in an authorization access request. To define the most appropriate set of counter-measures applicable for a specific situation we define a method based on genetic algorithms, which allows to find a solution in a reasonable time frame satisfying different required conditions. Finally, the conducted experiments show the applicability of our proposal in a real scenario.application/pdfhttps://doi.org/10.1016/j.future.2014.10.012ISSN: 0167-739Xhttps://repository.urosario.edu.co/handle/10336/27550engElsevier335321Future Generation Computer SystemsVol. 55Future Generation Computer Systems, ISSN: 0167-739X, Vol.55 (February, 2016); pp. 321-335https://www.sciencedirect.com/science/article/abs/pii/S0167739X14002052Restringido (Acceso a grupos específicos)http://purl.org/coar/access_right/c_16ecFuture Generation Computer Systemsinstname:Universidad del Rosarioreponame:Repositorio Institucional EdocURISO 27001ISMSRisk managementAccess control systemsGenetic algorithmsCounter-measuresDynamic Counter-measures for Risk-based Access Control Systems: An Evolutive ApproachContramedidas dinámicas para sistemas de control de acceso basados ??en riesgos: un enfoque evolutivoarticleArtículohttp://purl.org/coar/version/c_970fb48d4fbd8a85http://purl.org/coar/resource_type/c_6501Díaz López, Daniel OrlandoDólera-Tormo, GinésGómez-Mármol, FélixMartínez-Pérez, Gregorio10336/27550oai:repository.urosario.edu.co:10336/275502022-05-02 07:37:21.916958https://repository.urosario.edu.coRepositorio institucional EdocURedocur@urosario.edu.co |
dc.title.spa.fl_str_mv |
Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach |
dc.title.TranslatedTitle.spa.fl_str_mv |
Contramedidas dinámicas para sistemas de control de acceso basados ??en riesgos: un enfoque evolutivo |
title |
Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach |
spellingShingle |
Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach ISO 27001 ISMS Risk management Access control systems Genetic algorithms Counter-measures |
title_short |
Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach |
title_full |
Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach |
title_fullStr |
Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach |
title_full_unstemmed |
Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach |
title_sort |
Dynamic Counter-measures for Risk-based Access Control Systems: An Evolutive Approach |
dc.subject.keyword.spa.fl_str_mv |
ISO 27001 ISMS Risk management Access control systems Genetic algorithms Counter-measures |
topic |
ISO 27001 ISMS Risk management Access control systems Genetic algorithms Counter-measures |
description |
Risk-based access control systems are a new element in access control categories, incorporating risk analysis as part of the inputs to consider when taking an authorization decision. A risk analysis over a resource leads generally to temporal allocation of the resource in a risk level (e.g. high, medium, low). Ideally, for each risk level and kind of resource, the access control system should take an authorization decision (expressed like a permit or deny) and the system administrator should also trigger specific counter-measures to protect resources according to their risk level. In a small access control system with few resources it is possible for an administrator to follow the risk level changes and react promptly with counter-measures; but in medium/large access control systems it is almost unfeasible to react in a customized way to thousands of risk level emergencies asking for attention. In this paper we propose the adoption of dynamic counter-measures (which can be integrated within access control policies) changing along time to face variations in the risk level of every resource, bringing two main benefits, namely: (i) a suitable resource protection according to the risk level (not under or over estimated) and (ii) an access control system granting/denying access depending on the fulfillment of a set of security controls applicable in an authorization access request. To define the most appropriate set of counter-measures applicable for a specific situation we define a method based on genetic algorithms, which allows to find a solution in a reasonable time frame satisfying different required conditions. Finally, the conducted experiments show the applicability of our proposal in a real scenario. |
publishDate |
2016 |
dc.date.created.spa.fl_str_mv |
2016-02-01 |
dc.date.accessioned.none.fl_str_mv |
2020-08-19T14:42:41Z |
dc.date.available.none.fl_str_mv |
2020-08-19T14:42:41Z |
dc.type.eng.fl_str_mv |
article |
dc.type.coarversion.fl_str_mv |
http://purl.org/coar/version/c_970fb48d4fbd8a85 |
dc.type.coar.fl_str_mv |
http://purl.org/coar/resource_type/c_6501 |
dc.type.spa.spa.fl_str_mv |
Artículo |
dc.identifier.doi.none.fl_str_mv |
https://doi.org/10.1016/j.future.2014.10.012 |
dc.identifier.issn.none.fl_str_mv |
ISSN: 0167-739X |
dc.identifier.uri.none.fl_str_mv |
https://repository.urosario.edu.co/handle/10336/27550 |
url |
https://doi.org/10.1016/j.future.2014.10.012 https://repository.urosario.edu.co/handle/10336/27550 |
identifier_str_mv |
ISSN: 0167-739X |
dc.language.iso.spa.fl_str_mv |
eng |
language |
eng |
dc.relation.citationEndPage.none.fl_str_mv |
335 |
dc.relation.citationStartPage.none.fl_str_mv |
321 |
dc.relation.citationTitle.none.fl_str_mv |
Future Generation Computer Systems |
dc.relation.citationVolume.none.fl_str_mv |
Vol. 55 |
dc.relation.ispartof.spa.fl_str_mv |
Future Generation Computer Systems, ISSN: 0167-739X, Vol.55 (February, 2016); pp. 321-335 |
dc.relation.uri.spa.fl_str_mv |
https://www.sciencedirect.com/science/article/abs/pii/S0167739X14002052 |
dc.rights.coar.fl_str_mv |
http://purl.org/coar/access_right/c_16ec |
dc.rights.acceso.spa.fl_str_mv |
Restringido (Acceso a grupos específicos) |
rights_invalid_str_mv |
Restringido (Acceso a grupos específicos) http://purl.org/coar/access_right/c_16ec |
dc.format.mimetype.none.fl_str_mv |
application/pdf |
dc.publisher.spa.fl_str_mv |
Elsevier |
dc.source.spa.fl_str_mv |
Future Generation Computer Systems |
institution |
Universidad del Rosario |
dc.source.instname.none.fl_str_mv |
instname:Universidad del Rosario |
dc.source.reponame.none.fl_str_mv |
reponame:Repositorio Institucional EdocUR |
repository.name.fl_str_mv |
Repositorio institucional EdocUR |
repository.mail.fl_str_mv |
edocur@urosario.edu.co |
_version_ |
1814167545687572480 |