Dynamic Game Access Control Based on Trust

Abstract

Access control refers to the whole suite of mechanisms that are used to govern user access to resources provided by computer systems over networks. Although many access control models have been proposed, such as DAC, MAC and RBAC, the functionality of these access control models is to make authorization decisions based on established access control policies. When the malicious access is identified, the access control system denies the request. However, the malicious entities may keep issuing more malicious access requests not afraid of punishment from the access control system. Such access control models are not adequate in open networks where the identities of entities may not be known. In this paper, we first apply some principles in game theory to analyze current access control models. With respect to behavior of entities, access control can be treated as a game between the requester and the provider entities. Then we propose a dynamic game access control model based on trust, which can respond to malicious access. The proposed model should follow the principles of bringing interactive entities to a state of Nash Equilibrium to make access control more effective. In the proposed model, we use access behavior trigger strategy along with a constraint mechanism that provides incentives for entities to perform honest access.