在使用控制政策中整合风险评估的定量方法

2013 22nd International Conference on Computer Communication and Networks (ICCCN) Pub Date : 2013-07-01 DOI:10.1109/ICCCN.2013.6614144

Leanid Krautsevich, A. Lazouski, F. Martinelli, P. Mori, A. Yautsiukhin

{"title":"在使用控制政策中整合风险评估的定量方法","authors":"Leanid Krautsevich, A. Lazouski, F. Martinelli, P. Mori, A. Yautsiukhin","doi":"10.1109/ICCCN.2013.6614144","DOIUrl":null,"url":null,"abstract":"Usage Control (UCON) enhances traditional access control introducing mutable attributes and continuous policy enforcement. UCON addresses security requirements of dynamic computer environments like Grid and Cloud, but also raises new challenges. This paper considers two problems of usage control. The first problem arises when a value of a mutable attribute required for an access decision is uncertain. The second problem questions when to retrieve fresh values of mutable attributes and to trigger the access reevaluation during the continuous control. We propose quantitative risk-based methods to tackle these problems. The authorisation system grants the access if the security policy is satisfied and the risk level is acceptable. The authorisation system retrieves fresh attribute values following the strategy which minimises the risk of the usage sessions. We integrate the authorisation system based on the U-XACML language with quantitative methods for risk evaluation. We present the architecture, the implementation, and the evaluation of the overhead posed by the risk computation.","PeriodicalId":207337,"journal":{"name":"2013 22nd International Conference on Computer Communication and Networks (ICCCN)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Integration of Quantitative Methods for Risk Evaluation within Usage Control Policies\",\"authors\":\"Leanid Krautsevich, A. Lazouski, F. Martinelli, P. Mori, A. Yautsiukhin\",\"doi\":\"10.1109/ICCCN.2013.6614144\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Usage Control (UCON) enhances traditional access control introducing mutable attributes and continuous policy enforcement. UCON addresses security requirements of dynamic computer environments like Grid and Cloud, but also raises new challenges. This paper considers two problems of usage control. The first problem arises when a value of a mutable attribute required for an access decision is uncertain. The second problem questions when to retrieve fresh values of mutable attributes and to trigger the access reevaluation during the continuous control. We propose quantitative risk-based methods to tackle these problems. The authorisation system grants the access if the security policy is satisfied and the risk level is acceptable. The authorisation system retrieves fresh attribute values following the strategy which minimises the risk of the usage sessions. We integrate the authorisation system based on the U-XACML language with quantitative methods for risk evaluation. We present the architecture, the implementation, and the evaluation of the overhead posed by the risk computation.\",\"PeriodicalId\":207337,\"journal\":{\"name\":\"2013 22nd International Conference on Computer Communication and Networks (ICCCN)\",\"volume\":\"45 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 22nd International Conference on Computer Communication and Networks (ICCCN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCN.2013.6614144\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 22nd International Conference on Computer Communication and Networks (ICCCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2013.6614144","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

使用控制(UCON)对传统的访问控制进行了改进，引入了可变属性和连续的策略实施。UCON解决了网格和云等动态计算机环境的安全需求，但也提出了新的挑战。本文考虑了两个使用控制问题。当访问决策所需的可变属性值不确定时，就会出现第一个问题。第二个问题是在持续控制期间何时检索可变属性的新值并触发访问重求。我们提出了基于风险的定量方法来解决这些问题。如果安全策略得到满足，并且风险级别是可接受的，则授权系统授予访问权限。授权系统按照最小化使用会话风险的策略检索新的属性值。我们将基于U-XACML语言的授权系统与风险评估的定量方法相结合。我们介绍了体系结构、实现和风险计算带来的开销的评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Integration of Quantitative Methods for Risk Evaluation within Usage Control Policies

Usage Control (UCON) enhances traditional access control introducing mutable attributes and continuous policy enforcement. UCON addresses security requirements of dynamic computer environments like Grid and Cloud, but also raises new challenges. This paper considers two problems of usage control. The first problem arises when a value of a mutable attribute required for an access decision is uncertain. The second problem questions when to retrieve fresh values of mutable attributes and to trigger the access reevaluation during the continuous control. We propose quantitative risk-based methods to tackle these problems. The authorisation system grants the access if the security policy is satisfied and the risk level is acceptable. The authorisation system retrieves fresh attribute values following the strategy which minimises the risk of the usage sessions. We integrate the authorisation system based on the U-XACML language with quantitative methods for risk evaluation. We present the architecture, the implementation, and the evaluation of the overhead posed by the risk computation.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 22nd International Conference on Computer Communication and Networks (ICCCN)

自引率

0.00%

发文量