Pedro Moura, Paulo A. P. Fazendeiro, Pedro Marques, A. Ferreira
{"title":"SoTRAACE -社会技术风险适应性访问控制模型","authors":"Pedro Moura, Paulo A. P. Fazendeiro, Pedro Marques, A. Ferreira","doi":"10.1109/CCST.2017.8167835","DOIUrl":null,"url":null,"abstract":"Within the necessary security requirements, access control measures are essential to provide adequate means to protect data from unauthorized accesses. However, current and traditional solutions are commonly based on predefined access policies and roles and are therefore inflexible by assuming uniform access control decisions through people's different type of devices, environments and situational conditions, and across enterprises, location and time. We live in an age of the mobile paradigm of anytime/anywhere access as the smartphone is the most ubiquitous device that people now hold. In this new age, access control models need to determine adaptable access decisions based on multiple factors aggregated at the moment of request and not just perform a predefined comparison of attributes. This paper presents a new access control model: SoTRAACE — Socio-Technical Risk-Adaptable Access Control Model. This model aggregates attributes from various domains to help performing a risk assessment that is balanced against the operational needs at the moment of each request, so to provide the most accurate and secure access decision. As a proof of concept, SoTRAACE is used to model and compare two different use case scenarios in the healthcare sector.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"SoTRAACE — Socio-technical risk-adaptable access control model\",\"authors\":\"Pedro Moura, Paulo A. P. Fazendeiro, Pedro Marques, A. Ferreira\",\"doi\":\"10.1109/CCST.2017.8167835\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Within the necessary security requirements, access control measures are essential to provide adequate means to protect data from unauthorized accesses. However, current and traditional solutions are commonly based on predefined access policies and roles and are therefore inflexible by assuming uniform access control decisions through people's different type of devices, environments and situational conditions, and across enterprises, location and time. We live in an age of the mobile paradigm of anytime/anywhere access as the smartphone is the most ubiquitous device that people now hold. In this new age, access control models need to determine adaptable access decisions based on multiple factors aggregated at the moment of request and not just perform a predefined comparison of attributes. This paper presents a new access control model: SoTRAACE — Socio-Technical Risk-Adaptable Access Control Model. This model aggregates attributes from various domains to help performing a risk assessment that is balanced against the operational needs at the moment of each request, so to provide the most accurate and secure access decision. As a proof of concept, SoTRAACE is used to model and compare two different use case scenarios in the healthcare sector.\",\"PeriodicalId\":371622,\"journal\":{\"name\":\"2017 International Carnahan Conference on Security Technology (ICCST)\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Carnahan Conference on Security Technology (ICCST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCST.2017.8167835\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Carnahan Conference on Security Technology (ICCST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2017.8167835","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SoTRAACE — Socio-technical risk-adaptable access control model
Within the necessary security requirements, access control measures are essential to provide adequate means to protect data from unauthorized accesses. However, current and traditional solutions are commonly based on predefined access policies and roles and are therefore inflexible by assuming uniform access control decisions through people's different type of devices, environments and situational conditions, and across enterprises, location and time. We live in an age of the mobile paradigm of anytime/anywhere access as the smartphone is the most ubiquitous device that people now hold. In this new age, access control models need to determine adaptable access decisions based on multiple factors aggregated at the moment of request and not just perform a predefined comparison of attributes. This paper presents a new access control model: SoTRAACE — Socio-Technical Risk-Adaptable Access Control Model. This model aggregates attributes from various domains to help performing a risk assessment that is balanced against the operational needs at the moment of each request, so to provide the most accurate and secure access decision. As a proof of concept, SoTRAACE is used to model and compare two different use case scenarios in the healthcare sector.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
