TY - JOUR
T1 - Dynamic counter-measures for risk-based access control systems
T2 - An evolutive approach
AU - Díaz-López, Daniel
AU - Dólera-Tormo, Ginés
AU - Gómez-Mármol, Félix
AU - Martínez-Pérez, Gregorio
N1 - Funding Information:
This work has been partially supported by the Funding Program for Research Groups of Excellence granted by the Séneca Foundation with code 04552/GERM/06 .
Publisher Copyright:
© 2014 Elsevier B.V. All rights reserved.
PY - 2016/2/1
Y1 - 2016/2/1
N2 - Risk-based access control systems are a new element in access control categories, incorporating risk analysis as part of the inputs to consider when taking an authorization decision. A risk analysis over a resource leads generally to temporal allocation of the resource in a risk level (e.g. high, medium, low). Ideally, for each risk level and kind of resource, the access control system should take an authorization decision (expressed like a permit or deny) and the system administrator should also trigger specific counter-measures to protect resources according to their risk level. In a small access control system with few resources it is possible for an administrator to follow the risk level changes and react promptly with counter-measures; but in medium/large access control systems it is almost unfeasible to react in a customized way to thousands of risk level emergencies asking for attention. In this paper we propose the adoption of dynamic counter-measures (which can be integrated within access control policies) changing along time to face variations in the risk level of every resource, bringing two main benefits, namely: (i) a suitable resource protection according to the risk level (not under or over estimated) and (ii) an access control system granting/denying access depending on the fulfillment of a set of security controls applicable in an authorization access request. To define the most appropriate set of counter-measures applicable for a specific situation we define a method based on genetic algorithms, which allows to find a solution in a reasonable time frame satisfying different required conditions. Finally, the conducted experiments show the applicability of our proposal in a real scenario.
AB - Risk-based access control systems are a new element in access control categories, incorporating risk analysis as part of the inputs to consider when taking an authorization decision. A risk analysis over a resource leads generally to temporal allocation of the resource in a risk level (e.g. high, medium, low). Ideally, for each risk level and kind of resource, the access control system should take an authorization decision (expressed like a permit or deny) and the system administrator should also trigger specific counter-measures to protect resources according to their risk level. In a small access control system with few resources it is possible for an administrator to follow the risk level changes and react promptly with counter-measures; but in medium/large access control systems it is almost unfeasible to react in a customized way to thousands of risk level emergencies asking for attention. In this paper we propose the adoption of dynamic counter-measures (which can be integrated within access control policies) changing along time to face variations in the risk level of every resource, bringing two main benefits, namely: (i) a suitable resource protection according to the risk level (not under or over estimated) and (ii) an access control system granting/denying access depending on the fulfillment of a set of security controls applicable in an authorization access request. To define the most appropriate set of counter-measures applicable for a specific situation we define a method based on genetic algorithms, which allows to find a solution in a reasonable time frame satisfying different required conditions. Finally, the conducted experiments show the applicability of our proposal in a real scenario.
UR - http://www.scopus.com/inward/record.url?scp=84954287126&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84954287126&partnerID=8YFLogxK
U2 - 10.1016/j.future.2014.10.012
DO - 10.1016/j.future.2014.10.012
M3 - Research Article
AN - SCOPUS:84954287126
SN - 0167-739X
VL - 55
SP - 321
EP - 335
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -