Risk-Based Access Control Systems Built of Fuzzy Inferences

Fuzzy inference is a promising approach to implement risk-based access control systems. However, its application to access control raises some novel problems that have not been yet investigated. First, because there are many different fuzzy operations, one must choose the fuzzy operations that best address security requirements. Second, risk-based access control, though it improves information flow and better addresses requirements from critical organizations, may result in damages by malicious users before mitigating steps are taken. Third, the scalability of a fuzzy inference-based access control system is questionable. The time required by a fuzzy inference engine to estimate risks may be quite high especially when there are tens of parameters and hundreds of fuzzy rules. However, an access control system may need to serve hundreds or thousands of users. In this paper, we investigate these issues and present our solutions or answers to them.
Date: April 13, 2010
Book Title: Proc. of the 5th ACM Symposium on Information, Computer and Communication Security (ASIACCS)
Type: InProceedings
Downloads: 2247

Has 1 soft copy


remote link

Bibtex


@InProceedings{Risk_Based_Access_Control_Systems_Built_,
  author = "Qun ni and Elisa Bertino and Jorge Lobo",
  title = "{Risk-Based Access Control Systems Built of Fuzzy Inferences}",
  month = "April",
  year = "2010",
  booktitle = "Proc. of the 5th ACM Symposium on Information, Computer and Communication Security (ASIACCS)",
}