Pedro Moura, Paulo A. P. Fazendeiro, Pedro Marques, A. Ferreira
{"title":"SoTRAACE — Socio-technical risk-adaptable access control model","authors":"Pedro Moura, Paulo A. P. Fazendeiro, Pedro Marques, A. Ferreira","doi":"10.1109/CCST.2017.8167835","DOIUrl":null,"url":null,"abstract":"Within the necessary security requirements, access control measures are essential to provide adequate means to protect data from unauthorized accesses. However, current and traditional solutions are commonly based on predefined access policies and roles and are therefore inflexible by assuming uniform access control decisions through people's different type of devices, environments and situational conditions, and across enterprises, location and time. We live in an age of the mobile paradigm of anytime/anywhere access as the smartphone is the most ubiquitous device that people now hold. In this new age, access control models need to determine adaptable access decisions based on multiple factors aggregated at the moment of request and not just perform a predefined comparison of attributes. This paper presents a new access control model: SoTRAACE — Socio-Technical Risk-Adaptable Access Control Model. This model aggregates attributes from various domains to help performing a risk assessment that is balanced against the operational needs at the moment of each request, so to provide the most accurate and secure access decision. As a proof of concept, SoTRAACE is used to model and compare two different use case scenarios in the healthcare sector.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Carnahan Conference on Security Technology (ICCST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2017.8167835","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12
Abstract
Within the necessary security requirements, access control measures are essential to provide adequate means to protect data from unauthorized accesses. However, current and traditional solutions are commonly based on predefined access policies and roles and are therefore inflexible by assuming uniform access control decisions through people's different type of devices, environments and situational conditions, and across enterprises, location and time. We live in an age of the mobile paradigm of anytime/anywhere access as the smartphone is the most ubiquitous device that people now hold. In this new age, access control models need to determine adaptable access decisions based on multiple factors aggregated at the moment of request and not just perform a predefined comparison of attributes. This paper presents a new access control model: SoTRAACE — Socio-Technical Risk-Adaptable Access Control Model. This model aggregates attributes from various domains to help performing a risk assessment that is balanced against the operational needs at the moment of each request, so to provide the most accurate and secure access decision. As a proof of concept, SoTRAACE is used to model and compare two different use case scenarios in the healthcare sector.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
