An access control architecture for context-risk-aware access control: Architectural design and performance evaluation

Ali Ahmed, Ning Zhang

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    Abstract

    Risk assessment plays a significant role in Decision Support Systems (DSS). Recently, there have been efforts to exploit the potential of linking risk assessment to security provisioning to provide risk-aware security services. One of these efforts is the Context-Risk-Aware Access Control (CRAAC) model that links requesters' access privileges to the risk level in the underlying access environment in the context of Pervasive Computing (PerComp). The idea is to link an access control decision to an attribute value that reflects the aggregated assurance level in identifying a subject. This attribute value is named as Requester's Level of Assurance (RLoA) and is influenced by the requester's run-time contextual information. This paper proposes the CRAAC architecture along with its components to support this novel access control model. This architecture provides high level functional transparency, extensibility, and flexibility to cope with the PerComp dynamic nature. It describes the fundamental services provided by CRAAC, namely context monitoring, RLoA derivation, and RLoA-linked access control decision making. The paper also shows the results of some experiments, conducted on a CRAAC prototype, to evaluate the CRAAC performance (configured in the RLoA-only working mode). The experimental results show that the RLoA-only mode introduces only marginal access delays and is more resilient to Denial of Service (DoS) attacks compared to the traditional Role-Based Access Control (RBAC) model. © 2010 IEEE.
    Original languageEnglish
    Title of host publicationProceedings - 4th International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2010|Proc. - Int. Conf. Emerg. Secur. Inf., Syst. Technol., SECURWARE
    PublisherIEEE Computer Society
    Pages251-260
    Number of pages9
    ISBN (Print)9780769540955
    DOIs
    Publication statusPublished - 2010
    Event4th International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2010 - Venice
    Duration: 1 Jul 2010 → …

    Conference

    Conference4th International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2010
    CityVenice
    Period1/07/10 → …

    Keywords

    • Access control
    • Architecture
    • Average access delay
    • Context-aware
    • Level of assurance
    • Risk assessment

    Fingerprint

    Dive into the research topics of 'An access control architecture for context-risk-aware access control: Architectural design and performance evaluation'. Together they form a unique fingerprint.

    Cite this