Cyber risk and cyber security: cyber access control with data mining

This paper presents concepts about adaptive cyber security for areas where risks and emergencies need to be managed and may require modifying authorizations dynamically due to risks. In scenarios where risks may occur, cyber security has to be managed dynamically granting and revoking access rights according to the needs-to-save Safety of Smart cyberspaces. Treating cyber security for risk is given in the paper via a model of Cyber Resources in the Smart Cyberspace. A spatial description allows for resource localization in the affected areas, and a set of physical and logical identifiers permits dynamic regulation of cyber access to them according to security and risk policies, combined together. Adaptivity of cyber access control rules apply to Cyber Subjects, who intervene to manage the risk. A review of existing approaches and a proposal are given. Moreover, we consider the more general concept of Cyber Physical Systems (CPS) and the theme of Security Policy Checking, which is a hot topic in the cyber security field to generate and manage coherently secure policies about access to resources. In the second part of the paper, we propose a methodology for access policy checking. In particular, the contribution of this work consists in using a Data Mining approach to different kinds of access policies developed for managing both physical and logical resources in Smart cyberspaces. It is shown how Data Mining can individuate issues and unwanted access to systems, e.g., for violation of read/write policies, or of privacy policies, in an environment managed under the Role Based and Attribute Based Access Control models, which are nowadays the most popular and up to date models for security management, as we will explain in the work.