In dynamic and risk-prone environments, security rules should be flexible enough to permit the treatment of risks, and to manage privileges on resources based on the situation at hand. For this purpose, we define safety-centric contexts based on risk description that is provided by the safety management system. This paper presents a riskadaptive access control model that adopts hierarchies of contexts and security domains to make adaptations to risks at different levels of criticality. Since various risks may arise simultaneously, two or more security domains might be applicable at the same time incorporating various security rules which might lead to conflicts. Therefore, an approach to analyze conflicts is essential. In this work, we propose a conflict analysis algorithm based on set theory and we illustrate its usage with the proposed risk-adaptive access control model.
Context-based risk-adaptive security model and conflict management
TEIMOURIKIA, MAHSA;MARILLI, GUIDO;FUGINI, MARIAGRAZIA
2016-01-01
Abstract
In dynamic and risk-prone environments, security rules should be flexible enough to permit the treatment of risks, and to manage privileges on resources based on the situation at hand. For this purpose, we define safety-centric contexts based on risk description that is provided by the safety management system. This paper presents a riskadaptive access control model that adopts hierarchies of contexts and security domains to make adaptations to risks at different levels of criticality. Since various risks may arise simultaneously, two or more security domains might be applicable at the same time incorporating various security rules which might lead to conflicts. Therefore, an approach to analyze conflicts is essential. In this work, we propose a conflict analysis algorithm based on set theory and we illustrate its usage with the proposed risk-adaptive access control model.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
