The increasing need to share information in dynamic environments has created a requirement for risk-aware access control systems. The standard RBAC model is designed to operate in a relatively stable, closed environment and does not include any support for risk. In this paper, we explore a number of ways in which the RBAC model can be extended to incorporate notions of risk. In particular, we develop three simple risk-aware RBAC models that differ in the way in which risk is represented and accounted for in making access control decisions. We also propose a risk-aware RBAC model that combines all the features of three simple models and consider some issues related to its implementation. Compared with existing work, our models have clear authorization semantics and support richer types of access control decisions. © 2012 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Chen, L., & Crampton, J. (2012). Risk-aware role-based access control. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7170 LNCS, pp. 140–156). https://doi.org/10.1007/978-3-642-29963-6_11
Mendeley helps you to discover research relevant for your work.