In recent years, risk-based access control has been proposed as an alternative to traditional rigid access control models such as multi-level security and role-based access control. While these approaches make the risks associated with exceptional access accountable and encourage the users to take low-risk actions, they also create the disincentives for seeking necessary risky accesses. We introduce novel incentive mechanism based on Contract Theory. Another benefit of our approach is avoiding accurate estimate of the risk associated with each access. We demonstrate that Nash Equilibria can be achieved in which the user's optimal strategy is performing the risk-mitigation efforts to minimize her organization's risk, and conduct human-subject studies to empirically confirm the theoretical results. © 2012 Springer-Verlag.
CITATION STYLE
Liu, D., Li, N., Wang, X., & Camp, L. J. (2012). Beyond risk-based access control: Towards incentive-based access control. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7035 LNCS, pp. 102–112). https://doi.org/10.1007/978-3-642-27576-0_9
Mendeley helps you to discover research relevant for your work.