TU Darmstadt / ULB / TUbiblio

Interactive Access Rule Learning for Access Control: Concepts and Design

Beckerle, Matthias and Martucci, Leonardo and Mühlhäuser, Max and Ries, Sebastian
Beklen, A. and Ejarque, J. and Gentzsch, W. and Kanstren, T. and Koschel, A. and Lee, Y. W. and Li, L. and Zemlicka, M. (eds.) :

Interactive Access Rule Learning for Access Control: Concepts and Design.
International Journal On Advances in Intelligent Systems
[Conference or Workshop Item] , (2011)

Abstract

Nowadays the majority of users are unable to properly configure security mechanisms mostly because they are not usable for them. To reach the goal of having usable security mechanisms, the best solution is to minimize the amount of user interactions and simplify configuration tasks. Automation is a proper solution for minimizing the amount of user interaction. Fully automated security systems are possible for most security objectives, with the exception of the access control policy generation. Fully automated access control policy generation is currently not possible because individual preferences must be taken into account and, thus, requires user interaction. To address this problem we propose a mechanism that assists users to generate proper access control rule sets that reflect their individual preferences. We name this mechanism Interactive Rule Learning for Access Control (IRL). IRL is designed to generate concise rule sets for Attribute-Based Access Control (ABAC). The resulting approach leads to adaptive access control rule sets that can be used for so called smart products. Therefore, we first describe the requirements and metrics for usable access control rule sets for smart products. Moreover, we present the design of a security component which implements, among other security functionalities, our proposed IRL on ABAC. This design is currently being implemented as part of the ICT 7th Framework Programme SmartProducts of the European Commission.

Item Type: Conference or Workshop Item
Erschienen: 2011
Editors: Beklen, A. and Ejarque, J. and Gentzsch, W. and Kanstren, T. and Koschel, A. and Lee, Y. W. and Li, L. and Zemlicka, M.
Creators: Beckerle, Matthias and Martucci, Leonardo and Mühlhäuser, Max and Ries, Sebastian
Title: Interactive Access Rule Learning for Access Control: Concepts and Design
Language: ["languages_typename_1" not defined]
Abstract:

Nowadays the majority of users are unable to properly configure security mechanisms mostly because they are not usable for them. To reach the goal of having usable security mechanisms, the best solution is to minimize the amount of user interactions and simplify configuration tasks. Automation is a proper solution for minimizing the amount of user interaction. Fully automated security systems are possible for most security objectives, with the exception of the access control policy generation. Fully automated access control policy generation is currently not possible because individual preferences must be taken into account and, thus, requires user interaction. To address this problem we propose a mechanism that assists users to generate proper access control rule sets that reflect their individual preferences. We name this mechanism Interactive Rule Learning for Access Control (IRL). IRL is designed to generate concise rule sets for Attribute-Based Access Control (ABAC). The resulting approach leads to adaptive access control rule sets that can be used for so called smart products. Therefore, we first describe the requirements and metrics for usable access control rule sets for smart products. Moreover, we present the design of a security component which implements, among other security functionalities, our proposed IRL on ABAC. This design is currently being implemented as part of the ICT 7th Framework Programme SmartProducts of the European Commission.

Title of Book: International Journal On Advances in Intelligent Systems
Volume: 4
Number: 3 and 4
Uncontrolled Keywords: - SST - Area Smart Security and Trust;adaptivity, usability, access control, rule learning
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Department of Computer Science > Telecooperation
LOEWE > LOEWE-Zentren
Department of Computer Science
LOEWE
Date Deposited: 31 Dec 2016 12:59
Identification Number: TUD-CS-2011-2894
Export:

Optionen (nur für Redakteure)

View Item View Item