TU Darmstadt / ULB / TUbiblio

Interactive Access Rule Learning for Access Control: Concepts and Design

Beckerle, Matthias ; Martucci, Leonardo ; Mühlhäuser, Max ; Ries, Sebastian
Beklen, A. ; Ejarque, J. ; Gentzsch, W. ; Kanstren, T. ; Koschel, A. ; Lee, Y. W. ; Li, L. ; Zemlicka, M. (eds.) :

Interactive Access Rule Learning for Access Control: Concepts and Design.
International Journal On Advances in Intelligent Systems
[ Konferenzveröffentlichung] , (2011)

Kurzbeschreibung (Abstract)

Nowadays the majority of users are unable to properly configure security mechanisms mostly because they are not usable for them. To reach the goal of having usable security mechanisms, the best solution is to minimize the amount of user interactions and simplify configuration tasks. Automation is a proper solution for minimizing the amount of user interaction. Fully automated security systems are possible for most security objectives, with the exception of the access control policy generation. Fully automated access control policy generation is currently not possible because individual preferences must be taken into account and, thus, requires user interaction. To address this problem we propose a mechanism that assists users to generate proper access control rule sets that reflect their individual preferences. We name this mechanism Interactive Rule Learning for Access Control (IRL). IRL is designed to generate concise rule sets for Attribute-Based Access Control (ABAC). The resulting approach leads to adaptive access control rule sets that can be used for so called smart products. Therefore, we first describe the requirements and metrics for usable access control rule sets for smart products. Moreover, we present the design of a security component which implements, among other security functionalities, our proposed IRL on ABAC. This design is currently being implemented as part of the ICT 7th Framework Programme SmartProducts of the European Commission.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2011
Herausgeber: Beklen, A. ; Ejarque, J. ; Gentzsch, W. ; Kanstren, T. ; Koschel, A. ; Lee, Y. W. ; Li, L. ; Zemlicka, M.
Autor(en): Beckerle, Matthias ; Martucci, Leonardo ; Mühlhäuser, Max ; Ries, Sebastian
Titel: Interactive Access Rule Learning for Access Control: Concepts and Design
Sprache: ["languages_typename_1" not defined]
Kurzbeschreibung (Abstract):

Nowadays the majority of users are unable to properly configure security mechanisms mostly because they are not usable for them. To reach the goal of having usable security mechanisms, the best solution is to minimize the amount of user interactions and simplify configuration tasks. Automation is a proper solution for minimizing the amount of user interaction. Fully automated security systems are possible for most security objectives, with the exception of the access control policy generation. Fully automated access control policy generation is currently not possible because individual preferences must be taken into account and, thus, requires user interaction. To address this problem we propose a mechanism that assists users to generate proper access control rule sets that reflect their individual preferences. We name this mechanism Interactive Rule Learning for Access Control (IRL). IRL is designed to generate concise rule sets for Attribute-Based Access Control (ABAC). The resulting approach leads to adaptive access control rule sets that can be used for so called smart products. Therefore, we first describe the requirements and metrics for usable access control rule sets for smart products. Moreover, we present the design of a security component which implements, among other security functionalities, our proposed IRL on ABAC. This design is currently being implemented as part of the ICT 7th Framework Programme SmartProducts of the European Commission.

Buchtitel: International Journal On Advances in Intelligent Systems
Band: 4
(Heft-)Nummer: 3 and 4
Freie Schlagworte: - SST - Area Smart Security and Trust;adaptivity, usability, access control, rule learning
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > Telekooperation
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
LOEWE
Hinterlegungsdatum: 31 Dez 2016 12:59
ID-Nummer: TUD-CS-2011-2894
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen