A Framework for Threat Assessment in Access Control Systems - Information Security and Privacy Research
Conference Papers Year : 2012

A Framework for Threat Assessment in Access Control Systems

Abstract

We describe a framework for threat assessment specifically within the context of access control systems, where subjects request access to resources for which they may not be pre-authorized. The framework that we describe includes four different approaches for conducting threat assessment: an object sensitivity-based approach, a subject trustworthiness-based approach and two additional approaches which are based on the difference between object sensitivity and subject trustworthiness. We motivate each of the four approaches with a series of examples. We also identify and formally describe the properties that are to be satisfied within each approach. Each of these approaches results in different threat orderings, and can be chosen based on the context of applications or preference of organizations.
Fichier principal
Vignette du fichier
978-3-642-30436-1_16_Chapter.pdf (142.43 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01518243 , version 1 (04-05-2017)

Licence

Identifiers

Cite

Hemanth Khambhammettu, Sofiene Boulares, Kamel Adi, Luigi Logrippo. A Framework for Threat Assessment in Access Control Systems. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. pp.187-198, ⟨10.1007/978-3-642-30436-1_16⟩. ⟨hal-01518243⟩
142 View
86 Download

Altmetric

Share

More