A Framework for Threat Assessment in Access Control Systems

Abstract : We describe a framework for threat assessment specifically within the context of access control systems, where subjects request access to resources for which they may not be pre-authorized. The framework that we describe includes four different approaches for conducting threat assessment: an object sensitivity-based approach, a subject trustworthiness-based approach and two additional approaches which are based on the difference between object sensitivity and subject trustworthiness. We motivate each of the four approaches with a series of examples. We also identify and formally describe the properties that are to be satisfied within each approach. Each of these approaches results in different threat orderings, and can be chosen based on the context of applications or preference of organizations.
Document type :
Conference papers
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.187-198, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_16〉
Liste complète des métadonnées

Cited literature [9 references]  Display  Hide  Download

https://hal.inria.fr/hal-01518243
Contributor : Hal Ifip <>
Submitted on : Thursday, May 4, 2017 - 1:45:35 PM
Last modification on : Thursday, May 4, 2017 - 2:53:53 PM
Document(s) archivé(s) le : Saturday, August 5, 2017 - 1:25:23 PM

File

978-3-642-30436-1_16_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Hemanth Khambhammettu, Sofiene Boulares, Kamel Adi, Luigi Logrippo. A Framework for Threat Assessment in Access Control Systems. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.187-198, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_16〉. 〈hal-01518243〉

Share

Metrics

Record views

69

Document downloads

15