A Framework for Threat Assessment in Access Control Systems

Abstract : We describe a framework for threat assessment specifically within the context of access control systems, where subjects request access to resources for which they may not be pre-authorized. The framework that we describe includes four different approaches for conducting threat assessment: an object sensitivity-based approach, a subject trustworthiness-based approach and two additional approaches which are based on the difference between object sensitivity and subject trustworthiness. We motivate each of the four approaches with a series of examples. We also identify and formally describe the properties that are to be satisfied within each approach. Each of these approaches results in different threat orderings, and can be chosen based on the context of applications or preference of organizations.
Type de document :
Communication dans un congrès
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.187-198, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_16〉
Liste complète des métadonnées

Littérature citée [9 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01518243
Contributeur : Hal Ifip <>
Soumis le : jeudi 4 mai 2017 - 13:45:35
Dernière modification le : lundi 11 décembre 2017 - 14:14:01
Document(s) archivé(s) le : samedi 5 août 2017 - 13:25:23

Fichier

978-3-642-30436-1_16_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Hemanth Khambhammettu, Sofiene Boulares, Kamel Adi, Luigi Logrippo. A Framework for Threat Assessment in Access Control Systems. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.187-198, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_16〉. 〈hal-01518243〉

Partager

Métriques

Consultations de la notice

111

Téléchargements de fichiers

21