Data Sharing for Context-Sensitive Access Control Policy Evaluation and Enforcement

Full Text (PDF, 1581KB), PP.11-20

Views: 0 Downloads: 0

Author(s)

Hassan Rasheed 1,*

1. Taif University, Taif, Saudi Arabia

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2012.11.02

Received: 21 Feb. 2012 / Revised: 21 May 2012 / Accepted: 5 Jul. 2012 / Published: 8 Oct. 2012

Index Terms

Context Awareness, Systems Integration, Data Sharing, Adaptive Access Control

Abstract

Context-awareness has long been an important building block in designing systems that vary their operating behavior based on an analysis of rapidly changing operating conditions. There is the need however to define context more formally so that context data-sharing can take place between systems and more complex interactions between connected systems can be developed. The area of computer security is examined in particular as an area where the representation and sharing of context data can lead to more effective policy enforcement. A framework is proposed for sharing data between assessment sensors and enforcement mechanisms in order to facilitate more accurate policy enforcement. A detailed performance analysis of the proposed system is offered along with conclusions on the feasibility of such systems.

Cite This Paper

Hassan Rasheed, "Data Sharing for Context-Sensitive Access Control Policy Evaluation and Enforcement", International Journal of Computer Network and Information Security(IJCNIS), vol.4, no.11, pp.11-20, 2012. DOI:10.5815/ijcnis.2012.11.02

Reference

[1]Patrick Brezillon, Ghita Kouadri Mostefaoui, and Jacques Pasquier-Rocha, "Context-aware computing: A guide for the pervasive computing community," Pervasive Services, 2004. ICPS 2004. IEEE/ACS International Conference on, 2004.
[2]Herve Debar, David A. Curry, and Benjamin S. Feinstein, "The intrusion detection message exchange format (IDMEF)," 2007. Request For Comments (Experimental).
[3]Anind K Dey, "Understanding and using context," Personal Ubiquitous Comput., 5:4–7, 2001.
[4]Nathan Dimmock, András Belokosztolszki, David Eyers, Jean Bacon, and Ken Moody, "Using trust and risk in role-based access control policies," SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies, pages 156–162, 2004.
[5]Simon Godik and Tim Moses eds., "Extensible access control markup language (XACML) version 2.0," OASIS Standard, February 2005.
[6]Wilhelm Hasselbring, "Information System Integration," Communications of the ACM, 43:32–38, 2000.
[7]Joe Dog Software, "Siege," http://www.joedog.org/index/siege-home, Accessed November 2008.
[8]Stefanos Manganaris, Marvin Christensen, Dan Zerkle, and Keith Hermiz, "A data mining analysis of rtid alarms," Computer Networks, 34(4):571–577, 10 2000.
[9]Hassan Rasheed and Randy Y. C. Chow, "Automated risk assessment for sources and targets of vulnerability exploitation," In Proceedings of the 2009 WRI World Congress on Computer Science and Information Engineering - Volume 01, CSIE '09, pages 150–154, Washington, DC, USA, 2009. IEEE Computer Society.
[10]Hassan Rasheed and Randy Y.C. Chow, "Adaptive risk-aware application-level access control" In The 2009 Conference on Security and Management (SAM'09), pages 10–16, Las Vegas, NV, July 2009.
[11]Tanya Ryutov, Clifford Neuman, Dongho Kim, and Li Zhou, "Integrated access control and intrusion detection for web servers" Parallel and Distributed Systems, IEEE Transactions on, 14:841–850, 2003.
[12]Bill Schilit, Norman Adams, and Roy Want, "Context-aware computing applications," IEEE Workshop on Mobile Computing Systems and Applications, 1994.
[13]Lawrence Teo, Gail-Joon Ahn, and Yuliang Zheng, "Dynamic and risk-aware network access management," SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies, pages 217–230, 2003.