Abstract
An innovative trust-based security model for Internet systems is proposed. The TCoRBAC model operates on user profiles built on the history of user with system interaction in conjunction with multi-dimensional context information. There is proposed a method of transforming the high number of possible context value variants into several user trust levels. The transformation implements Hierarchical Agglomerative Clustering strategy. Based on the user’s current trust level there are extra security mechanisms fired, or not. This approach allows you to reduce the negative effects on the system performance introduced by the security layer without any noticeable decrease in the system security level. There are also some results of such an analysis made on the Gdańsk University of Technology central system discussed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Benantar, M.: Access control systems. In: Security, Identity Management and Trust Models. Springer (2006)
Bertino, E.: RBAC models—concepts and trends. Comput. Secur. 22(6), 511–514 (2003)
Ricci, A., Viroli, M., Omicini, A.: An RBAC approach for securing access control in a mas coordination infrastructure. In: 1st International Workshop Safety and Security in MultiAgent Systems (SASEMAS 2004), pp. 110–124 (2004)
Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for web-services. Distrib. Parallel Databases 18(1), 83–105 (2005)
Khan, M.F.F., Sakamura, K.: Context-aware access control for clinical information systems. In: 2012 International Conference on Innovations in Information Technology (IIT), pp. 123–128 (2012)
Krawczyk, H., Lubomski, P.: CoRBAC—context-oriented security model (in Polish). Studia Informatica 34(3), 185–194 (2013)
Huang, X., Wang, H., Chen, Z., Lin, J.: A context, rule and role-based access control model in enterprise pervasive computing environment. In: 2006 First International Symposium on Pervasive Computing and Applications, pp. 497–502 (2006)
Miettinen, M., Asokan, N.: Towards security policy decisions based on context profiling. In: Proceedings of the 3rd ACM Workshop on Artificial Intelligence and Security—AISec’10, p. 19 (2010)
Gupta, A., Miettinen, M., Asokan, N., Nagy, M.: Intuitive security policy configuration in mobile devices using context profiling. In: 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Conference on Social Computing, pp. 471–480 (2012)
Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: a statistical anomaly approach. IEEE Commun. Mag. 40(October), 76–82 (2002)
De Capitani Di, S., Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, G.Psaila, Samarati, P.: Integrating trust management and access control in data-intensive Web applications. ACM Trans. Web 6(2), 1–43 (2012)
Woo, J.W., Hwang, M.J., Lee, C.G., Youn, H.Y.: Dynamic role-based access control with trust-satisfaction and reputation for multi-agent system. In: 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops, pp. 1121–1126 (2010)
Krawczyk, H., Lubomski, P.: User trust levels and their impact on system security and usability. In: Communications in Computer and Information Science. Springer International Publishing, pp. 82–91 (2015)
Furnell, S.: Usability versus complexity—striking the balance in end-user security. Netw. Secur. 2010(12), 13–17 (2010)
Pahnila, S.P.S., Siponen, M.S.M., Mahmood, A.M.A.: Employees’ behavior towards IS security policy compliance. In: 2007 40th Annual Hawaii International Conference on System Sciences (HICSS’07) (2007)
Lubomski, P.: Context in security of distributed e-service environments. In: Proceedings of the Chip to Cloud Security Forum 2014, p. 18 (2014)
Lubomski, P., Krawczyk, H.: Practical evaluation of security mechanisms of Internet systems (in review). IEEE Secur. Privacy Mag.
Adams, R.P.: Hierarchical Agglomerative Clustering (2016)
Borgatti, S.P.: How to explain hierarchical clustering. Connections 17(2), 78–80 (1994)
Bouguettaya, A., Yu, Q., Liu, X., Zhou, X., Song, A.: Efficient agglomerative hierarchical clustering. Expert Syst. Appl. 42(5), 2785–2797 (2015)
Wessa, P.: Free statistics software, office for research development and education version 1.1.23-r7, 2016. http://www.wessa.net/
Hartigan, J.A., Wong, M.A.: A K-Means clustering algorithm. J. Roy. Stat. Soc. 28(1), 100–108 (1979)
Comaniciu, D., Meer, P.: Mean shift analysis and applications. In: Proceedings of the Seventh IEEE International Conference on Computer Vision, vol. 2, pp. 1197–1203 (1999)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Lubomski, P., Krawczyk, H. (2016). Clustering Context Items into User Trust Levels. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Dependability Engineering and Complex Systems. DepCoS-RELCOMEX 2016. Advances in Intelligent Systems and Computing, vol 470. Springer, Cham. https://doi.org/10.1007/978-3-319-39639-2_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-39639-2_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-39638-5
Online ISBN: 978-3-319-39639-2
eBook Packages: EngineeringEngineering (R0)