research-article

Trading in risk: using markets to improve access control

Authors:

Pau-Chen Cheng,

Pankaj RohatgiAuthors Info & Claims

NSPW '08: Proceedings of the 2008 New Security Paradigms Workshop

Pages 107 - 125

https://doi.org/10.1145/1595676.1595694

Published: 22 September 2008 Publication History

Abstract

With the increasing need to securely share information, current access control systems are proving too in flexible and difficult to adapt. Recent work on risk-based access control systems has shown promise at resolving the inadequacies of traditional access control systems, and promise to increase information sharing and security. We consider some of the core open problems in risk-based access control systems, namely where and how much risk to take. We propose the use of market mechanisms to determine an organization's risk tolerance and allocation. We show that with the correct incentives, an employee will make optimal choices for the organization. We also comment on how the market can be used to ensure employees behave honestly and detect those who are malicious. Through simulations, we empirically show the advantage of risk-based access control systems and market mechanisms at increasing information sharing and security.

References

[1]

FCC: Wireless telecommunications bureau, October 2007. http://wireless.fcc.gov

[2]

I. Balepin, S. Maltsev, J. Rowe, and K. Levitt. Using Specification. Based Intrusion Detection for Automated Response. In Sixth International Symposium on Recent Advances in Intrusion Detection (RAID), 2003.

[3]

Basel Committee on Banking Supervision. International convergence of capital measurement and capital standards. Technical report, Bank for Internaional Settlements, June 2006. Basel II.

[4]

J. Bingaman, A. Specter, T. Harkin, T. Stevens, L. Murkowski, and D. Akaka. Low Carbon Economy Act of 2007. Technical report, United States Congress, 2007. Proposed.

[5]

R. Böhme and G. Kataria. Models and measures for correlation in cyber-insurance. The Fifth Workshop on the Economics of Information Security (WEIS 2006), June 2006.

[6]

S. Brands. Untraceable off-line cash in wallets with observers. Advances in Cryptology--CRYPTO'93, 1993.

Digital Library

[7]

D. Brenner and J. Morgan. The Vickrey-Clarke-Groves versus the simultaneous ascending auction: An experimental approach. A1. 133 WP 188, 1997.

[8]

A. Byde, M. Sallé, and C. Bartolini. Market-based resource allocation for utility data centers. Technical report, Hewlett-Packard, 2003.

[9]

V. Cahill, E. Gray, J.-M. Seigneur, C.D. Jensen, B. Shand, N. Dimmock, A. Twigg, J. Bacon, C. English, W. Wagealla, S. Terzis, P. Nixon, G. di Marzo Serugendo, M. Barbone, K. Krukow, and M. Nielsen. Using trust for secure collaboration in uncertain environments. Pervasive Computing, 2003.

Digital Library

[10]

C. Castelfranchi and R. Falcone. Principles of trust for MAS: Cognitive anatomy, social importance, and quantification. In ICMAS'98: Proceedings of the 3rd International Conference on Multi Agent Systems, page 72, Washington, DC, USA, 1998. IEEE Computer Society.

Digital Library

[11]

D. Chaum, A. Fiat, and M. Naor. Untraceable electronic cash. In CRYPTO'88: Proceedings on Advances in cryptology, pages 319--327, New York, NY, USA, 1990. Springer-Verlag New York, Inc.

Digital Library

[12]

P.-C. Cheng and P.A. Karger. Risk Modulating Factors in Risk-Based Access Control for Information in a MANET. IBM T.J. Watson Research Center, February 2008. IBM Research Report RC24494 (W0802-051).

[13]

P.-C. Cheng and P. Rohatgi. IT Security as Risk Management: A Research Perspective. IBMT.J. Watson Research Center, April 2008. IBM Research Report RC24529 (W0804-015).

[14]

P.-C. Cheng, P. Rohatgi, C. Keser, P.A. Karger, G.M. Wagner, and A.S. Reninger. Fuzzy MLS: An Experiment on Quantified Risk-Adaptive Access Control. IEEE Symposium on Security and Privacy 2007, 2007.

Digital Library

[15]

G. Christodoulou, E. Koutsoupias, and A. Kovács. Mechanism design for fractional scheduling on unrelated machines. In L. Arge, C. Cachin, T. Jurdzinski, and A. Tarlecki, editors, ICALP, volume 4596 of Lecture Notes in Computer Science, pages 40--52. Springer, 2007.

Digital Library

[16]

E.H. Clarke. Multipart pricing of public goods. Public Choice, 11(1), September 1971.

[17]

B. Cohen. Incentives build robustness in bittorrent. NA, 2003.

[18]

G. Cybenko. Why johnny can't evaluate security risk. In IEEE Security&Privacy Magazine, volume4, pages 5--5, Jan-Feb 2006.

Digital Library

[19]

N. Dimmock, A. Belokosztolszki, D. Eyers, J. Bacon, and K. Moody. Using trust and risk in role-based access control policies. In SACMAT'04: Proceedings of the ninth ACM symposium on Access control models and technologies, pages 156--162, New York, NY, USA, 2004. ACM.

Digital Library

[20]

P. Earley. Family of Spies: Inside the John Walker Spy Ring. Bantam Books, 1988.

[21]

P. Erwin and J. Hardy. Draft climate change bill. Technical report, Department for Environment, Food and Rural Affairs, March 2007.

[22]

M. Evered and S. Bögeholz. A case study in access control requirements for a health information system. In J.M. Hogan, P. Montague, M.K. Purvis, and C. Steketee, editors, ACSW Frontiers, volume 32, pages 53--61. Australian Computer Society, 2004.

Digital Library

[23]

R. Garratt and J. Wooders. Effciency in second-price auctions: A new look at old data. Technical report, Department of Economics, UCSB, February 2004.

[24]

K. Garson and C. Adams. Security and privacy system architecture for an e-hospital environment. In K.E. Seamons, N. McBurnett, and T. Polk, editors, IDtrust, volume 283, pages 122--130. ACM, 2008.

Digital Library

[25]

D.K. Gode and S. Sunder. Allocative effciency of markets with zero-intelligence traders: Markets as a partial substitute for individual rationality. Journal of Political Economy, 101(1), 1993.

[26]

T. Groves. Incentives in teams. Econometrica, 41(4):617--631, 1973.

[27]

G. Hardin. The tragedy of the commons. Science, 162(3859):1243--1248, December 13 1968.

[28]

M.A. Harrison, W.L. Ruzzo, and J.D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461--471, 1976.

Digital Library

[29]

R.A. Howard. Decision analysis: practice and promise. Manage. Sci., 34(6):679--695, 1988.

Digital Library

[30]

JASON Program Office. Horizontal integration: Broader access models for realizing information dominance. Technical Report JSR-04-132, MITRE Corporation, 2004.

[31]

A. Josang. Trust-based decision making for electronic transactions. Fourth Nordic Workshop on Secure Computer Systems (NORDSEC'99), 1999.

[32]

A. Josang. A logic for uncertain probabilities. International Journal on Uncertainty,Fuzziness and Knowledge-based Systems, 9(3), 2001.

Digital Library

[33]

L. Kagal, J. Undercoffer, F. Perich, A. Joshi, and T. Finin. A security architecture based on trust management for pervasive computing systems. Technical report, Maryland University Department of Computer Science and Electrical Engineering, 2005.

[34]

J. Kagel and D. Levin. Independent private value auctions: Bidder behavior in first-, second-and third-price auctions with varying numbers of bidders. Economic Journal, 103:868--879, 1993.

[35]

D. Kahneman and A. Tversky. Prospect theory: An analysis of decision under risk. Econometrica, 47(2):263--292, March 1979.

[36]

Knowledge@Wharton. How we got into the subprime lending mess, September 19 2007. http://knowledge.wharton.upenn.edu/article.cfm?articleid=1812#.

[37]

Knowledge@Wharton. Victimizing the borrowers: Predatory lending's role in the subprime mortgage crisis, February 20 2008. http://knowledge.wharton.upenn.edu/article.cfm?articleid=1901&CFID=66192274&CFTOKEN=98696674&jsessionid=a83075bc94e55b3352f5

[38]

B.W. Lampson. Protection. Operating Systems Review, 8(1):18--24, Jan. 1974. initially appeared in Proceedings of the Fifth Princeton Conference on Information Sciences and Systems, Princeton University, Princeton, NJ, USA, March 1971, pp.437--443.

Digital Library

[39]

R. Lavi and C. Swamy. Truthful mechanism design for multi-dimensional scheduling via cycle monotonicity. In J.K. MacKie-Mason, D.C. Parkes, and P. Resnick, editors, ACM Conference on Electronic Commerce, pages 252--261. ACM, 2007.

Digital Library

[40]

N. Li and J. Mitchell. Rt: A role-based trust-management framework, 2003.

[41]

R.T.B. Ma, S.C.M. Lee, J.C.S. Lui, and D.K.Y. Yau. A game theoretic approach to provide incentive and service differentiation in p2p networks. In E.G.C. Jr., Z. Liu, and A. Merchant, editors, SIGMETRICS, pages 189--198. ACM, 2004.

Digital Library

[42]

L. Makowski and J.M. Ostroy. Vickrey-Clarke-Groves mechanisms and perfect competition. UCLA Economics Working Papers 333, UCLA Department of Economics, July 1984. Available at http://ideas.repec.org/p/cla/uclawp/333.html

[43]

T.W. Malone. Bringing the market inside. Harvard Business Review, pages 106--114, April 2004.

[44]

D. McAdams. Storage in internal markets. http://www.mit.edu/~mcadams/papers/im/storage.pdf 2005.

[45]

D. McAdams and T.W. Malone. Internal markets for supply chain capacity allocation. Technical Report 4546-05, MIT Sloan School of Management, 2005. MIT Sloan School of Management Working Paper No. 4546-05 and MIT Center for Coordination Science Working Paper No. 224.

[46]

R.P. McAfee. Introduction to Economic Analysis. 2006.

[47]

G. McGraw. Silver bullet speaks with dan geer. IEEE Security&Privacy, 4(4):10--13, 2006.

Digital Library

[48]

F. McSherry and K. Talwar. Mechanism design via differential privacy. In FOCS, pages 94--103. IEEE Computer Society, 2007.

Digital Library

[49]

S. Na and S. Cheon. Role delegation in role-based access control. In ACM Workshop on Role-Based Access Control, pages 39--44, 2000.

Digital Library

[50]

N. Nissanke and E.J. Khayat. Risk based security analysis of permissions in rbac. In E. Fernández-Medina, J.C.H. Castro,and L.J. García-Villalba, editors, Proceedings of the 2nd International Workshop on Security In Information Systems (WOSIS), pages 332--341. INSTICC Press, 2004.

[51]

T.G. Papaioannou and G.D. Stamoulis. Reputation-based policies that provide the right incentives in peer-to-peer environments. Computer Networks, 50(4):563--578, 2006.

Digital Library

[52]

M.H. Rothkopf. Thirteen reasons why the Vickrey-Clarke-Groves process is not practical. Operations Research, 55(2):191--197, March-April 2007.

Digital Library

[53]

A. Smith. An Inquiry into the Nature and Causes of the Wealth of Nations. 1776.

[54]

E.H. Spafford, R.A. DeMillo, A. Bernat, S. Crocker, D. Farber, V. Gligor, S. Goodman, A. Jones, S. Landau, P.G. Neumann, D. Patterson, F. Schneider, D. Tygar,and W. Wulf. Four grand challenges in trustworthy computing. Technical report, Computing Research Association, November 16-19 2003.

[55]

S. Sunder. Experimental Asset Markets: A Survey, chapter 6, pages 445--500. Princeton University Press, 1995.

[56]

P.P. Tallon. Critical steps in storage management: How business requirements shape policy decisions. Technical report, GlassHouse Technologies, 2003. http://www.dscon.ru/docs/wp_critical_steps_stor_mgmt_web.pdf

[57]

C. Thorpe and D.C. Parkes. Cryptographic securities exchanges. Financial Cryptography and Data Security (FC07), February 2007.

[58]

W. Vickrey. Counterspeculation, auctions, and competitive sealed tenders. The Journal of Finance, 16(1):8--37, March 1961.

[59]

D.A. Vise. The bureau and the mole: the unmasking of Robert Philip Hanssen, the most dangerous double agent in FBI history. Atlantic Monthly Press, 2002.

[60]

G. Wearden. The biggest rogue traders in history. January 24 2008. http://www.guardian.co.uk/business/2008/jan/24/europeanbanks.banking

[61]

R.J. Woolsey. The Aldrich H. Ames case: An assessment of CIA's role in identifying Ames as an intelligence penetration of the agency, October 21 1994. http://www.loyola.edu/dept/politics/intel/hitzrept.html

[62]

Y. Yemini, A. Dailianas, and D. Florissi. Marketnet: Using virtual currency to protect information systems. ECDL '98: Proceedings of the Second European Conference on Research and Advanced Technology for Digital Libraries, pages 891--902, 1998.

Digital Library

[63]

Y. Yemini, A. Dailianas, D. Florissi, and G. Huberman. Marketnet: Market-based protextion of information systems. Proceedings of ICE '98, First International Conference on Information and Computation Economics, October 1998.

Digital Library

[64]

L. Zhang, G.-J. Ahn, and B.-T. Chu. A rule-based framework for role based delegation. In SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies, pages 153--162, New York,NY,USA, 2001. ACM.

Digital Library

[65]

L. Zhang, G.-J. Ahn, and B. tseng Chu. A role-based delegation framework for healthcare information systems. In SACMAT, pages 125--134, 2002.

Digital Library

[66]

L. Zhang, A. Brodsky, and S. Jajodia. Toward Information Sharing: Benefit And Risk Access Control (BARAC). Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY '06), 0:45--53, 2006.

Digital Library

Cited By

Alboqmi RJahan SGamble R(2024)A Risk Adaptive Access Control Model for the Service Mesh Architecture2024 IEEE 3rd International Conference on Computing and Machine Intelligence (ICMI)10.1109/ICMI60790.2024.10585800(1-6)Online publication date: 13-Apr-2024
https://doi.org/10.1109/ICMI60790.2024.10585800
Atlam HAzad MAlassafi MAlshdadi AAlenezi A(2020)Risk-Based Access Control Model: A Systematic Literature ReviewFuture Internet10.3390/fi1206010312:6(103)Online publication date: 11-Jun-2020
https://doi.org/10.3390/fi12060103
Al-Ahmadi SAljurbua MAlabdulhafez A(2020)A Novel Risk-Based Access Control Framework for Dynamic Environments2020 International Conference on Computing and Information Technology (ICCIT-1441)10.1109/ICCIT-144147971.2020.9213738(1-10)Online publication date: 9-Sep-2020
https://doi.org/10.1109/ICCIT-144147971.2020.9213738
Show More Cited By

Index Terms

Trading in risk: using markets to improve access control
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Professional topics
    1. Management of computing and information systems
      1. Information system economics

Recommendations

An Attribute Based Framework for Risk-Adaptive Access Control Models
ARES '11: Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security

The concept of risk-based adaptive access control (RAdAC, pronounced Raid-ack) has been recently introduced in the literature. It seeks to automatically (or semi-automatically) adjust security risk for providing access to resources accounting for ...
Tatonnement beyond gross substitutes?: gradient descent to the rescue
STOC '13: Proceedings of the forty-fifth annual ACM symposium on Theory of Computing

Tatonnement is a simple and natural rule for updating prices in Exchange (Arrow-Debreu) markets. In this paper we define a class of markets for which tatonnement is equivalent to gradient descent. This is the class of markets for which there is a convex ...
Equilibrium pricing with positive externalities

We study the problem of selling an item to strategic buyers in the presence of positive historical externalities, where the value of a product increases as more people buy and use it. This increase in the value of the product is the result of resolving ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

NSPW '08: Proceedings of the 2008 New Security Paradigms Workshop

August 2009

144 pages

ISBN:9781605583419

DOI:10.1145/1595676

General Chairs:
Matt Bishop
University of California, Davis, USA
,
Christian W. Probst
Technical University of Denmark, Denmark
,
Program Chairs:
Angelos Keromytis
Columbia University, USA
,
Anil Somayaji
Carleton University, Canada

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACM: Association for Computing Machinery

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 September 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

NSPW '08

Sponsor:

ACM

NSPW '08: 2008 New Security Paradigms Workshop

September 22 - 25, 2008

California, Lake Tahoe, USA

Acceptance Rates

Overall Acceptance Rate 98 of 265 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

32
Total Citations
View Citations
686
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Alboqmi RJahan SGamble R(2024)A Risk Adaptive Access Control Model for the Service Mesh Architecture2024 IEEE 3rd International Conference on Computing and Machine Intelligence (ICMI)10.1109/ICMI60790.2024.10585800(1-6)Online publication date: 13-Apr-2024
https://doi.org/10.1109/ICMI60790.2024.10585800
Atlam HAzad MAlassafi MAlshdadi AAlenezi A(2020)Risk-Based Access Control Model: A Systematic Literature ReviewFuture Internet10.3390/fi1206010312:6(103)Online publication date: 11-Jun-2020
https://doi.org/10.3390/fi12060103
Al-Ahmadi SAljurbua MAlabdulhafez A(2020)A Novel Risk-Based Access Control Framework for Dynamic Environments2020 International Conference on Computing and Information Technology (ICCIT-1441)10.1109/ICCIT-144147971.2020.9213738(1-10)Online publication date: 9-Sep-2020
https://doi.org/10.1109/ICCIT-144147971.2020.9213738
Billard A(2019)Decision Model for the Security and Utility Risk Evaluation (SURE) FrameworkProceedings of the Australasian Computer Science Week Multiconference10.1145/3290688.3290694(1-11)Online publication date: 29-Jan-2019
https://dl.acm.org/doi/10.1145/3290688.3290694
Rullo ASerra EBertino ELobo J(2018)Optimal Placement of Security Resources for the Internet of ThingsThe Internet of Things for Smart Urban Ecosystems10.1007/978-3-319-96550-5_5(95-124)Online publication date: 11-Aug-2018
https://doi.org/10.1007/978-3-319-96550-5_5
Rullo ASerra EBertino ELobo J(2017)Shortfall-Based Optimal Placement of Security Resources for Mobile IoT ScenariosComputer Security – ESORICS 201710.1007/978-3-319-66399-9_23(419-436)Online publication date: 12-Aug-2017
https://doi.org/10.1007/978-3-319-66399-9_23
Martinelli FMatteucci ISantini F(2015)Semiring-based Specification Approaches for Quantitative SecurityElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.194.7194(95-109)Online publication date: 28-Sep-2015
https://doi.org/10.4204/EPTCS.194.7
Garrison WLee AHinrichs TOsborn STripunitara MMolloy I(2014)An actor-based, application-aware access control evaluation frameworkProceedings of the 19th ACM symposium on Access control models and technologies10.1145/2613087.2613099(199-210)Online publication date: 25-Jun-2014
https://dl.acm.org/doi/10.1145/2613087.2613099
Yang YLiu S(2014)Research on the quantification method of the operational need based on access purpose and exponential smoothing2014 IEEE 7th Joint International Information Technology and Artificial Intelligence Conference10.1109/ITAIC.2014.7065104(516-522)Online publication date: Dec-2014
https://doi.org/10.1109/ITAIC.2014.7065104
Morisset CYevseyeva IGroß Tvan Moorsel A(2014)A Formal Model for Soft Enforcement: Influencing the Decision-MakerSecurity and Trust Management10.1007/978-3-319-11851-2_8(113-128)Online publication date: 2014
https://doi.org/10.1007/978-3-319-11851-2_8
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten