research-article

Risk-based access control systems built on fuzzy inferences

Authors:
Qun Ni

Purdue University, W. Lafayette, IN

Purdue University, W. Lafayette, IN
View Profile

,
Elisa Bertino

Purdue University, W. Lafayette, IN

Purdue University, W. Lafayette, IN
View Profile

,
Jorge Lobo

IBM T. J. Watson Research Center, Hawthorne, NY

IBM T. J. Watson Research Center, Hawthorne, NY
View Profile

ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications SecurityApril 2010Pages 250–260https://doi.org/10.1145/1755688.1755719

Published:13 April 2010Publication History

ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security

Pages 250–260

ABSTRACT

Fuzzy inference is a promising approach to implement risk-based access control systems. However, its application to access control raises some novel problems that have not been yet investigated. First, because there are many different fuzzy operations, one must choose the fuzzy operations that best address security requirements. Second, risk-based access control, though it improves information flow and better addresses requirements from critical organizations, may result in damages by malicious users before mitigating steps are taken. Third, the scalability of a fuzzy inference-based access control system is questionable. The time required by a fuzzy inference engine to estimate risks may be quite high especially when there are tens of parameters and hundreds of fuzzy rules. However, an access control system may need to serve hundreds or thousands of users. In this paper, we investigate these issues and present our solutions or answers to them.

References

FICO Credit Score, Apr 2009.Google Scholar
C. Alberts and A. Dorofee. Managing Information Security Risks: The OCTAVE (SM) Approach. Addison-Wesley Professional, July 2002. Google ScholarDigital Library
C. J. Alberts and A. Dorofee. Managing Information Security Risks: The Octave Approach. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2002. Google ScholarDigital Library
J. Alcalá-Fdez, R. Alcalá, M. J. Gacto, and F. Herrera. Learning the membership function contexts for mining fuzzy association rules by using genetic algorithms. Fuzzy Sets and Systems, 160(7):905--921, 2009. Theme: Modeling and Learning. Google ScholarDigital Library
H. Allamehzadeh and J. Cheung. Smooth response sliding mode fuzzy control with intrinsic boundary layer. volume 1, pages 488--493 vol. 1, May 2003.Google Scholar
M. Benrejeb, A. Sakly, K. B. Othman, and P. Borne. Choice of conjunctive operator of tsk fuzzy systems and stability domain study. Mathematics and Computers in Simulation, 76(5--6):410--421, 2008. Mathematical Aspects of Modelling and Control. Google ScholarDigital Library
H. Berenji, R. Lea, Y. Jani, P. Khedkar, A. Malkani, and J. Hoblit. Space shuttle attitude control by reinforcement learning and fuzzy logic. In Fuzzy Systems, 1993., Second IEEE International Conference on, pages 1396--1401 vol. 2, 1993.Google ScholarCross Ref
P.-C. Cheng, P. Rohatgi, C. Keser, P. A. Karger, G. M. Wagner, and A. S. Reninger. Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. In IEEE Symposium on Security and Privacy, pages 222--230. IEEE Computer Society, 2007. Google ScholarDigital Library
D. Dubois and R. R. Yager. Fuzzy set connectives as combinations of belief structures. Inf. Sci., 66(3):245--276, 1992. Google ScholarDigital Library
M. J. Er and Y. Zhou. Automatic generation of fuzzy inference systems via unsupervised learning. Neural Networks, 21(10):1556--1566, 2008. ICONIP 2007. Google ScholarDigital Library
S. Gottwald. A Treatise on Many-Valued Logics, volume 9 of Studies in Logic and Computation. Research Studies Press Ltd., Baldock, Hertfordshire, England, 1st edition, 2001.Google Scholar
P. Hájek. Metamathematics of Fuzzy Logic, volume 4 of Trends in Logic. Kluwer Academic Publishers, Dordrecht, The Netherlands, 1st edition, 1998.Google Scholar
JASON Program Office. HORIZONTAL INTEGRATION: Broader Access Models for Realizing Information Dominance. Technical Report JSR-04-132, MITRE Corporation, McLean, Virginia 22102, 12 2004.Google ScholarCross Ref
S. Jenei. How to construct left-continuous triangular norms--state of the art. Fuzzy Sets and Systems, 143(1):27--45, 2004.Google ScholarCross Ref
S. Jenei. Recent advances in the field of left-continuous t-norms. In M. Stepnicka, V. Novák, and U. Bodenhofer, editors, EUSFLAT Conf. (1), pages 23--24. Universitas Ostraviensis, 2007.Google Scholar
E. P. Klement, R. Mesiar, and E. Pap. Triangular Norms, volume 8 of Trends in Logic - Studia Logica Library. Kluwer Academic Publishers, Dordrecht, The Netherlands, 1st edition, 2000.Google Scholar
V. Kreinovich, G. C. Mouzouris, and H. T. Nguyen. Fuzzy Systems: Modeling and Control, chapter Fuzzy rule based modeling as a universal approximation tool, pages 135--195. Kluwer, Boston, MA, 1998.Google Scholar
C.-F. J. Kuo and C.-H. Chiu. Auto-focus control of a cmos image sensing module. J. Intell. Fuzzy Syst., 18(4):405--415, 2007. Google ScholarDigital Library
K. C. Maes and B. De Baets. On the structure of left-continuous t-norms that have a continuous contour line. Fuzzy Sets Syst., 158(8):843--860, 2007. Google ScholarDigital Library
D. H. Sharp and M. M. Wood-Schultz. QMU and Nuclear Weapons Certification What's under the hood? Los Alamos Science, (28):47--53, 2003.Google Scholar
C.-T. Sun and J.-S. R. Jang. Using genetic algorithms in structuring a fuzzy rulebase. In S. Forrest, editor, ICGA, page 655. Morgan Kaufmann, 1993. Google ScholarDigital Library
L. A. Zadeh. The concept of a linguistic variable and its application to approximate reasoning - i. Inf. Sci., 8(3):199--249, 1975.Google ScholarCross Ref
A. Zenebe and A. F. Norcio. Representation, similarity measures and aggregation methods using fuzzy sets for content-based recommender systems. Fuzzy Sets and Systems, 160(1):76--94, 2009. Theme: Aggregation Operations. Google ScholarDigital Library
H.-J. Zimmermann, editor. Practical Applications of Fuzzy Technologies, volume 6 of The Handbooks of Fuzzy Sets. Springer, 2000.Google Scholar

Index Terms

Risk-based access control systems built on fuzzy inferences
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Towards Attribute-Based Access Control Policy Engineering Using Risk
Risk Assessment and Risk-Driven Testing
Abstract
In this paper, we consider a policy engineering problem for attribute-based access control. The general goal is to help a policy writer to specify access control policies. In particular, we target the problem of defining the values of attributes ...
Read More
A Fuzzy Modeling Approach for Risk-Based Access Control in eHealth Cloud
TRUSTCOM '13: Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

A number of recent studies have adopted risk assessment in access control for healthcare applications, but few of the work is specifically concerned with the risk assessment in the presence of uncertainties, such as uncertain values of risk factors, and ...
Read More
Constraints-based access control
Das'01: Proceedings of the fifteenth annual working conference on Database and application security

The most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
April 2010
363 pages
ISBN:9781605589367
DOI:10.1145/1755688
General Chair:
Dengguo Feng
Chinese Academy of Sciences, China
,
Program Chairs:
David Basin
ETH Zurich, Switzerland
,
Peng Liu
Pennsylvania State University
Copyright © 2010 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 13 April 2010
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
access control
fuzzy inference
risk
Qualifiers
- research-article
Conference

Acceptance Rates
ASIACCS '10 Paper Acceptance Rate25of166submissions,15%Overall Acceptance Rate418of2,322submissions,18%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 77
  Total Citations
  View Citations
- 1,162
  Total Downloads
- Downloads (Last 12 months)26
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Risk-based access control systems built on fuzzy inferences

ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Towards Attribute-Based Access Control Policy Engineering Using Risk

A Fuzzy Modeling Approach for Risk-Based Access Control in eHealth Cloud

Constraints-based access control