Risk based access control using classification

Nazia Badar, Jaideep Vaidya, Vijayalakshmi Atluri, Basit Shafiq

Research output: Chapter in Book/Report/Conference proceedingChapter

3 Scopus citations


Traditional access control operates under the principle that a user's request to a specific resource is denied if there does not exist an explicit specification of the permission in the system. In many emergency and disaster management situations, access to critical information is expected because of the 'need to share', and in some cases, because of the 'responsibility to provide' information. Therefore, the importance of situational semantics cannot be underestimated when access control decisions are made. There is a need for providing access based on the (unforeseen) situation, where simply denying an access may have more deleterious effects than granting access, if the underlying risk is small. These requirements have significantly increased the demand for new access control solutions that provide flexible, yet secure access. In this paper, we quantify the risk associated with granting an access based on the technique of classification. We propose two approaches for risk-based access control. The first approach, considers only the simple access control matrix model, and evaluates the risk of granting a permission based on the existing user-permission assignments. The second assumes role-based access control, and determines the best situational role that has least risk and allows maximum permissiveness when assigned under uncertainty. We experimentally evaluate both approaches with real and synthetic datasets.

Original languageEnglish (US)
Title of host publicationAutomated Security Management
PublisherSpringer International Publishing
Number of pages17
ISBN (Electronic)9783319014333
ISBN (Print)9783319014326
StatePublished - Jan 1 2013

All Science Journal Classification (ASJC) codes

  • Computer Science(all)


Dive into the research topics of 'Risk based access control using classification'. Together they form a unique fingerprint.

Cite this