Access control : allocating resources to selfish agents
Data(s) |
01/04/2011
|
---|---|
Resumo |
The ultimate goal of an authorisation system is to allocate each user the level of access they need to complete their job - no more and no less. This proves to be challenging in an organisational setting because on one hand employees need enough access to perform their tasks, while on the other hand more access will bring about an increasing risk of misuse - either intentionally, where an employee uses the access for personal benefit, or unintentionally through carelessness, losing the information or being socially engineered to give access to an adversary. With the goal of developing a more dynamic authorisation model, we have adopted a game theoretic framework to reason about the factors that may affect users’ likelihood to misuse a permission at the time of an access decision. Game theory provides a useful but previously ignored perspective in authorisation theory: the notion of the user as a self-interested player who selects among a range of possible actions depending on their pay-offs. |
Identificador | |
Publicador |
IEEE COMSOC MMTC E-Letter |
Relação |
http://committees.comsoc.org/mmc/e-news/E-Letter-April11.pdf Salim, Farzad, Reid, Jason F., Dulleck, Uwe, & Dawson, Edward (2011) Access control : allocating resources to selfish agents. SPECIAL ISSUE ON DECISION AND GAME THEORY FOR SECURITY, 6(4), pp. 18-21. |
Direitos |
Copyright 2011 IEEE COMSOC MMTC E-Letter |
Fonte |
QUT Business School; Computer Science; Faculty of Science and Technology; Information Security Institute; School of Economics & Finance |
Palavras-Chave | #080303 Computer System Security #140200 APPLIED ECONOMICS #Authorisation #Access Control #Game Theory #Information Security |
Tipo |
Journal Article |