Towards a game theoretic authorisation model
| Data(s) |
22/11/2010
|
|---|---|
| Resumo |
Authorised users (insiders) are behind the majority of security incidents with high financial impacts. Because authorisation is the process of controlling users’ access to resources, improving authorisation techniques may mitigate the insider threat. Current approaches to authorisation suffer from the assumption that users will (can) not depart from the expected behaviour implicit in the authorisation policy. In reality however, users can and do depart from the canonical behaviour. This paper argues that the conflict of interest between insiders and authorisation mechanisms is analogous to the subset of problems formally studied in the field of game theory. It proposes a game theoretic authorisation model that can ensure users’ potential misuse of a resource is explicitly considered while making an authorisation decision. The resulting authorisation model is dynamic in the sense that its access decisions vary according to the changes in explicit factors that influence the cost of misuse for both the authorisation mechanism and the insider. |
| Formato |
application/pdf |
| Identificador | |
| Relação |
http://eprints.qut.edu.au/34473/1/c34473.pdf DOI:10.1007/978-3-642-17197-0_14 Salim, Farzad, Reid, Jason, Dulleck, Uwe, & Dawson, Edward (2010) Towards a game theoretic authorisation model. In Proceedings of Conference on Decision and Game Theory for Security (GameSec 2010), Berlin, Germany. |
| Direitos |
Copyright 2010 Please consult the authors. |
| Fonte |
QUT Business School; Computer Science; Faculty of Science and Technology; Information Security Institute; School of Economics & Finance |
| Palavras-Chave | #080303 Computer System Security #140104 Microeconomic Theory #Authorisation Model #Information Security #Game Theory #Mechanism Design #Access Control |
| Tipo |
Conference Paper |
