Access control : allocating resources to selfish agents
Salim, Farzad, Reid, Jason F., Dulleck, Uwe, & Dawson, Edward (2011) Access control : allocating resources to selfish agents. SPECIAL ISSUE ON DECISION AND GAME THEORY FOR SECURITY, 6(4), pp. 18-21.
View at publisher (open access)
Abstract
The ultimate goal of an authorisation system is to allocate each user the level of access they need to complete their job - no more and no less. This proves to be challenging in an organisational setting because on one hand employees need enough access to perform their tasks, while on the other hand more access will bring about an increasing risk of misuse - either intentionally, where an employee uses the access for personal benefit, or unintentionally through carelessness, losing the information or being socially engineered to give access to an adversary. With the goal of developing a more dynamic authorisation model, we have adopted a game theoretic framework to reason about the factors that may affect users’ likelihood to misuse a permission at the time of an access decision. Game theory provides a useful but previously ignored perspective in authorisation theory: the notion of the user as a self-interested player who selects among a range of possible actions depending on their pay-offs.
Citations:
Citation countsare sourced monthly from Scopus and Web of Science citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science generally from 1980 onwards.
Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.
| ID Code: | 41314 |
|---|---|
| Item Type: | Journal Article |
| Keywords: | Authorisation, Access Control, Game Theory, Information Security |
| Subjects: | Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303) Australian and New Zealand Standard Research Classification > ECONOMICS (140000) > APPLIED ECONOMICS (140200) |
| Divisions: | Current > QUT Faculties and Divisions > QUT Business School Past > Schools > Computer Science Past > QUT Faculties & Divisions > Faculty of Science and Technology Past > Institutes > Information Security Institute Current > Schools > School of Economics & Finance |
| Copyright Owner: | Copyright 2011 IEEE COMSOC MMTC E-Letter |
| Deposited On: | 15 Apr 2011 09:12 |
| Last Modified: | 12 Dec 2011 14:23 |
Export: EndNote | Dublin Core | BibTeX
Repository Staff Only: item control page