Access control : allocating resources to selfish agents

Salim, Farzad, Reid, Jason F., Dulleck, Uwe, & Dawson, Edward (2011) Access control : allocating resources to selfish agents. SPECIAL ISSUE ON DECISION AND GAME THEORY FOR SECURITY, 6(4), pp. 18-21.

View at publisher (open access)


The ultimate goal of an authorisation system is to allocate each user the level of access they need to complete their job - no more and no less. This proves to be challenging in an organisational setting because on one hand employees need enough access to perform their tasks, while on the other hand more access will bring about an increasing risk of misuse - either intentionally, where an employee uses the access for personal benefit, or unintentionally through carelessness, losing the information or being socially engineered to give access to an adversary. With the goal of developing a more dynamic authorisation model, we have adopted a game theoretic framework to reason about the factors that may affect users’ likelihood to misuse a permission at the time of an access decision. Game theory provides a useful but previously ignored perspective in authorisation theory: the notion of the user as a self-interested player who selects among a range of possible actions depending on their pay-offs.

Impact and interest:

Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 41314
Item Type: Journal Article
Refereed: No
Keywords: Authorisation, Access Control, Game Theory, Information Security
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Australian and New Zealand Standard Research Classification > ECONOMICS (140000) > APPLIED ECONOMICS (140200)
Divisions: Current > QUT Faculties and Divisions > QUT Business School
Past > Schools > Computer Science
Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
Current > Schools > School of Economics & Finance
Copyright Owner: Copyright 2011 IEEE COMSOC MMTC E-Letter
Deposited On: 14 Apr 2011 23:12
Last Modified: 12 Dec 2011 04:23

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page