Access Control:Allocating resources to selfish agents
Description
The ultimate goal of an authorisation system is to allocate each user the level of access they need to complete their job - no more and no less. This proves to be challenging in an organisational setting because on one hand employees need enough access to perform their tasks, while on the other hand more access will bring about an increasing risk of misuse - either intentionally, where an employee uses the access for personal benefit, or unintentionally through carelessness, losing the information or being socially engineered to give access to an adversary. With the goal of developing a more dynamic authorisation model, we have adopted a game theoretic framework to reason about the factors that may affect users’ likelihood to misuse a permission at the time of an access decision. Game theory provides a useful but previously ignored perspective in authorisation theory: the notion of the user as a self-interested player who selects among a range of possible actions depending on their pay-offs.
Impact and interest:
Citation counts are sourced monthly from Scopus and Web of Science® citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.
| ID Code: | 41314 | ||||
|---|---|---|---|---|---|
| Item Type: | Contribution to Journal (Journal Article) | ||||
| Refereed: | No | ||||
| ORCID iD: |
|
||||
| Measurements or Duration: | 4 pages | ||||
| Keywords: | access control, authorization, game theory, information security, insider problem | ||||
| Pure ID: | 32101958 | ||||
| Divisions: | Past > QUT Faculties & Divisions > QUT Business School Past > Institutes > Institute for Future Environments Past > QUT Faculties & Divisions > Science & Engineering Faculty Current > Schools > School of Economics & Finance |
||||
| Copyright Owner: | Copyright 2011 IEEE COMSOC MMTC E-Letter | ||||
| Copyright Statement: | This work is covered by copyright. Unless the document is being made available under a Creative Commons Licence, you must assume that re-use is limited to personal use and that permission from the copyright owner must be obtained for all other uses. If the document is available under a Creative Commons License (or other specified license) then refer to the Licence for details of permitted re-use. It is a condition of access that users recognise and abide by the legal requirements associated with these rights. If you believe that this work infringes copyright please provide details by email to qut.copyright@qut.edu.au | ||||
| Deposited On: | 14 Apr 2011 23:12 | ||||
| Last Modified: | 02 Mar 2024 06:20 |
Export: EndNote | Dublin Core | BibTeX
Repository Staff Only: item control page
CORE (COnnecting REpositories)
CORE (COnnecting REpositories)