ABSTRACT
Fuzzy inference is a promising approach to implement risk-based access control systems. However, its application to access control raises some novel problems that have not been yet investigated. First, because there are many different fuzzy operations, one must choose the fuzzy operations that best address security requirements. Second, risk-based access control, though it improves information flow and better addresses requirements from critical organizations, may result in damages by malicious users before mitigating steps are taken. Third, the scalability of a fuzzy inference-based access control system is questionable. The time required by a fuzzy inference engine to estimate risks may be quite high especially when there are tens of parameters and hundreds of fuzzy rules. However, an access control system may need to serve hundreds or thousands of users. In this paper, we investigate these issues and present our solutions or answers to them.
- FICO Credit Score, Apr 2009.Google Scholar
- C. Alberts and A. Dorofee. Managing Information Security Risks: The OCTAVE (SM) Approach. Addison-Wesley Professional, July 2002. Google ScholarDigital Library
- C. J. Alberts and A. Dorofee. Managing Information Security Risks: The Octave Approach. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2002. Google ScholarDigital Library
- J. Alcalá-Fdez, R. Alcalá, M. J. Gacto, and F. Herrera. Learning the membership function contexts for mining fuzzy association rules by using genetic algorithms. Fuzzy Sets and Systems, 160(7):905--921, 2009. Theme: Modeling and Learning. Google ScholarDigital Library
- H. Allamehzadeh and J. Cheung. Smooth response sliding mode fuzzy control with intrinsic boundary layer. volume 1, pages 488--493 vol. 1, May 2003.Google Scholar
- M. Benrejeb, A. Sakly, K. B. Othman, and P. Borne. Choice of conjunctive operator of tsk fuzzy systems and stability domain study. Mathematics and Computers in Simulation, 76(5--6):410--421, 2008. Mathematical Aspects of Modelling and Control. Google ScholarDigital Library
- H. Berenji, R. Lea, Y. Jani, P. Khedkar, A. Malkani, and J. Hoblit. Space shuttle attitude control by reinforcement learning and fuzzy logic. In Fuzzy Systems, 1993., Second IEEE International Conference on, pages 1396--1401 vol. 2, 1993.Google ScholarCross Ref
- P.-C. Cheng, P. Rohatgi, C. Keser, P. A. Karger, G. M. Wagner, and A. S. Reninger. Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. In IEEE Symposium on Security and Privacy, pages 222--230. IEEE Computer Society, 2007. Google ScholarDigital Library
- D. Dubois and R. R. Yager. Fuzzy set connectives as combinations of belief structures. Inf. Sci., 66(3):245--276, 1992. Google ScholarDigital Library
- M. J. Er and Y. Zhou. Automatic generation of fuzzy inference systems via unsupervised learning. Neural Networks, 21(10):1556--1566, 2008. ICONIP 2007. Google ScholarDigital Library
- S. Gottwald. A Treatise on Many-Valued Logics, volume 9 of Studies in Logic and Computation. Research Studies Press Ltd., Baldock, Hertfordshire, England, 1st edition, 2001.Google Scholar
- P. Hájek. Metamathematics of Fuzzy Logic, volume 4 of Trends in Logic. Kluwer Academic Publishers, Dordrecht, The Netherlands, 1st edition, 1998.Google Scholar
- JASON Program Office. HORIZONTAL INTEGRATION: Broader Access Models for Realizing Information Dominance. Technical Report JSR-04-132, MITRE Corporation, McLean, Virginia 22102, 12 2004.Google ScholarCross Ref
- S. Jenei. How to construct left-continuous triangular norms--state of the art. Fuzzy Sets and Systems, 143(1):27--45, 2004.Google ScholarCross Ref
- S. Jenei. Recent advances in the field of left-continuous t-norms. In M. Stepnicka, V. Novák, and U. Bodenhofer, editors, EUSFLAT Conf. (1), pages 23--24. Universitas Ostraviensis, 2007.Google Scholar
- E. P. Klement, R. Mesiar, and E. Pap. Triangular Norms, volume 8 of Trends in Logic - Studia Logica Library. Kluwer Academic Publishers, Dordrecht, The Netherlands, 1st edition, 2000.Google Scholar
- V. Kreinovich, G. C. Mouzouris, and H. T. Nguyen. Fuzzy Systems: Modeling and Control, chapter Fuzzy rule based modeling as a universal approximation tool, pages 135--195. Kluwer, Boston, MA, 1998.Google Scholar
- C.-F. J. Kuo and C.-H. Chiu. Auto-focus control of a cmos image sensing module. J. Intell. Fuzzy Syst., 18(4):405--415, 2007. Google ScholarDigital Library
- K. C. Maes and B. De Baets. On the structure of left-continuous t-norms that have a continuous contour line. Fuzzy Sets Syst., 158(8):843--860, 2007. Google ScholarDigital Library
- D. H. Sharp and M. M. Wood-Schultz. QMU and Nuclear Weapons Certification What's under the hood? Los Alamos Science, (28):47--53, 2003.Google Scholar
- C.-T. Sun and J.-S. R. Jang. Using genetic algorithms in structuring a fuzzy rulebase. In S. Forrest, editor, ICGA, page 655. Morgan Kaufmann, 1993. Google ScholarDigital Library
- L. A. Zadeh. The concept of a linguistic variable and its application to approximate reasoning - i. Inf. Sci., 8(3):199--249, 1975.Google ScholarCross Ref
- A. Zenebe and A. F. Norcio. Representation, similarity measures and aggregation methods using fuzzy sets for content-based recommender systems. Fuzzy Sets and Systems, 160(1):76--94, 2009. Theme: Aggregation Operations. Google ScholarDigital Library
- H.-J. Zimmermann, editor. Practical Applications of Fuzzy Technologies, volume 6 of The Handbooks of Fuzzy Sets. Springer, 2000.Google Scholar
Index Terms
- Risk-based access control systems built on fuzzy inferences
Recommendations
Towards Attribute-Based Access Control Policy Engineering Using Risk
Risk Assessment and Risk-Driven TestingAbstractIn this paper, we consider a policy engineering problem for attribute-based access control. The general goal is to help a policy writer to specify access control policies. In particular, we target the problem of defining the values of attributes ...
A Fuzzy Modeling Approach for Risk-Based Access Control in eHealth Cloud
TRUSTCOM '13: Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and CommunicationsA number of recent studies have adopted risk assessment in access control for healthcare applications, but few of the work is specifically concerned with the risk assessment in the presence of uncertainties, such as uncertain values of risk factors, and ...
Constraints-based access control
Das'01: Proceedings of the fifteenth annual working conference on Database and application securityThe most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper ...
Comments