Istituto di Informatica e Telematica     
Martinelli F., Morisset C. Quantitative Access Control with Partially Observable Markov Decision Process. Technical report, 2011.
This paper presents a novel access control framework reduc- ing the access control problem to a traditional decision problem, thus allowing a policy designer to reuse tools and techniques from the decision theory.We propose here to express, within a single framework, the notion of utility of an access, decisions beyond the traditional allowing/denying of an access, the uncertainty over the e ect of executing a given decision, the uncertainty over the current state of the system, and to optimize this process for a (probabilistic) sequence of requests. We show that an access control mechanism including these di erent concepts can be speci ed as a (Partially Observable) Markov Decision Process, and we illustrate this framework with a running example, which includes notions of con ict, critical resource, mitigation and auditing decisions, and we show that for a given sequence of requests, it is possible to calculate an optimal policy di erent from the naive one. This optimization is still possible even for several probable sequences of requests.
Subject Access Control
D.4.6 Security and Protection (K.6.5) Access controls

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional