Name: | Description: | Size: | Format: | |
---|---|---|---|---|
214.42 KB | Adobe PDF |
Advisor(s)
Abstract(s)
Within the necessary security requirements, accesRisk Adaptable Accesss
control measures are essential to provide adequate means to
protect data from unauthorized accesses. However, current and
traditional solutions are commonly based on predefined access
policies and roles and are therefore inflexible by assuming
uniform access control decisions through people’s different
type of devices, environments and situational conditions, across
enterprises, location and time. The most ubiquitous device
that people now hold is the smartphone. We live in an age
of the mobile paradigm of anytime/anywhere access from
different types of connections and situations to different types
of information. In this new age, access control models need to
determine adaptable access decisions based on multiple factors
aggregated at the moment of the request, to calculate the security
risk and operational security needs, and not just to perform
a predefined comparison of attributes. Thus, there is a need
for more innovative, flexible, adaptive, dynamic, transparent
and more resilient access control models, that are required
for more heterogeneous requests. This paper presents a new
dynamic access control model: SoTRAACE - Socio-Technical
Risk-Adaptable Access Control Model. The model aggregates
attributes from various domains to help performing a risk
assessment at the moment of request. The risk assessment is
balanced against the operational needs to provide the most
accurate and secure access decision. As a proof of concept
SoTRAACE is used to model and compare two different use-case
scenarios in the healthcare sector.
Description
Keywords
Data privacy Health Information Systems Mobile Access Control Risk Adaptable Access Socio-technical Systems Ubiquitous Access