Publication
SoTRAACE: Socio-technical risk-adaptable access control model
| dc.contributor.author | Moura, Pedro | |
| dc.contributor.author | Fazendeiro, Paulo | |
| dc.contributor.author | Marques, Pedro | |
| dc.contributor.author | Ferreira, Ana | |
| dc.date.accessioned | 2020-01-10T14:28:33Z | |
| dc.date.available | 2020-01-10T14:28:33Z | |
| dc.date.issued | 2017 | |
| dc.description.abstract | Within the necessary security requirements, accesRisk Adaptable Accesss control measures are essential to provide adequate means to protect data from unauthorized accesses. However, current and traditional solutions are commonly based on predefined access policies and roles and are therefore inflexible by assuming uniform access control decisions through people’s different type of devices, environments and situational conditions, across enterprises, location and time. The most ubiquitous device that people now hold is the smartphone. We live in an age of the mobile paradigm of anytime/anywhere access from different types of connections and situations to different types of information. In this new age, access control models need to determine adaptable access decisions based on multiple factors aggregated at the moment of the request, to calculate the security risk and operational security needs, and not just to perform a predefined comparison of attributes. Thus, there is a need for more innovative, flexible, adaptive, dynamic, transparent and more resilient access control models, that are required for more heterogeneous requests. This paper presents a new dynamic access control model: SoTRAACE - Socio-Technical Risk-Adaptable Access Control Model. The model aggregates attributes from various domains to help performing a risk assessment at the moment of request. The risk assessment is balanced against the operational needs to provide the most accurate and secure access decision. As a proof of concept SoTRAACE is used to model and compare two different use-case scenarios in the healthcare sector. | pt_PT |
| dc.description.version | info:eu-repo/semantics/publishedVersion | pt_PT |
| dc.identifier.doi | 10.1109/CCST.2017.8167835 | pt_PT |
| dc.identifier.uri | http://hdl.handle.net/10400.6/8204 | |
| dc.language.iso | eng | pt_PT |
| dc.peerreviewed | yes | pt_PT |
| dc.subject | Data privacy | pt_PT |
| dc.subject | Health Information Systems | pt_PT |
| dc.subject | Mobile Access Control | pt_PT |
| dc.subject | Risk Adaptable Access | pt_PT |
| dc.subject | Socio-technical Systems | pt_PT |
| dc.subject | Ubiquitous Access | pt_PT |
| dc.title | SoTRAACE: Socio-technical risk-adaptable access control model | pt_PT |
| dc.type | conference object | |
| dspace.entity.type | Publication | |
| oaire.citation.endPage | 6 | pt_PT |
| oaire.citation.startPage | 1 | pt_PT |
| person.familyName | Fazendeiro | |
| person.familyName | Ferreira | |
| person.givenName | Paulo | |
| person.givenName | Ana | |
| person.identifier.ciencia-id | 911F-3584-721F | |
| person.identifier.ciencia-id | 231D-F68A-3726 | |
| person.identifier.orcid | 0000-0001-6054-7188 | |
| person.identifier.orcid | 0000-0002-6673-7406 | |
| person.identifier.rid | B-7713-2008 | |
| person.identifier.scopus-author-id | 19640174600 | |
| rcaap.embargofct | Copyright cedido à editora no momento da publicação | pt_PT |
| rcaap.rights | closedAccess | pt_PT |
| rcaap.type | conferenceObject | pt_PT |
| relation.isAuthorOfPublication | 47442970-f246-4908-b873-0b58e684a9e9 | |
| relation.isAuthorOfPublication | 50c4a96a-e1e2-4a5b-a99e-8f7ae8582f7c | |
| relation.isAuthorOfPublication.latestForDiscovery | 50c4a96a-e1e2-4a5b-a99e-8f7ae8582f7c |