Title :
Resilience as a New Enforcement Model for IT Security Based on Usage Control
Author :
Wohlgemuth, Sven
Author_Institution :
Syst. Security Lab., Center for Adv. Security Res. Darmstadt, Darmstadt, Germany
Abstract :
Security and privacy are not only general requirements of a society but also indispensable enablers for innovative IT infrastructure applications aiming at increased, sustainable welfare and safety of a society. A critical activity of these IT applications is spontaneous information exchange. This information exchange, however, creates inevitable, unknown dependencies between the participating IT systems, which, in turn threaten security and privacy. With the current approach to IT security, security and privacy follow changes and incidents rather than anticipating them. By sticking to a given threat model, the current approach fails to consider vulnerabilities which arise during a spontaneous information exchange. With the goal of improving security and privacy, this work proposes adapting an IT security model and its enforcement to current and most probable incidents before they result in an unacceptable risk for the participating parties or failure of IT applications. Usage control is the suitable security policy model, since it allows changes during run-time without conceptually raising additional incidents.
Keywords :
information technology; security of data; IT applications; IT security model; IT systems; critical activity; enforcement model; indispensable enablers; innovative IT infrastructure applications; privacy; security policy model; spontaneous information exchange; sustainable welfare; usage control; Adaptation models; Adaptive systems; Availability; Information exchange; Privacy; Resilience; Security; data provenance; identity management; resilience; security and privacy; usage control;
Conference_Titel :
Security and Privacy Workshops (SPW), 2014 IEEE
Conference_Location :
San Jose, CA
DOI :
10.1109/SPW.2014.14
