Title :
Toward information sharing: benefit and risk access control (BARAC)
Author :
Zhang, Lei ; Brodsky, Alexander ; Jajodia, Sushil
Author_Institution :
Center for Secure Inf. Syst., George Mason Univ., Fairfax, VA
Abstract :
This paper describes an access control model, called BARAC, that is based on balancing risks of information disclosure with benefits of information sharing. The model configuration associates risk and benefit vectors with every read and update transaction. An allowed transactions graph captures allowed transactions and flow paths that can be used to carry out the transactions. The total system is required to be profitable, in that the total system benefit must overweigh the total system risk; and the allowed transaction graph is required to be optimal, in that its profit cannot be improved by adding transactions or removing transactions. Both the system configuration and the allowed transaction graph can be dynamically modified, while preserving the required properties. The dynamic modifications are done in the scope of hierarchies of tasks and responsible parties, that control the task structure and risk budget allocation to tasks
Keywords :
authorisation; graph theory; resource allocation; risk analysis; transaction processing; access control model; benefit and risk access control; information disclosure; information sharing; model configuration; read transaction; risk budget allocation; system risk; task structure; transaction graph; update transaction; Access control; Communication system control; Drives; Information security; Information systems; Local government; Multilevel systems; Protection; Software engineering; Terrorism;
Conference_Titel :
Policies for Distributed Systems and Networks, 2006. Policy 2006. Seventh IEEE International Workshop on
Conference_Location :
London, Ont.
Print_ISBN :
0-7695-2598-9
DOI :
10.1109/POLICY.2006.36
