Risk based access control with uncertain and time-dependent sensitivity

In traditional multi-level security (MLS) models, object labels are fixed assessments of sensitivity. In practice there will inevitably be some uncertainty about the damage that might be caused if a document falls into the wrong hands. Furthermore, unless specific management action is taken to regrade the label on an object, it does not change. This does not reflect the operational reality of many modern systems where there is clearly a temporal element to the actual sensitivity of information. Tactical information may be highly sensitive right now but comparatively irrelevant tomorrow whilst strategic secrets may need to be maintained for many years, decades, or even longer. In this paper we propose to model both security labels and clearances as probability distributions. We provide practical templates to model both uncertainty and temporally characterized dependencies, and show how these features can be naturally integrated into a recently proposed access control framework based on quantified risk.