poster

Poster: using quantified risk and benefit to strengthen the security of information sharing

Authors:

Weili Han,

Chenguang Shen,

Yuliang Yin,

Yun Gu,

Chen ChenAuthors Info & Claims

CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Pages 781 - 784

https://doi.org/10.1145/2046707.2093492

Published: 17 October 2011 Publication History

Get Access

Abstract

Risk and benefit are two implicit key factors to determine accesses in secure information sharing. Recent researches have shown that they can be explicitly quantified and used to improve the flexibility in information systems. This paper introduces the motivation and a technical design of Quantified riSk and Benefit adaptive Access Control (QSBAC) to strengthen the security of information sharing. The paper also introduces the key issues to design policies in QSBAC.

References

[1]

P. Cheng, P. Rohatgi, C. Keser, P. A. Karger, G. M. Wagner, and A. S. Reninger. Fuzzy multi.level security: An experiment on quantified risk adaptive access control. In SP'07, pages 222 -- 230, CA, USA, May 2007. ACM.

Digital Library

Google Scholar

[2]

W. Han, Q. Ni, and H. Chen. Apply measurable risk to strengthen security of a role-based delegation supporting workflow system. In POLICY 2009, pages 45--52, 2009.

Digital Library

Google Scholar

[3]

JASON. Horizontal integration: Broader access models for realizing information dominance. Technical Report JSR-04--132, MITRE Corporation, http://www.fas.org/irp/agency/dod/jason/classpol.pdf, 2004.

Google Scholar

[4]

Ppzian. Enterprise xacml implementation. In http://sourceforge.net/projects/java-xacml/, 2008.

Google Scholar

[5]

E. Rissanen. Extensible access control markup language (xacml). OASIS Standard, April 2009.

Google Scholar

[6]

M. Srivatsa, D. Agrawal, and S. Reidt. A metadata calculus for secure information sharing. In CCS'09, IL, USA, 2009.

Digital Library

Google Scholar

[7]

L. Zhang, A. Brodsky, and S. Jajodia. Toward information sharing: Benefit and risk access control (barac). In POLICY 2006, pages 45--53, London, Ontario, Canada, June 2006.

Digital Library

Google Scholar

Index Terms

Poster: using quantified risk and benefit to strengthen the security of information sharing
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software notations and tools
    1. Software configuration management and version control systems

Recommendations

Dynamic combination of authentication factors based on quantified risk and benefit

By combining multiple factors during authentication, a service can provide better assurance of security. However, the users are likely to feel inconvenient, or even discard the service. This paper, therefore, addresses this issue and introduces a novel ...
Group-centric models for secure and agile information sharing
MMM-ACNS'10: Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security

To share information and retain control (share-but-protect) is a classic cyber security problem for which effective solutions continue to be elusive. Where the patterns of sharing are well defined and slow to change it is reasonable to apply the ...
Secure information sharing enabled by Trusted Computing and PEI models
ASIACCS '06: Proceedings of the 2006 ACM Symposium on Information, computer and communications security

The central goal of secure information sharing is to "share but protect" where the motivation to "protect" is to safeguard the sensitive content from unauthorized disclosure (in contrast to protecting the content to avoid loss of revenue as in retail ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

October 2011

742 pages

ISBN:9781450309486

DOI:10.1145/2046707

General Chair:
Yan Chen
Northwestern University, USA
,
Program Chairs:
George Danezis
Microsoft Research Cambridge, UK
,
Vitaly Shmatikov
University of Texas at Austin, USA

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Poster

Conference

CCS'11

Sponsor:

SIGSAC

CCS'11: the ACM Conference on Computer and Communications Security

October 17 - 21, 2011

Illinois, Chicago, USA

Acceptance Rates

CCS '11 Paper Acceptance Rate 60 of 429 submissions, 14%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
227
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Index Terms

Recommendations

Dynamic combination of authentication factors based on quantified risk and benefit

Group-centric models for secure and agile information sharing

Secure information sharing enabled by Trusted Computing and PEI models