Self-adaptive Authorisation Infrastructures

Abstract

Traditional approaches in access control rely on immutable criteria in which to decide and award access. These approaches are limited, notably when handling changes in an organisation’s protected resources, resulting in the inability to accommodate the dynamic aspects of risk at runtime. An example of such risk is a user abusing their privileged access to perform insider attacks. This thesis proposes self-adaptive authorisation, an approach that enables dynamic access control. A framework for developing self-adaptive authorisation is defined, where autonomic controllers are deployed within legacy based authorisation infrastructures to enable the runtime management of access control. Essential to the approach is the use of models and model driven engineering (MDE). Models enable a controller to abstract from the authorisation infrastructure it seeks to control, reason about state, and provide assurances over change to access. For example, a modelled state of access may represent an active access control policy. Given the diverse nature in implementations of authorisation infrastructures, MDE enables the creation and transformation of such models, whereby assets (e.g., policies) can be automatically generated and deployed at runtime. A prototype of the framework was developed, whereby management of access control is focused on the mitigation of abuse of access rights. The prototype implements a feedback loop to monitor an authorisation infrastructure in terms of modelling the state of access control and user behaviour, analyse potential solutions for handling malicious behaviour, and act upon the infrastructure to control future access control decisions. The framework was evaluated against mitigation of simulated insider attacks, involving the abuse of access rights governed by access control methodologies. In addition, to investigate the framework’s approach in a diverse and unpredictable environment, a live experiment was conducted. This evaluated the mitigation of abuse performed by real users as well as demonstrating the consequence of self-adaptation through observation of user response.

Categories

Keywords

Reprint years

Other Versions

No versions found

Links

PhilArchive

    This entry is not archived by us. If you are the author and have permission from the publisher, we recommend that you archive it. Many publishers automatically grant permission to authors to archive pre-prints. By uploading a copy of your work, you will enable us to better index it, making it easier to find.

    Upload a copy of this work     Papers currently archived: 104,583

External links

Setup an account with your affiliations in order to access resources via your University's proxy server

Through your library

  • Only published works are available at libraries.

My notes

Similar books and articles

Just-in-Time Access for Databases: Harnessing AI for Smarter, Safer Permissions.Attaluri Vivekchowdary - 2023 - International Journal of Innovative Research in Science, Engineering and Technology (Ijirset) 12 (4):4702-4712.
ACCESS CONTROL MODELS FOR SECURE HYBRID CLOUD DEPLOYMENT.Sharma Sidharth - 2017 - Journal of Artificial Intelligence and Cyber Security (Jaics) 1 (1):7-12.
Access Control Frameworks for Secure Hybrid Cloud Deployments.Sharma Sidharth - 2017 - Journal of Artificial Intelligence and Cyber Security (Jaics) 1 (1):1-7.
A Meta-model of Access Control in a Fibred Security Language.Steve Barker, Guido Boella, Dov M. Gabbay & Valerio Genovese - 2009 - Studia Logica 92 (3):437-477.
Accessing Self-Control.Polaris Koi - 2023 - Erkenntnis 88 (8):3239-3258.
Design of Cybersecurity Smart Controller For Grid Connected Microgrid.Soma Abhiram - 2024 - International Journal of Engineering Innovations and Management Strategies 1 (5):1-15.
Track-Me.S. Tejaswi - 2024 - International Journal of Engineering Innovations and Management Strategies 1 (4):1-12.
Robust Multiple Authority and Attribute Based Encryption for Access Control in Cloud Computing.P. S. Mona & M. Dhande ProfNutan - 2018 - International Journal on Recent and Innovation Trends in Computing and Communication 6 (3).
Sustainable Access Management for Cloud Instances With SSH Securing Cloud Infrastructure With PAM Solutions.Vivekchowdary Attaluri Subash Banala - 2025 - Igi Global Scientific Publishing 1 (1):321-340.
An Indirect Argument for the Access Theory of Privacy.Jakob Mainz - 2021 - Res Publica 27 (3):309-328.

Analytics

Added to PP
2015-10-17

Downloads
27 (#908,498)

6 months
4 (#1,005,389)

Historical graph of downloads
How can I increase my downloads?

Citations of this work

No citations found.

Add more citations

References found in this work

No references found.

Add more references