Dynamic and risk-aware network access management

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Dynamic and risk-aware network access management

Full text

Pdf (267 KB)

Source

Symposium on Access Control Models and Technologies archive
Proceedings of the eighth ACM symposium on Access control models and technologies table of contents

Como, Italy

SESSION: Dynamic Access Control table of contents

Pages: 217 - 230

Year of Publication: 2003

ISBN:1-58113-681-1

Authors

Lawrence Teo	University of North Carolina at Charlotte, Charlotte, NC
Gail-Joon Ahn	University of North Carolina at Charlotte, Charlotte, NC
Yuliang Zheng	University of North Carolina at Charlotte, Charlotte, NC

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 10, Downloads (12 Months): 72, Citation Count: 3

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/775412.775441 What is a DOI?

ABSTRACT

Traditional network security technologies such as firewalls and intrusion detection systems usually work according to a static ruleset only. We believe that a better approach to network security can be achieved if we use quantified levels of risk as an input. In this paper, we describe a dynamic access control architecture which uses risk to determine whether to allow or deny access by a source connection into the network. A simulation of our architecture shows favorable and promising results.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. D. Abrams, J. Heaney, O. King, L. J. LaPadula, M. Lazear, and I. M. Olson. Generalized framework for access control: Towards prototyping the ORGCON policy. In Proceedings of the 14th National Computer Security Conference, Washington, D.C., October 1991.
	2	ForeScout. ActiveScout. World Wide Web, 2002. http://www.forescout.com/activescout.html.
	3	L. Harn and H. Lin. Integration of user authentication and access control. In IEE Proceedings-E, volume 139, number 2, pages 139--143, 1992.
	4	Internet Assigned Numbers Authority. Port numbers. World Wide Web. http://www.iana.org/assignments/port-numbers.
	5	Trent Jaeger, On the increasing importance of constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.33-42, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319175]
	6	K. Knorr, Dynamic access control through Petri net workflows, Proceedings of the 16th Annual Computer Security Applications Conference, p.159, December 11-15, 2000
	7	C. H. Lin, R. C. T. Lee, and C. C. Chang. A dynamic access control mechanism in information protection systems. Journal of Information Science and Engineering, 6(1):25--35, March 1990.
	8	D. L. Mills. Network Time Protocol (version 3) specification, implementation and analysis. RFC 1305, March 1992.
	9	D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. The spread of the Sapphire/Slammer worm. Technical report, January 2003. http://www.caida.org/outreach/papers/2003/sapphire/ sapphire.html.
	10	P. Naldurg and R. H. Campbell. Dynamic access control policies in Seraphim. Technical Report UIUCDCS-R-2002-2260, Computer Science Department, University of Illinois at Urbana-Champaign, February 2002.
	11	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	12	L. Spitzner. Know your enemy: Passive fingerprinting. World Wide Web, March 2002. http://project.honeynet.org/papers/finger/.
	13	Stuart Staniford , Vern Paxson , Nicholas Weaver, How to Own the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium, p.149-167, August 05-09, 2002
	14	R. K. Thomas , R. S. Sandhu, Towards a task-based paradigm for flexible and adaptable access control in distributed applications, Proceedings on the 1992-1993 workshop on New security paradigms, p.138-142, August 1993, Little Compton, Rhode Island, United States [doi>10.1145/283751.283810]
	15	R. K. Thomas and R. S. Sandhu. Conceptual foundations for a model of task-based authorizations. In Proceedings of the 7th IEEE Computer Security Foundations Workshop, pages 66--79, Franconia, NH, June 1994.
	16	Roshan K. Thomas , Ravi S. Sandhu, Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.166-181, August 10-13, 1997
	17	D. Verton. Insider threat to security may be harder to detect, experts say. Computerworld, April 12, 2002.
	18	S.-M. Yen and C.-S. Laih. On the design of dynamic access control scheme with user authentication. International Journal of Computers and Mathematics with Applications, 25(7):27--32, 1993.

CITED BY 3

	Lawrence Teo , Gail-Joon Ahn, Managing heterogeneous network environments using an extensible policy framework, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Kyoung-Don Kang , Sang H. Son, Towards security and QoS optimization in real-time embedded systems, ACM SIGBED Review, v.3 n.1, p.29-34, January 2006
	Hamidou Tembine , Eitan Altman , Rachid El-Azouzi , Yezekael Hayel, Multiple access game in ad-hoc network, Proceedings of the 2nd international conference on Performance evaluation methodologies and tools, October 22-27, 2007, Nantes, France