Visible to the public Too Long, Did Not Enforce: A Qualitative Hierarchical Risk-Aware Data Usage Control Model for Complex Policies in Distributed Environments

TitleToo Long, Did Not Enforce: A Qualitative Hierarchical Risk-Aware Data Usage Control Model for Complex Policies in Distributed Environments
Publication TypeConference Paper
Year of Publication2018
AuthorsMartinelli, Fabio, Michailidou, Christina, Mori, Paolo, Saracino, Andrea
Conference NameProceedings of the 4th ACM Workshop on Cyber-Physical System Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5755-5
Keywordsanalytic hierarchy process, policy-based governance, pubcrawl, risk analysis, Security Audits, security policies, Security Policies Analysis, security risk management, usage control
Abstract

Distributed environments such as Internet of Things, have an increasing need of introducing access and usage control mechanisms, to manage the rights to perform specific operations and regulate the access to the plethora of information daily generated by these devices. Defining policies which are specific to these distributed environments could be a challenging and tedious task, mainly due to the large set of attributes that should be considered, hence the upcoming of unforeseen conflicts or unconsidered conditions. In this paper we propose a qualitative risk-based usage control model, aimed at enabling a framework where is possible to define and enforce policies at different levels of granularity. In particular, the proposed framework exploits the Analytic Hierarchy Process (AHP) to coalesce the risk value assigned to different attributes in relation to a specific operation, in a single risk value, to be used as unique attribute of usage control policies. Two sets of experiments that show the benefits both in policy definition and in performance, validate the proposed model, demonstrating the equivalence of enforcement among standard policies and the derived single-attributed policies.

URLhttp://doi.acm.org/10.1145/3198458.3198463
DOI10.1145/3198458.3198463
Citation Keymartinelli_too_2018