TRAAC: Trust and Risk Aware Access Control

Christopher Burnett, Liang Chen, Peter Edwards, Timothy James Forester Norman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)
9 Downloads (Pure)

Abstract

Systems for allowing users to manage access to their personal data are important for a wide variety of applications including healthcare, where authorised individuals may need to share information in ways that the owner had not anticipated. Simply denying access in unknown cases may hamper critical decisions and affect service delivery. Rather, decisions can be made considering the risk of a given sharing request, and the trustworthiness of the requester. We propose a trust- and risk-aware access control mechanism (TRAAC) and a sparse zone-based policy model, which together allow decision-making on the basis of the requester's trustworthiness with regards to both the information to be shared, and the completion of obligations designed to mitigate risk. We formalise our approach and compare it with an existing approach that does not model trust through simulation.
Original languageEnglish
Title of host publicationProceedings of Twelfth Annual International Conference on Privacy, Security and Trust (PST), 2014
EditorsAli Miri, Urs Hengartner, Nen-Fu Huang, Audun Josang, Joaquin Garcia-Alfaro
PublisherIEEE Press
Pages371-378
Number of pages8
ISBN (Print)978-1-4799-3502-4
DOIs
Publication statusPublished - 2014

    Fingerprint

Keywords

  • access control
  • personal data
  • zone-based policy
  • trust
  • risk

Cite this

Burnett, C., Chen, L., Edwards, P., & Norman, T. J. F. (2014). TRAAC: Trust and Risk Aware Access Control. In A. Miri, U. Hengartner, N-F. Huang, A. Josang, & J. Garcia-Alfaro (Eds.), Proceedings of Twelfth Annual International Conference on Privacy, Security and Trust (PST), 2014 (pp. 371-378). IEEE Press. https://doi.org/10.1109/PST.2014.6890962