TRAAC: Trust and Risk Aware Access Control

Christopher Burnett; Liang Chen; Peter Edwards; Timothy James Forester Norman

doi:10.1109/PST.2014.6890962

TRAAC: Trust and Risk Aware Access Control

Christopher Burnett, Liang Chen, Peter Edwards, Timothy James Forester Norman

Computing Science

Research output: Chapter in Book/Report/Conference proceeding › Published conference contribution

11 Citations (Scopus)

37 Downloads (Pure)

Abstract

Systems for allowing users to manage access to their personal data are important for a wide variety of applications including healthcare, where authorised individuals may need to share information in ways that the owner had not anticipated. Simply denying access in unknown cases may hamper critical decisions and affect service delivery. Rather, decisions can be made considering the risk of a given sharing request, and the trustworthiness of the requester. We propose a trust- and risk-aware access control mechanism (TRAAC) and a sparse zone-based policy model, which together allow decision-making on the basis of the requester's trustworthiness with regards to both the information to be shared, and the completion of obligations designed to mitigate risk. We formalise our approach and compare it with an existing approach that does not model trust through simulation.

Original language	English
Title of host publication	Proceedings of Twelfth Annual International Conference on Privacy, Security and Trust (PST), 2014
Editors	Ali Miri, Urs Hengartner, Nen-Fu Huang, Audun Josang, Joaquin Garcia-Alfaro
Publisher	IEEE Press
Pages	371-378
Number of pages	8
ISBN (Print)	978-1-4799-3502-4
DOIs	https://doi.org/10.1109/PST.2014.6890962
Publication status	Published - 2014

Keywords

access control
personal data
zone-based policy
trust
risk

Access to Document

10.1109/PST.2014.6890962Licence: Unspecified

burnett-pst-14
© 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript, 1 MBLicence: Unspecified

Pete Edwards
- Agents at Aberdeen
- Trusted Things and Communities
Person: Academic

Cite this

TRAAC: Trust and Risk Aware Access Control. / Burnett, Christopher; Chen, Liang; Edwards, Peter et al.
Proceedings of Twelfth Annual International Conference on Privacy, Security and Trust (PST), 2014 . ed. / Ali Miri; Urs Hengartner; Nen-Fu Huang; Audun Josang; Joaquin Garcia-Alfaro. IEEE Press, 2014. p. 371-378.

Research output: Chapter in Book/Report/Conference proceeding › Published conference contribution

@inproceedings{dc75d93ced194de0886b26ab6a602e7b,

title = "TRAAC: Trust and Risk Aware Access Control",

abstract = "Systems for allowing users to manage access to their personal data are important for a wide variety of applications including healthcare, where authorised individuals may need to share information in ways that the owner had not anticipated. Simply denying access in unknown cases may hamper critical decisions and affect service delivery. Rather, decisions can be made considering the risk of a given sharing request, and the trustworthiness of the requester. We propose a trust- and risk-aware access control mechanism (TRAAC) and a sparse zone-based policy model, which together allow decision-making on the basis of the requester's trustworthiness with regards to both the information to be shared, and the completion of obligations designed to mitigate risk. We formalise our approach and compare it with an existing approach that does not model trust through simulation.",

keywords = "access control, personal data, zone-based policy, trust, risk",

author = "Christopher Burnett and Liang Chen and Peter Edwards and Norman, {Timothy James Forester}",

year = "2014",

doi = "10.1109/PST.2014.6890962",

language = "English",

isbn = "978-1-4799-3502-4",

pages = "371--378",

editor = "Ali Miri and Urs Hengartner and Nen-Fu Huang and Audun Josang and Joaquin Garcia-Alfaro",

booktitle = "Proceedings of Twelfth Annual International Conference on Privacy, Security and Trust (PST), 2014",

publisher = "IEEE Press",

}

TY - GEN

T1 - TRAAC: Trust and Risk Aware Access Control

AU - Burnett, Christopher

AU - Chen, Liang

AU - Edwards, Peter

AU - Norman, Timothy James Forester

PY - 2014

Y1 - 2014

N2 - Systems for allowing users to manage access to their personal data are important for a wide variety of applications including healthcare, where authorised individuals may need to share information in ways that the owner had not anticipated. Simply denying access in unknown cases may hamper critical decisions and affect service delivery. Rather, decisions can be made considering the risk of a given sharing request, and the trustworthiness of the requester. We propose a trust- and risk-aware access control mechanism (TRAAC) and a sparse zone-based policy model, which together allow decision-making on the basis of the requester's trustworthiness with regards to both the information to be shared, and the completion of obligations designed to mitigate risk. We formalise our approach and compare it with an existing approach that does not model trust through simulation.

AB - Systems for allowing users to manage access to their personal data are important for a wide variety of applications including healthcare, where authorised individuals may need to share information in ways that the owner had not anticipated. Simply denying access in unknown cases may hamper critical decisions and affect service delivery. Rather, decisions can be made considering the risk of a given sharing request, and the trustworthiness of the requester. We propose a trust- and risk-aware access control mechanism (TRAAC) and a sparse zone-based policy model, which together allow decision-making on the basis of the requester's trustworthiness with regards to both the information to be shared, and the completion of obligations designed to mitigate risk. We formalise our approach and compare it with an existing approach that does not model trust through simulation.

KW - access control

KW - personal data

KW - zone-based policy

KW - trust

KW - risk

U2 - 10.1109/PST.2014.6890962

DO - 10.1109/PST.2014.6890962

M3 - Published conference contribution

SN - 978-1-4799-3502-4

SP - 371

EP - 378

BT - Proceedings of Twelfth Annual International Conference on Privacy, Security and Trust (PST), 2014

A2 - Miri, Ali

A2 - Hengartner, Urs

A2 - Huang, Nen-Fu

A2 - Josang, Audun

A2 - Garcia-Alfaro, Joaquin

PB - IEEE Press

ER -

TRAAC: Trust and Risk Aware Access Control

Abstract

Keywords

Access to Document

Fingerprint

Profiles

Pete Edwards

Cite this