Trading in Risk: Using Markets to Improve Access Control
Authors
Ian Molloy, Pau-Chen Cheng, and Pankaj Rohatgi
Abstract
Ian Molloy, Pau-Chen Cheng, and Pankaj Rohatgi. "Trading in Risk: Using Markets to Improve Access Control". In New Security Paradigms Workshop (NSPW), Plumpjack Squaw Valley Inn, Olympic, California, USA, September 2008. Applied Computer Security Associates (ACSA)
The proceeding of NSPW 2008 will be published by ACM.
Abstract
With the increasing need to securely share information, current access control systems are proving too inflexible and difficult to adapt. Recent work on risk-based access control systems has shown promise at resolving the inadequacies of traditional access control systems, and promise to increase information sharing and security. We consider some of the core open problems in risk-based access control systems, namely where and how much risk to take. We propose the use of market mechanisms to determine an organization's risk tolerance and allocation. We show that with the correct incentives, an employee will make optimal choices for the organization. We also comment on how the market can be used to ensure employees behave honestly and detect those who are malicious. Through simulations, we empirically show the advantage of risk-based access control systems and market mechanisms at increasing information sharing and security.
Publication Date
September, 2008
Venue
New Security Paradigms Workshop (NSPW), Plumpjack Squaw Valley Inn, Olympic, California, USA
Published To
Conference
Publication Type
Externally published
ITA Area
Project 6, Technical area 2
Download a copy of the paper here
nspw021-molloy.pdf
Return to main page