Skip to main content
SpringerLink
Log in

Beyond Risk-Based Access Control: Towards Incentive-Based Access Control

  • Conference paper
Financial Cryptography and Data Security (FC 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7035))

Included in the following conference series:

Abstract

In recent years, risk-based access control has been proposed as an alternative to traditional rigid access control models such as multi-level security and role-based access control. While these approaches make the risks associated with exceptional access accountable and encourage the users to take low-risk actions, they also create the disincentives for seeking necessary risky accesses. We introduce novel incentive mechanism based on Contract Theory. Another benefit of our approach is avoiding accurate estimate of the risk associated with each access. We demonstrate that Nash Equilibria can be achieved in which the user’s optimal strategy is performing the risk-mitigation efforts to minimize her organization’s risk, and conduct human-subject studies to empirically confirm the theoretical results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Elliott Bell, D., LaPadula, L.J.: Secure computer systems: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306, Mitre Corporation (March 1976)

    Google Scholar 

  2. MITRE Corporation. Horizontal integration: Broader access models for realizing information dominace. Technical Report JSR-04-132, JASON Defense Advisory Panel Reports (2004)

    Google Scholar 

  3. Molloy, I., Cheng, P., Rohatgi, P.: Trading in risk: Using markets to improve access control. In: New Security Paradigms Workshop, Olympic, California. Applied Computer Security Associates (September 2008)

    Google Scholar 

  4. Yemini, A., Dailianas, D., Florissi, Huberman, G.: Marketnet: Market-based protection of information systems. In: The 12th Int. Symp. on Dynamic Games and Applications (2006)

    Google Scholar 

  5. Liu, D., Wang, X., Camp, L.J.: Mitigating Inadvertent Insider Threats with Incentives. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 1–16. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  6. Osborne, M.J., Rubenstein, A.: A Course in Game Theory. The MIT Press, Cambridge (1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Informatics and Computing, Indiana University, Bloomington, Indiana, US

    Debin Liu, XiaoFeng Wang & L. Jean Camp

  2. Department of Computer Science, Purdue University, West Lafayette, Indiana, US

    Ninghui Li

Authors
  1. Debin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ninghui Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. XiaoFeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. L. Jean Camp
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

George Danezis

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Liu, D., Li, N., Wang, X., Camp, L.J. (2012). Beyond Risk-Based Access Control: Towards Incentive-Based Access Control. In: Danezis, G. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7035. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27576-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27576-0_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27575-3

  • Online ISBN: 978-3-642-27576-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation