Abstract:
|
This paper explores system design with dynamic Bayesian networks for providing usable secure access control. Unlike traditional rule based static access control mechanisms, system activities are monitored in real time and a Bayesian network calculates the probability of compromising the security based on observed evidence. Such evidence includes probability of information leakage due to user activities, processes present in the system, open devices, inter-process communication patterns and network traffic. A subject's access to a specific object is prohibited when the evidence reaches or exceeds a preset threshold. At any point, if the evidence falls below the threshold, the subject's access to the object is restored. While the above design seems to be an interesting approach, its effectiveness in real life systems must still be established. The paper presents our preliminary research in this area.
|