TY - GEN
T1 - Situational awareness based risk-Adaptable access control in enterprise networks
AU - Lee, Brian
AU - Vanickis, Roman
AU - Rogelio, Franklin
AU - Jacob, Paul
N1 - Publisher Copyright:
Copyright © 2017 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.
PY - 2017
Y1 - 2017
N2 - As the computing landscape evolves towards distributed architectures such as Internet of Things (IoT), enterprises are moving away from traditional perimeter based security models toward so called "zero trust networking" (ZTN) models that treat both the intranet and Internet as equally untrustworthy. Such security models incorporate risk arising from dynamic and situational factors, such as device location and security risk level risk, into the access control decision. Researchers have developed a number of risk models such as RAdAC (Risk Adaptable Access Control) to handle dynamic contexts and these have been applied to medical and other scenarios. In this position paper we describe our ongoing work to apply RAdAC to ZTN. We develop a policy management framework, FURZE, to facilitate fuzzy risk evaluation that also defines how to adapt to dynamically changing contexts. We also consider how enterprise security situational awareness (SSA) - which describes the potential impact to an organisations mission based on the current threats and the relative importance of the information asset under threat - can be incorporated into a RAdAC scheme.
AB - As the computing landscape evolves towards distributed architectures such as Internet of Things (IoT), enterprises are moving away from traditional perimeter based security models toward so called "zero trust networking" (ZTN) models that treat both the intranet and Internet as equally untrustworthy. Such security models incorporate risk arising from dynamic and situational factors, such as device location and security risk level risk, into the access control decision. Researchers have developed a number of risk models such as RAdAC (Risk Adaptable Access Control) to handle dynamic contexts and these have been applied to medical and other scenarios. In this position paper we describe our ongoing work to apply RAdAC to ZTN. We develop a policy management framework, FURZE, to facilitate fuzzy risk evaluation that also defines how to adapt to dynamically changing contexts. We also consider how enterprise security situational awareness (SSA) - which describes the potential impact to an organisations mission based on the current threats and the relative importance of the information asset under threat - can be incorporated into a RAdAC scheme.
KW - RAdAC
KW - Risk based Access Control
KW - Security Situational Awareness
KW - Zero-Trust Networking
UR - http://www.scopus.com/inward/record.url?scp=85024374234&partnerID=8YFLogxK
U2 - 10.5220/0006363404000405
DO - 10.5220/0006363404000405
M3 - Conference contribution
AN - SCOPUS:85024374234
T3 - IoTBDS 2017 - Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security
SP - 400
EP - 405
BT - IoTBDS 2017 - Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security
A2 - Ramachandran, Muthu
A2 - Munoz, Victor Mendez
A2 - Kantere, Verena
A2 - Wills, Gary
A2 - Walters, Robert
A2 - Chang, Victor
PB - SciTePress Digital Library
T2 - 2nd International Conference on Internet of Things, Big Data and Security, IoTBDS 2017
Y2 - 24 April 2017 through 26 April 2017
ER -