Bailey, Christopher Michael (2015) Self-adaptive Authorisation Infrastructures. Doctor of Philosophy (PhD) thesis, University of Kent,. (KAR id:50853)
PDF
Language: English |
|
Download this file (PDF/7MB) |
Preview |
Abstract
Traditional approaches in access control rely on immutable criteria in which to decide and award access. These approaches are limited, notably when handling changes in an organisation’s protected resources, resulting in the inability to accommodate the dynamic aspects of risk at runtime. An example of such risk is a user abusing their privileged access to perform insider attacks.
This thesis proposes self-adaptive authorisation, an approach that enables dynamic access control. A framework for developing self-adaptive authorisation is defined, where autonomic controllers are deployed within legacy based authorisation infrastructures to enable the runtime management of access control. Essential to the approach is the use of models and model driven engineering (MDE).
Models enable a controller to abstract from the authorisation infrastructure it seeks to control, reason about state, and provide assurances over change to access. For example, a modelled state of access may represent an active access control policy. Given the diverse nature in implementations of authorisation infrastructures, MDE enables the creation and transformation of such models, whereby assets (e.g., policies) can be automatically generated and deployed at runtime.
A prototype of the framework was developed, whereby management of access control is focused on the mitigation of abuse of access rights. The prototype implements a feedback loop to monitor an authorisation infrastructure in terms of modelling the state of access control and user behaviour, analyse potential solutions for handling malicious behaviour, and act upon the infrastructure to control future access control decisions.
The framework was evaluated against mitigation of simulated insider attacks, involving the abuse of access rights governed by access control methodologies. In addition, to investigate the framework’s approach in a diverse and unpredictable environment, a live experiment was conducted. This evaluated the mitigation of abuse performed by real users as well as demonstrating the consequence of self-adaptation through observation of user response.
Item Type: | Thesis (Doctor of Philosophy (PhD)) |
---|---|
Thesis advisor: | de lemos, Rogério |
Uncontrolled keywords: | self-adaptation autonomic security authorisation access control model driven engineering model transformation RBAC ABAC |
Subjects: | B Philosophy. Psychology. Religion > B Philosophy (General) |
Divisions: | Divisions > Division of Arts and Humanities > School of Culture and Languages |
Funders: | Organisations -1 not found. |
Depositing User: | Users 1 not found. |
Date Deposited: | 09 Oct 2015 11:00 UTC |
Last Modified: | 05 Nov 2024 10:36 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/50853 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):