Skip to main content
Kent Academic Repository

Evaluating Self-Adaptive Authorisation Infrastructures through Gamification

Bailey, Christopher, de Lemos, Rogerio (2018) Evaluating Self-Adaptive Authorisation Infrastructures through Gamification. In: International Conference on Dependable Systems and Networks Proceedings. Proceedings of the 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018). . IEEE ISBN 978-1-5386-5597-9. E-ISBN 978-1-5386-5596-2. (doi:10.1109/DSN.2018.00058) (KAR id:66570)


Self-adaptive systems are able to modify their behaviour and/or structure in response to changes that occur to the system itself, its environment, or even its goals. In terms of authorisation infrastructures, self-adaptation has been shown to provide runtime capabilities for specifying and enforcing access control policies and subject access privileges, with a goal to mitigate insider threat. The evaluation of self-adaptive authorisation infrastructures, particularly, in the context of insider threats, is challenging because simulation of malicious behaviour can only demonstrate a fraction of the types of abuse that is representative of the real-world. In this paper, we present an innovative approach based on an ethical game of hacking, protected by an authorisation infrastructure. A key feature of the approach is the ability to observe user activity pre- and post-adaptation when evaluating runtime consequences of self- adaptation. Our live experiments captured a wide range of unpredictable changes, including malicious behaviour related to the exploitation of known vulnerabilities. As an outcome, we demonstrated the ability of our self-adaptive authorisation infrastructure to handle malicious behaviour given the existence of real and intelligent users, in addition to capturing how users responded to adaptation.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1109/DSN.2018.00058
Uncontrolled keywords: self-adaptive systems, authorisation infrastructures, insider threats, gamification
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Rogerio de Lemos
Date Deposited: 28 Mar 2018 23:14 UTC
Last Modified: 08 Dec 2022 22:25 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

Bailey, Christopher.

Creator's ORCID:
CReDIT Contributor Roles:

de Lemos, Rogerio.

Creator's ORCID:
CReDIT Contributor Roles:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.