Skip to main content

Evaluating Self-Adaptive Authorisation Infrastructures through Gamification

de Lemos, Rogerio and Bailey, Christopher (2018) Evaluating Self-Adaptive Authorisation Infrastructures through Gamification. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. IEEE. ISBN 978-1-5386-5597-9. E-ISBN 978-1-5386-5596-2. (doi:10.1109/DSN.2018.00058) (KAR id:66570)

PDF Author's Accepted Manuscript
Language: English
Download (970kB) Preview
[img]
Preview
Official URL
http://dx.doi.org/10.1109/DSN.2018.00058

Abstract

Self-adaptive systems are able to modify their behaviour and/or structure in response to changes that occur to the system itself, its environment, or even its goals. In terms of authorisation infrastructures, self-adaptation has been shown to provide runtime capabilities for specifying and enforcing access control policies and subject access privileges, with a goal to mitigate insider threat. The evaluation of self-adaptive authorisation infrastructures, particularly, in the context of insider threats, is challenging because simulation of malicious behaviour can only demonstrate a fraction of the types of abuse that is representative of the real-world. In this paper, we present an innovative approach based on an ethical game of hacking, protected by an authorisation infrastructure. A key feature of the approach is the ability to observe user activity pre- and post-adaptation when evaluating runtime consequences of self- adaptation. Our live experiments captured a wide range of unpredictable changes, including malicious behaviour related to the exploitation of known vulnerabilities. As an outcome, we demonstrated the ability of our self-adaptive authorisation infrastructure to handle malicious behaviour given the existence of real and intelligent users, in addition to capturing how users responded to adaptation.

Item Type: Book section
DOI/Identification number: 10.1109/DSN.2018.00058
Uncontrolled keywords: self-adaptive systems, authorisation infrastructures, insider threats, gamification
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Rogerio de Lemos
Date Deposited: 28 Mar 2018 23:14 UTC
Last Modified: 11 Jul 2019 10:26 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/66570 (The current URI for this page, for reference purposes)
de Lemos, Rogerio: https://orcid.org/0000-0002-0281-6308
  • Depositors only (login required):

Downloads

Downloads per month over past year