The University of Southampton
University of Southampton Institutional Repository

TRAAC: Trust and Risk Aware Access Control

TRAAC: Trust and Risk Aware Access Control
TRAAC: Trust and Risk Aware Access Control
Systems for allowing users to manage access to their personal data are important for a wide variety of applications including healthcare, where authorised individuals may need to share information in ways that the owner had not anticipated. Simply denying access in unknown cases may hamper critical decisions and affect service delivery. Rather, decisions can be made considering the risk of a given sharing request, and the trustworthiness of the requester. We propose a trust- and risk-aware access control mechanism (TRAAC) and a sparse zone-based policy model, which together allow decision-making on the basis of the requester's trustworthiness with regards to both the information to be shared, and the completion of obligations designed to mitigate risk. We formalise our approach and compare it with an existing approach that does not model trust through simulation.
371-378
IEEE
Burnett, Chris
51262a02-b4a7-4f61-b792-2f076deec76b
Chen, Liang
15459db0-4299-44b7-beaf-fb646add66ac
Edwards, Peter
5ee73a94-75a0-426f-ab1b-ce918b06a1ea
Norman, Timothy J.
663e522f-807c-4569-9201-dc141c8eb50d
Burnett, Chris
51262a02-b4a7-4f61-b792-2f076deec76b
Chen, Liang
15459db0-4299-44b7-beaf-fb646add66ac
Edwards, Peter
5ee73a94-75a0-426f-ab1b-ce918b06a1ea
Norman, Timothy J.
663e522f-807c-4569-9201-dc141c8eb50d

Burnett, Chris, Chen, Liang, Edwards, Peter and Norman, Timothy J. (2014) TRAAC: Trust and Risk Aware Access Control. In Proceedings of the Twelfth Annual International Conference on Privacy, Security and Trust. IEEE. pp. 371-378. (doi:10.1109/PST.2014.6890962).

Record type: Conference or Workshop Item (Paper)

Abstract

Systems for allowing users to manage access to their personal data are important for a wide variety of applications including healthcare, where authorised individuals may need to share information in ways that the owner had not anticipated. Simply denying access in unknown cases may hamper critical decisions and affect service delivery. Rather, decisions can be made considering the risk of a given sharing request, and the trustworthiness of the requester. We propose a trust- and risk-aware access control mechanism (TRAAC) and a sparse zone-based policy model, which together allow decision-making on the basis of the requester's trustworthiness with regards to both the information to be shared, and the completion of obligations designed to mitigate risk. We formalise our approach and compare it with an existing approach that does not model trust through simulation.

Full text not available from this repository.

More information

Published date: 2014
Organisations: Agents, Interactions & Complexity

Identifiers

Local EPrints ID: 411238
URI: https://eprints.soton.ac.uk/id/eprint/411238
PURE UUID: 4ee9f155-a753-4ded-a1cb-4b2be49ff860
ORCID for Timothy J. Norman: ORCID iD orcid.org/0000-0002-6387-4034

Catalogue record

Date deposited: 15 Jun 2017 16:32
Last modified: 06 Jun 2018 12:19

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×