IIT Home Page CNR Home Page

Quantitative Access Control with Partially Observable Markov Decision Process

This paper presents a novel access control framework reduc- ing the access control problem to a traditional decision problem, thus allowing a policy designer to reuse tools and techniques from the decision theory.We propose here to express, within a single framework, the notion of utility of an access, decisions beyond the traditional allowing/denying of an access, the uncertainty over the e ect of executing a given decision, the uncertainty over the current state of the system, and to optimize this process for a (probabilistic) sequence of requests. We show that an access control mechanism including these di erent concepts can be speci ed as a (Partially Observable) Markov Decision Process, and we illustrate this framework with a running example, which includes notions of con ict, critical resource, mitigation and auditing decisions, and we show that for a given sequence of requests, it is possible to calculate an optimal policy di erent from the naive one. This optimization is still possible even for several probable sequences of requests.


Autori IIT:

Charles Morisset

Foto di Charles Morisset

Tipo: TR Rapporti tecnici
Area di disciplina: Information Technology and Communication Systems
IIT TR-23/2011

Attività: Metodi formali per la sicurezza di sistemi ICT