On the Application of Fuzzy Set Theory for Access Control Enforcement

Diogo Regateiro, Óscar Mortágua Pereira, Rui L. Aguiar, "On the Application of Fuzzy Set Theory for Access Control Enforcement", Proc. 14 SECRYPT - Intl. Conf. on Security and Cryptography, Madrid, Jul 2017

Abstract

Access control is a vital part of any computer system. When it comes to access to data, deterministic access control models such as RBAC are still widely used today, but they lack the flexibility needed to support some recent scenarios. These include scenarios where users and data can be dynamically added to a system, which emerged from IoT and big data contexts. Such scenarios include data from network operators, smart cities, etc. Thus, models that are able to adapt to these dynamic environments are necessary. Non-deterministic accesscontrolmodelsfallintothisapproach,astheyintroducenewwaysofmappinguserstopermissionsand resources. In this paper, the usage of these models will be defended and argued for. In particular, a solution based on fuzzy set theory is proposed as it is thought to be able to provide the benefits of non-deterministic models, while giving some assurance to security experts that the resources are not accessed by unexpected users.

Information

Conference: 14 SECRYPT - Intl. Conf. on Security and Cryptography in Madrid