Adapting usage control as a deterrent to address the inadequacies of access controls

dc.contributor.authorPadayachee, Keshnee
dc.contributor.authorEloff, Jan H.P.
dc.contributor.emaileloff@cs.up.ac.zaen_US
dc.date.accessioned2009-11-03T07:42:40Z
dc.date.available2009-11-03T07:42:40Z
dc.date.issued2009
dc.description.abstractAccess controls are difficult to implement and evidently deficient under certain conditions. Traditional controls offer no protection for unclassified information, such as a telephone list of employees that is unrestricted, yet available only to members of the company. On the opposing side of the continuum, organizations such as hospitals that manage highly sensitive information require stricter access control measures. Yet, traditional access control may well have inadvertent consequences in such a context. Often, in unpredictable circumstances, users that are denied access could have prevented a calamity had they been allowed access. It has been proposed that controls such as auditing and accountability policies be enforced to deter rather than prevent unauthorized usage. In dynamic environments preconfigured access control policies may change dramatically depending on the context. Moreover, the cost of implementing and maintaining complex preconfigured access control policies sometimes far outweighs the benefits. This paper considers an adaptation of usage control as a proactive means of deterrence control to protect information that cannot be adequately or reasonably protected by access control.en_US
dc.identifier.citationPadayachee, K & Eloff, JHP, Adapting usage control as a deterrent to address the inadequacies of access controls, Computers & Security (2009), doi: 10.1016/j.cose.2009.03.003en_US
dc.identifier.issn0167-4048
dc.identifier.other10.1016/j.cose.2009.03.003
dc.identifier.urihttp://hdl.handle.net/2263/11681
dc.language.isoenen_US
dc.publisherElsevieren_US
dc.rightsElsevieren_US
dc.subjectUsage controlen
dc.subjectOptimistic access controlen
dc.subjectDeterrent controlen
dc.subjectAccess controlen
dc.subject.lcshInformation storage and retrieval systems -- Access controlen
dc.subject.lcshAspect-oriented programmingen
dc.titleAdapting usage control as a deterrent to address the inadequacies of access controlsen_US
dc.typePostprint Articleen_US

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Padayachee_Adapting(2009).pdf
Size:
285.72 KB
Format:
Adobe Portable Document Format
Description:
Postprint Article

License bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
2.43 KB
Format:
Item-specific license agreed upon to submission
Description: