Toward Information Sharing: Benefit And Risk Access Control (BARAC)

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Lei Zhang Articles by Alexander Brodsky Articles by Sushil Jajodia

Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)

London, Ontario, Canada

June 05-June 07

ISBN: 0-7695-2598-9

	ASCII Text	x
	Lei Zhang, Alexander Brodsky, Sushil Jajodia, "Toward Information Sharing: Benefit And Risk Access Control (BARAC)," Policies for Distributed Systems and Networks, IEEE International Workshop on, pp. 45-53, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06), 2006.

	BibTex	x
	@article{ 10.1109/POLICY.2006.36, author = {Lei Zhang and Alexander Brodsky and Sushil Jajodia}, title = {Toward Information Sharing: Benefit And Risk Access Control (BARAC)}, journal ={Policies for Distributed Systems and Networks, IEEE International Workshop on}, volume = {0}, year = {2006}, isbn = {0-7695-2598-9}, pages = {45-53}, doi = {http://doi.ieeecomputersociety.org/10.1109/POLICY.2006.36}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Policies for Distributed Systems and Networks, IEEE International Workshop on TI - Toward Information Sharing: Benefit And Risk Access Control (BARAC) SN - 0-7695-2598-9 SP45 EP53 A1 - Lei Zhang, A1 - Alexander Brodsky, A1 - Sushil Jajodia, PY - 2006 KW - null VL - 0 JA - Policies for Distributed Systems and Networks, IEEE International Workshop on ER -

Lei Zhang, George Mason University, USA

Alexander Brodsky, George Mason University, USA

Sushil Jajodia, The MITRE Corporation, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/POLICY.2006.36

This paper describes an access control model, called BARAC, that is based on balancing risks of information disclosure with benefits of information sharing. The model configuration associates risk and benefit vectors with every read and update transaction. An allowed transactions graph captures allowed transactions and flow paths that can be used to carry out the transactions. The total system is required to be profitable, in that the total system benefit must overweigh the total system risk; and the allowed transaction graph is required to be optimal, in that its profit cannot be improved by adding transactions or removing transactions. Both the system configuration and the allowed transaction graph can be dynamically modified, while preserving the required properties. The dynamic modifications are done in the scope of hierarchies of tasks and responsible parties, that control the task structure and risk budget allocation to tasks.

Citation:

Lei Zhang, Alexander Brodsky, Sushil Jajodia, "Toward Information Sharing: Benefit And Risk Access Control (BARAC)," policy, pp.45-53, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.