Context-Sensitive Access Control Policy Evaluation and Enforcement Using Vulnerability Exploitation Data

Hassan Rasheed
2013 International Journal of Computer Network and Information Security  
Conventional approaches for adapting security enforcement in the face of attacks rely on administrators to make policy changes that will limit damage to the system. Paradigm shifts in the capabilities of attack tools demand supplementary strategies that can also adjust policy enforcement dynamically. We extend the current research by proposing an approach for integrating real-time security assessment data into access control systems. Critical application scenarios are tested to examine the
more » ... to examine the impact of using risk data in policy evaluation and enforcement.
doi:10.5815/ijcnis.2013.11.08 fatcat:z7uqnxzm7jhkzf3l6p4xhxypau