Internet Archive Scholar

Resilience as a New Enforcement Model for IT Security Based on Usage Control

Sven Wohlgemuth
2014 2014 IEEE Security and Privacy Workshops  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (542.3 kB)
https://web.archive.org/web/20161027104239/http://www.ieee-security.org/TC/SPW2014/papers/5103a031.PDF

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL. The file type is application/pdf.

Security and privacy are not only general requirements of a society but also indispensable enablers for innovative IT infrastructure applications aiming at increased, sustainable welfare and safety of a society. A critical activity of these IT applications is spontaneous information exchange. This information exchange, however, creates inevitable, unknown dependencies between the participating IT systems, which, in turn threaten security and privacy. With the current approach to IT security,
more » ... urity and privacy follow changes and incidents rather than anticipating them. By sticking to a given threat model, the current approach fails to consider vulnerabilities which arise during a spontaneous information exchange. With the goal of improving security and privacy, this work proposes adapting an IT security model and its enforcement to current and most probable incidents before they result in an unacceptable risk for the participating parties or failure of IT applications. Usage control is the suitable security policy model, since it allows changes during run-time without conceptually raising additional incidents.
doi:10.1109/spw.2014.14 dblp:conf/sp/Wohlgemuth14 fatcat:bbc3ap4mz5btpptcdqk6ltcydi
Citation

Sven Wohlgemuth. "Resilience as a New Enforcement Model for IT Security Based on Usage Control." 2014 IEEE Security and Privacy Workshops (2014) 31-38