Provided by: IBM
Date Added: Jan 2007
In this paper, the authors present a new model for, or rather a new way of thinking of adaptive, risk - based access control. Their basic premise is that there is always inherent uncertainty in access control decisions and such uncertainty leads to unpredictable risk that should be quantified and addressed in an explicit way. The ability to quantify risk makes it possible to treat risk as countable resource. This enables the use of economic principles to manage this resource with the goal of achieving the optimal utilization of risk, i.e., allocate risk in a manner that optimizes the risk vs. benefit tradeoff.