Fuzzy multi-level security: An experiment on quantified risk-adaptive access control (with P.-C. Cheng, P. Rohatgi, P.A. Karger, G.M. Wagner, A. S. Reninger), 2007, IEEE Symposium on Security and Privacy 2007, 222-230
This paper presents a new model for, or rather a new way of thinking about adaptive, risk-based access control. Our basic premise is that there is always inherent uncertainty and risk in access control decisions that is best addressed in an explicit way. We illustrate this concept by showing how the rationale of the well-known, Bell-Lapadula model based, Multi-Level Security (MLS) access control model could be used to develop a risk-adaptive access control model. This new model is more like a Fuzzy Logic control system [9] than a traditional access control system and hence the name "Fuzzy MLS". The long version of this paper is published as an IBM Research Report [3].
PDF can be found here.