[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Risk adaptive vs BTG
The minutes of the last telecon stated "John Tolbert.. [suggested that BTG] may be more appropriately referred to as Risk Adaptive Access Control." I do not agree with this for the following reasons 1. Risk adaptive access control has mechanisms to both override grants and turn them into denies (when the risk is high) and override denies and turn them into grants (when the risk is low). 2. Risk adaptive access control relies on intelligent machine components to make the risk decisions and decide whether to reverse the PDP's decision. BTG has neither of the above. 3. BTG only allows a deny to be turned into a grant 4. BTG relies on the intelligent authorised user to make the BTG override decision at the time of access Regards David ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security School of Computing, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]