About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
S&P 2007
Conference paper
Fuzzy Multi-Level Security: An experiment on quantified risk-adaptive access control
Abstract
This paper presents a new model for, or rather a new way of thinking about adaptive, risk-based access control. Our basic premise is that there is always inherent uncertainty and risk in access control decisions that is best addressed in an explicit way. We illustrate this concept by showing how the rationale of the well-known, Bell-Lapadula model based, Multi-Level Security (MLS) access control model could be used to develop a risk-adaptive access control model. This new model is more like a Fuzzy Logic control system [9] than a traditional access control system and hence the name "Fuzzy MLS". The long version of this paper is published as an IBM Research Report [3]. © 2007 IEEE.