Skip to main content
Article
R2Q: A Risk Quantification Framework to Authorize Requests in Web-Based Collaborations
Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (2019, Auckland, New Zealand)
  • Nirnay Ghosh
  • Rishabh Singhal
  • Sajal K. Das, Missouri University of Science and Technology
Abstract

Web-based collaboration provides a platform which allows users from different domains to share and access information. In such an environment, mitigating threats from insider attacks is challenging, particularly if state-of-the-art token-based access control is used to authorize (permit or deny) requests. This entails the need for an additional layer of authorization based on soft-security factors such as the reputation of the requesters, risks involved in requests, and so on to make the final decision. In this paper, we propose a novel risk quantification framework, called R2Q, which exploits a weighted regression approach to compute the expected threat related to a collaboration request. Our model combines the shared object's sensitivity, access mode of the request, requester's security level and reputation, and maps the expected threat to a risk score using the prospect theory (PT) inspired value functions to actualize decision making under uncertainty of economic outcomes (loss or gain). Simulation-based performance evaluation validates the efficacy of our framework and demonstrates that it can classify requesters based on their past behaviours, and also enables the collaboration platform to achieve higher rates of successful authorization.

Meeting Name
2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019 (2019: Jul. 9-12, Auckland, New Zealand)
Department(s)
Computer Science
Keywords and Phrases
  • Access request,
  • Authorization,
  • Collaboration,
  • Prospect theory,
  • Risk
International Standard Book Number (ISBN)
978-145036752-3
Document Type
Article - Conference proceedings
Document Version
Citation
File Type
text
Language(s)
English
Rights
© 2019 Association for Computing Machinery (ACM), All rights reserved.
Publication Date
7-1-2019
Disciplines
Citation Information
Nirnay Ghosh, Rishabh Singhal and Sajal K. Das. "R2Q: A Risk Quantification Framework to Authorize Requests in Web-Based Collaborations" Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (2019, Auckland, New Zealand) (2019) p. 247 - 254
Available at: http://works.bepress.com/sajal-das/141/