Developing effective mechanism for the management of insider threats is critical to safeguarding organizational resources, providing confidentiality and integrity.
There are many different approaches and technologies to satisfy this requirement.
In this particular work, however, you will focus on noble document control and detection approach.
You need to provide a hybrid document control mechanism, which is based on the user (actor)’s current context, the user’s assigned roles within the context, and the semantics of the documents that the actor (user) tries to access.
To check the actor’s current context, you can apply existing social network approaches for discovering the actor’s communication flow so that you can represent the context in terms of shadow and legitimate network structures of an organization. This context representation serves as an effective mechanism for making document control decision.
To manage the actor’s privileges, you can use the actor’s assigned roles, which are pre-defined to the corresponding privileges. This further provides efficient and scalable access control.
You first need to consider using the conventional identity-based access control mechanism. However, when the actors’ privileges need to change frequently (e.g., if actors join or leave a collaborative project dynamically), the identity-based access control is not a sound approach. Therefore, the aim is to use the actor’s job functionality (i.e., role) for our access control mechanism.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment