System and method for fuzzy multi-level security
First Claim
Patent Images
1. A method for making access control decisions comprising the steps of:
- computing a risk index for a plurality of dimensions which contribute to risk in a computer related device;
computing a probability of an unauthorized disclosure of information for each dimension for the risk index;
determining whether the probability falls with a boundary range defined for the probability for each dimension such that probabilities above the range are unacceptable, below the range are acceptable and in the range are acceptable with mitigation measures wherein the boundary range has a hard boundary above which the probability of unauthorized disclosure is unacceptable, and a soft boundary below which the probability of unauthorized disclosure is acceptable;
determining a residual risk after applying a mitigation measure by mapping effectiveness of performing the mitigation measures to determine the residual risk; and
selecting a mitigation measure in accordance with the residual probability to reduce a probability of risk.
3 Assignments
0 Petitions
Accused Products
Abstract
An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range.
16 Citations
1 Claim
-
1. A method for making access control decisions comprising the steps of:
-
computing a risk index for a plurality of dimensions which contribute to risk in a computer related device; computing a probability of an unauthorized disclosure of information for each dimension for the risk index; determining whether the probability falls with a boundary range defined for the probability for each dimension such that probabilities above the range are unacceptable, below the range are acceptable and in the range are acceptable with mitigation measures wherein the boundary range has a hard boundary above which the probability of unauthorized disclosure is unacceptable, and a soft boundary below which the probability of unauthorized disclosure is acceptable; determining a residual risk after applying a mitigation measure by mapping effectiveness of performing the mitigation measures to determine the residual risk; and selecting a mitigation measure in accordance with the residual probability to reduce a probability of risk.
-
Specification