Difference between revisions of "June 2011"

From mn/ifi/AFSecurity
Jump to: navigation, search
(Created page with "==AF''Security'' Seminar: ''Access Control''== Date: Friday 20 May 2011. Location: Meeting room Awk (3118), Ole-Johan Dahls hus (IfI-2). '''Agenda''' 12:00h Welcome at IfI 1...")
 
Line 1: Line 1:
 
==AF''Security'' Seminar: ''Access Control''==
 
==AF''Security'' Seminar: ''Access Control''==
  
Date: Friday 20 May 2011.
+
Date: Monday 6 June 2011.
  
 
Location: Meeting room Awk (3118), Ole-Johan Dahls hus (IfI-2).
 
Location: Meeting room Awk (3118), Ole-Johan Dahls hus (IfI-2).
Line 7: Line 7:
 
'''Agenda'''
 
'''Agenda'''
  
12:00h Welcome at IfI
+
15:00h Welcome at IfI
  
12:15h Invited talk
+
15:15h Invited talk
  
 
'''TITLE:''' Authorisation Models for Dynamic Environments
 
'''TITLE:''' Authorisation Models for Dynamic Environments
Line 18: Line 18:
 
'''SPEAKER:''' Ed Dawson (QUT)
 
'''SPEAKER:''' Ed Dawson (QUT)
  
14:00h Discussion
+
16:00h Discussion
  
14:30h End
+
16:30h End

Revision as of 08:04, 5 May 2011

AFSecurity Seminar: Access Control

Date: Monday 6 June 2011.

Location: Meeting room Awk (3118), Ole-Johan Dahls hus (IfI-2).

Agenda

15:00h Welcome at IfI

15:15h Invited talk

TITLE: Authorisation Models for Dynamic Environments

ABSTRACT: Traditional authorisation models such as RBAC are based on the implicit assumption that an administrator can anticipate the legitimate access needs of users and pre-define an access policy that allocates privileges accordingly. However, as business, government and industry become increasingly information-intensive and interconnected, they exhibit a level of dynamism that seriously challenges the validity of this assumption. This talk will review the motivation for developing authorisation models that can respond to unanticipated changes in users' operational needs without requiring the invention of an administrator. It will review a number of recent proposals that seek to explicitly include a notion of risk to achieve more flexible access decision making. Finally it will present some of our own work that draws on insights from the field of economics and the insurance literature to deliver an authorisation model where users can acquire unassigned permissions while limiting their power to misuse this dynamic capability.


SPEAKER: Ed Dawson (QUT)

16:00h Discussion

16:30h End