Reinforcing Access Control Using Fuzzy Relation Equations

Current computer security systems are based on the premise that once a user presents valid credentials to the authentication system (e.g. valid ID and password), they are granted access permission to all resources assigned to the user that they claim to be. However, numerous studies have shown that most security breaches are done by unauthorized users impersonating as authorized users (e.g. by cracking or stealing passwords) or by circumventing the authentication system altogether (by exploiting security “holes ” in the system). Once the authentication system is broken, the system and the information kept in it become wide open to unauthorized access and malicious usage. Moreover, because of the interdependencies among the various (computer and telecommunication) components of a distributed system, a security breach to one component can have repercussions throughout the system. The main objective of this paper is to present new security model that provides additional level of security checks based on heuristic information kept about various system components. The model allows a local host to evaluate and determine whether a remote request should be granted based on such information as the sensitivity level of the data being effected by the request, the type of request being made, and the probability of hostility of the user making the request. Typically, such information is very difficult to determine precisely since it depends on other attributes that are themselves imprecise or only partially known. The paper presents an algorithm for generating such fuzzy information based on their dependent attributes. The method is based on using basic rules of fuzzy set theory to establish a fuzzy relation between a set of dependent fuzzy quantities. The established relation can also be updated and adapted as the base information changes. Keywords: Access-control, security, fuzzyrelations 1