Risk-Managed Access Control (RMAC)
Abstract
The Risk-Managed Access Control (RMAC) program will develop the means to associate risk with access and use this as the basis for more effective identification, authentication, and authorization technologies. Currently, factors for identification and authentication require the user to know something like a password, possess something like a smart card, and/or to exhibit some intrinsic biometric trait like a fingerprint. Once authenticated, the user obtains authorization that defines the user's permissions, for example, what files the user can read. However, none of the current schemes for identification, authentication, and authorization incorporates any mechanism for automatically revisiting previous decisions. RMAC will create techniques and algorithms for quantifying the cumulative risks and benefits associated with a user's actions and incorporate such risk assessments in access control schemes that have additional control loops designed to mitigate the risks associated with large-scale information sharing.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2012
- Source ID
- e1c1861526e21265c144792db323de10