Abstract
The main goal of this paper was to introduce an adaptive method of users’ authentication and authorization. By adaptive one can understood having an ability to suit different conditions (namely different users devices, different user’s profiles and different users behaviors). Over a time working conditions and habits have changed and employees may often use own devices from different locations to connect companys resources. This situation poses a severe threat to security, and tightening security rules is not always an option. This brought a need of an adaptive system, which would choose methods adequate to the current threat level. Presented authorial solution not only minimizes the risk of unauthorized access to companys data, but also simplifies users’ authentication process. Example implementation and performed test scenarios showed that taken approach works and all theoretical assumptions are valid and possible to implement in the real world scenario.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cisco annual security report (2011) [Online]. Available at: www.cisco.com/en/US/prod/collateral/vpndevc/security_annual_report_2011.pdf
Todorov, D.: Mechanics of User Identification and Authentication: Fundamentals of Identity Management, 1st edn. AUERBACH, Boca Raton (2007)
Smith, R.: Authentication—From Passwords to Public Keys. Addison-Wesley (2002)
Mendyk-Krajewska, T., Mazur, Z.: Problem of network security threats. In: 3rd Conference on Human System Interactions, May 2010, pp. 436–443 (2010)
Miller, K., Voas, J., Hurlburt, G.: BYOD: security and privacy considerations. IT Prof. 14(5), pp. 53–55 (2012) [Online]. Available at: http://dx.doi.org/10.1109/MITP.2012.93
Gkarafli, S., Economides, A.A.: Comparing the proof by knowledge authentication techniques. Int. J. Comput. Sci. Secur. (IJCSS) 4(2) (2011)
Sekulski, R., Woda, M.: Adaptive method of users authentication and authorisation. In: Proceedings of the 2nd Asia-Pacific Conference on Computer-Aided System Engineering, APCASE 2014, 10–12 February 2014, South Kuta, pp. 174–176. ISBN: 978-0-9924518-0-6
Venkatesan, R., Bhattacharya, S.: Threat-adaptive security policy. In: IEEE International Performance, Computing, and Communications Conference, IPCCC 1997, February 1997, pp. 525–531 (1997)
Bailey, C., Chadwick, D.W., Lemos, R.D.: Self-adaptive authorization framework for policy based RBAC/ABAC models. In: Proceedings of the IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing, SER. pp. 37–44. IEEE Computer Society, Washington (2011) [Online]. Available at: http://dx.doi.org/10.1109/DASC.2011.31&apos
Gao, J., Zhang, B., Ren, Z.: A dynamic authorization model based on security label and role. In: IEEE International Conference on Information Theory and Information Security (ICITIS), pp. 650–653 (2010)
Cambridge Advanced Learner’s Dictionary, Cambridge University Press, Cambridge (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Sekulski, R., Woda, M. (2015). Authorial, Adaptive Method of Users’ Authentication and Authorization. In: Borowik, G., Chaczko, Z., Jacak, W., Łuba, T. (eds) Computational Intelligence and Efficiency in Engineering Systems. Studies in Computational Intelligence, vol 595. Springer, Cham. https://doi.org/10.1007/978-3-319-15720-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-15720-7_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-15719-1
Online ISBN: 978-3-319-15720-7
eBook Packages: EngineeringEngineering (R0)