Making the value of data determine the security

A case study of rural business process outsourcing

Reena Singh, Timothy A. Gonsalves

Research output: Contribution to journalArticle

Abstract

In recent times, a lot of data sharing happen over the Internet. Thus working of the network becomes an important factor for data access. Some scenarios require a user to finish a task on the assigned data within a particular time limit. However, the network access may be intermittent if the user accesses the data over mobile network or low-bandwidth wireless network. This affects the time taken to complete the task. Rural business process outsourcing is one such example. It involves data of low value such as insurance forms, data entry forms etc. for which the restriction of network availability at all times of access can be relaxed. This approach follows the principle of “good-enough security” which recommends that an adequate security measure should depend on the cost of data. Existing models mandate network availability for authorisation. In this work, we propose a network-aware role-based access control (NA-RBAC) model. NA-RBAC facilitates network-aware access and supports user authorisation in the absence of network connectivity. We present its formal specification and verify security properties. We compare the performance of NA-RBAC with RBAC using analytical models and simulations. Simulations show that NA-RBAC scores over RBAC in the presence of network disconnections. Further, we implement NA-RBAC model for RBPO scenario and present results.

Original languageEnglish
Pages (from-to)104-116
Number of pages13
JournalJournal of Information Security and Applications
Volume44
DOIs
Publication statusPublished - 01-02-2019
Externally publishedYes

Fingerprint

Outsourcing
Access control
Industry
Wireless networks
Availability
Insurance
Analytical models
Data acquisition
Internet
Bandwidth
Costs

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this

@article{9572ee5858cb493a93a005a7cd537bfc,
title = "Making the value of data determine the security: A case study of rural business process outsourcing",
abstract = "In recent times, a lot of data sharing happen over the Internet. Thus working of the network becomes an important factor for data access. Some scenarios require a user to finish a task on the assigned data within a particular time limit. However, the network access may be intermittent if the user accesses the data over mobile network or low-bandwidth wireless network. This affects the time taken to complete the task. Rural business process outsourcing is one such example. It involves data of low value such as insurance forms, data entry forms etc. for which the restriction of network availability at all times of access can be relaxed. This approach follows the principle of “good-enough security” which recommends that an adequate security measure should depend on the cost of data. Existing models mandate network availability for authorisation. In this work, we propose a network-aware role-based access control (NA-RBAC) model. NA-RBAC facilitates network-aware access and supports user authorisation in the absence of network connectivity. We present its formal specification and verify security properties. We compare the performance of NA-RBAC with RBAC using analytical models and simulations. Simulations show that NA-RBAC scores over RBAC in the presence of network disconnections. Further, we implement NA-RBAC model for RBPO scenario and present results.",
author = "Reena Singh and Gonsalves, {Timothy A.}",
year = "2019",
month = "2",
day = "1",
doi = "10.1016/j.jisa.2018.11.005",
language = "English",
volume = "44",
pages = "104--116",
journal = "Journal of Information Security and Applications",
issn = "2214-2134",
publisher = "Elsevier Limited",

}

Making the value of data determine the security : A case study of rural business process outsourcing. / Singh, Reena; Gonsalves, Timothy A.

In: Journal of Information Security and Applications, Vol. 44, 01.02.2019, p. 104-116.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Making the value of data determine the security

T2 - A case study of rural business process outsourcing

AU - Singh, Reena

AU - Gonsalves, Timothy A.

PY - 2019/2/1

Y1 - 2019/2/1

N2 - In recent times, a lot of data sharing happen over the Internet. Thus working of the network becomes an important factor for data access. Some scenarios require a user to finish a task on the assigned data within a particular time limit. However, the network access may be intermittent if the user accesses the data over mobile network or low-bandwidth wireless network. This affects the time taken to complete the task. Rural business process outsourcing is one such example. It involves data of low value such as insurance forms, data entry forms etc. for which the restriction of network availability at all times of access can be relaxed. This approach follows the principle of “good-enough security” which recommends that an adequate security measure should depend on the cost of data. Existing models mandate network availability for authorisation. In this work, we propose a network-aware role-based access control (NA-RBAC) model. NA-RBAC facilitates network-aware access and supports user authorisation in the absence of network connectivity. We present its formal specification and verify security properties. We compare the performance of NA-RBAC with RBAC using analytical models and simulations. Simulations show that NA-RBAC scores over RBAC in the presence of network disconnections. Further, we implement NA-RBAC model for RBPO scenario and present results.

AB - In recent times, a lot of data sharing happen over the Internet. Thus working of the network becomes an important factor for data access. Some scenarios require a user to finish a task on the assigned data within a particular time limit. However, the network access may be intermittent if the user accesses the data over mobile network or low-bandwidth wireless network. This affects the time taken to complete the task. Rural business process outsourcing is one such example. It involves data of low value such as insurance forms, data entry forms etc. for which the restriction of network availability at all times of access can be relaxed. This approach follows the principle of “good-enough security” which recommends that an adequate security measure should depend on the cost of data. Existing models mandate network availability for authorisation. In this work, we propose a network-aware role-based access control (NA-RBAC) model. NA-RBAC facilitates network-aware access and supports user authorisation in the absence of network connectivity. We present its formal specification and verify security properties. We compare the performance of NA-RBAC with RBAC using analytical models and simulations. Simulations show that NA-RBAC scores over RBAC in the presence of network disconnections. Further, we implement NA-RBAC model for RBPO scenario and present results.

UR - http://www.scopus.com/inward/record.url?scp=85058192538&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85058192538&partnerID=8YFLogxK

U2 - 10.1016/j.jisa.2018.11.005

DO - 10.1016/j.jisa.2018.11.005

M3 - Article

VL - 44

SP - 104

EP - 116

JO - Journal of Information Security and Applications

JF - Journal of Information Security and Applications

SN - 2214-2134

ER -