Making the value of data determine the security: A case study of rural business process outsourcing

Reena Singh, Timothy A. Gonsalves

Research output: Contribution to journalArticle

Abstract

In recent times, a lot of data sharing happen over the Internet. Thus working of the network becomes an important factor for data access. Some scenarios require a user to finish a task on the assigned data within a particular time limit. However, the network access may be intermittent if the user accesses the data over mobile network or low-bandwidth wireless network. This affects the time taken to complete the task. Rural business process outsourcing is one such example. It involves data of low value such as insurance forms, data entry forms etc. for which the restriction of network availability at all times of access can be relaxed. This approach follows the principle of “good-enough security” which recommends that an adequate security measure should depend on the cost of data. Existing models mandate network availability for authorisation. In this work, we propose a network-aware role-based access control (NA-RBAC) model. NA-RBAC facilitates network-aware access and supports user authorisation in the absence of network connectivity. We present its formal specification and verify security properties. We compare the performance of NA-RBAC with RBAC using analytical models and simulations. Simulations show that NA-RBAC scores over RBAC in the presence of network disconnections. Further, we implement NA-RBAC model for RBPO scenario and present results.

Original languageEnglish
Pages (from-to)104-116
Number of pages13
JournalJournal of Information Security and Applications
Volume44
DOIs
Publication statusPublished - 01-02-2019
Externally publishedYes

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this