In the today's information and knowledge driven digital environment, there is an increasing requirement to accelerate the speed of information sharing across all types of organizations. When external events occur, the system is required to adjust the way of information dominance. Meanwhile sensitive information must be protected from unauthorized disclosure. The access control mechanism, therefore, has to be flexible to fit the dynamic situation. Today's applications need dynamic access control policies and their relevant implementations.In this paper we research the XACML-based quantified risk-adaptive access control system which is a dynamic and convenience to be adjusted according to the changing environment. We bring risk management to the access control system. By means of quantifying the access's risk and managing the risk in the system we effectively combine the access control with risk management. The system takes access control through effective risk management.Besides, our approach uses XACML, which is actually the general standard language in the field of access control, to implement our solution. This paper taking full use of XACML's great ability of expression in access control policies, adds functions of controlling quantified risk to the access control system without changing the semantic of request. This paper also extends the framework of XACML to implement the quantified risk-adaptive access control by adding durative access control mechanism which depends on Obligation module in XACML. Finally, we use experiments to demonstrate that XACML-based quantified risk-adaptive access control is an efficient, flexible, dynamic access control system. |