Risk-based Auto-Delegation for Probabilistic Availability

Abstract

International audience ; Dynamic and evolving systems might require exible access control mechanisms, in order to make sure that the unavailability of some users does not prevent the system to be functional, in particular for emergency-prone environments, such as healthcare, natural disaster response teams, or military systems. The auto-delegation mechanism, which combines the strengths of delegation systems and \break-the- glass" policies, was recently introduced to handle such situations, by stating that the most quali ed available user for a resource can access this resource. In this work we extend this mechanism by considering availability as a quantitative measure, such that each user is associated with a probability of availability. The decision to allow or deny an access is based on the utility of each outcome and on a risk strategy. We describe a generic framework allowing a system designer to de ne these dierent concepts. We also illustrate our framework with two speci c use cases inspired from healthcare systems and resource management systems.