Extended Risk-Based Context-Aware Model for Dynamic Access Control in Bring Your Own Device Strategy

Abstract

The emergence of brings your own device (BYOD) strategy has brought considerable benefits to enterprises. However, secure access control to vital enterprise resources is one of the impedances to BYOD adoption. Thus, some researches were directed toward dynamic access control using concepts from risk evaluation, machine learning, or context-awareness. However, research efforts to harmonize the three concepts are yet to be established. Hence, this study proposed an Extended Security Risk Analysis Model (ExtSRAM) that combined the concepts to evolve a risk-based and context-aware model to mitigate access control challenges in BYOD. The proposed model comprised of three blocks, including static risk analysis, user contextual profiling, and risk computation. Furthermore, ExtSRAM utilized the Bayesian network to model user contextual profile and static enterprise risks. Again, the proposed model was formulated on six assumptions for it to be realistic for BYOD strategy. More so, a theoretical validation of ExtSRAM justified its soundness and completeness in estimating security risks for dynamic access control. Really, implementing ExtSRAM will proactively safeguard digital assets against unauthorized access. In doing so, an organization can strategically reposition its workforce for productivity while taking advantage of its investment in BYOD implementation.