R2Q: A Risk Quantification Framework to Authorize Requests in Web-Based Collaborations


Web-based collaboration provides a platform which allows users from different domains to share and access information. In such an environment, mitigating threats from insider attacks is challenging, particularly if state-of-the-art token-based access control is used to authorize (permit or deny) requests. This entails the need for an additional layer of authorization based on soft-security factors such as the reputation of the requesters, risks involved in requests, and so on to make the final decision. In this paper, we propose a novel risk quantification framework, called R2Q, which exploits a weighted regression approach to compute the expected threat related to a collaboration request. Our model combines the shared object's sensitivity, access mode of the request, requester's security level and reputation, and maps the expected threat to a risk score using the prospect theory (PT) inspired value functions to actualize decision making under uncertainty of economic outcomes (loss or gain). Simulation-based performance evaluation validates the efficacy of our framework and demonstrates that it can classify requesters based on their past behaviours, and also enables the collaboration platform to achieve higher rates of successful authorization.

Meeting Name

2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019 (2019: Jul. 9-12, Auckland, New Zealand)


Computer Science

Research Center/Lab(s)

Center for Research in Energy and Environment (CREE)

Second Research Center/Lab

Center for High Performance Computing Research

Keywords and Phrases

Access request; Authorization; Collaboration; Prospect theory; Risk

International Standard Book Number (ISBN)


Document Type

Article - Conference proceedings

Document Version


File Type





© 2019 Association for Computing Machinery (ACM), All rights reserved.

Publication Date

01 Jul 2019