Non-zero-sum cooperative access control game model with user trust and permission risk

In access control, there exists a game between an application system and its user, in which both the system and the user try to maximize their own utility. Establishing a reasonable, general purpose access control game model of cost-benefit analysis is a non-trivial research issue. Considering the practical existence and involvement of user trust and permission risk, we construct a non-zero-sum game model for access control, choosing trust, and risk or cost as metrics in players' payoff functions. We analyze the optimal strategies for the application system, the user, and also the Pareto efficient strategy from the viewpoint of both the application system and the user. A Nash equilibrium emerges that improves the rationality of access control decision-making under uncertain situations. In addition, we propose a proper risk estimation method. We also solve the risky permission set problem originated from access control constraints by utilizing optimal strategy in a finite multi-stage game.