Maintain High-Quality Access Control Policies: An Academic and Practice-Driven Approach

被引：4

作者：

Kern, Sascha ^{[1
]}

Baumer, Thomas ^{[1
]}

Fuchs, Ludwig ^{[1
]}

Pernul, Guenther ^{[2
]}

机构：

[1] Nexis GmbH, Franz Mayer Str 1, D-93053 Regensburg, Bavaria, Germany

[2] Univ Regensburg, Univ Str 31, D-93053 Regensburg, Bavaria, Germany

来源：

DATA AND APPLICATIONS SECURITY AND PRIVACY XXXVII, DBSEC 2023 | 2023年 / 13942卷

关键词：

Identity management; Access control; Access control policies; Data quality; Policy maintenance; Security management; SECURITY;

D O I：

10.1007/978-3-031-37586-6_14

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Organizations encounter great difficulties in maintaining high-quality Access Control Policies (ACPs). Policies originally modeled and implemented with good quality deteriorate over time, leading to inaccurate authorization decisions and reduced policy maintainability. As a result, security risks arise, delays prevent users from carrying out tasks, and ACP management becomes more expensive and error-prone. In contrast to the initial modeling of ACPs, their long-term maintenance has been addressed scarcely by existing research. This work addresses this research gap with three contributions: First, we provide a detailed problem analysis based on a literature survey and six real-world practitioner expert interviews. Second, we propose a framework that supports organizations in implementing and performing ACP maintenance. Third, we present a maintenance case study in which we implemented maintenance capabilities for a real-world ACP dataset that allowed us to significantly improve its quality.

引用

页码：223 / 242

页数：20

共 50 条

[1] A Model-Driven Approach for the Specification and Analysis of Access Control Policies
Massacci, Fabio
Zannone, Nicola
ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS: OTM 2008, PT II, PROCEEDINGS, 2008, 5332 : 1087 - +
[2] Crowdsourcing and Co-curation in Virtual Museums: A Practice-driven Approach
Biella, Daniel
Pilz, Thomas
Sacher, Daniel
Weyers, Benjamin
Luther, Wolfram
Baloian, Nelson
Schreck, Tobias
JOURNAL OF UNIVERSAL COMPUTER SCIENCE, 2016, 22 (10) : 1277 - 1297
[3] Practice-driven approach to harmonize reproductive and thyroid hormones measurements in the evaluation of pesticides and biocides
Kucheryavenko, O.
Lurman, G.
Lehmann, A.
Braz, J.
Niemann, L.
Ritz, V.
Terron, A.
Solecki, R.
NAUNYN-SCHMIEDEBERGS ARCHIVES OF PHARMACOLOGY, 2018, 391 : S48 - S48
[4] Practice-Driven Data: Lessons From Chicago's Approach to Research, Data, and Practice in Education
Moeller, Eliza
Seeskin, Alex
TEACHERS COLLEGE RECORD, 2020, 122 (14):
[5] Practice-driven approach for creating project-specific software development methods
Bajec, Marko
Vavpotic, Damjan
Krisper, Marjan
INFORMATION AND SOFTWARE TECHNOLOGY, 2007, 49 (04) : 345 - 365
[6] The Challenge of Access Control Policies Quality
Bertino, Elisa
Abu Jabal, Amani
Calo, Seraphin
Verma, Dinesh
Williams, Christopher
ACM JOURNAL OF DATA AND INFORMATION QUALITY, 2018, 10 (02):
[7] A new practice-driven approach to develop software in a cyber-physical system environment
Jiang, Yiping
Chen, C. L. Philip
Duan, Junwei
ENTERPRISE INFORMATION SYSTEMS, 2016, 10 (02) : 211 - 227
[8] Coverage. access: State Medicaid policies and disparities in receiving high-quality cancer care
Halpern, Michael T.
CANCER EPIDEMIOLOGY BIOMARKERS & PREVENTION, 2020, 29 (06)
[9] Characteristics of a High-quality Anesthesia Practice
Arnold, Donald E.
Hattamer, Steve
Hicks, James S.
INTERNATIONAL ANESTHESIOLOGY CLINICS, 2014, 52 (01) : 15 - 41
[10] Enabling global access to high-quality biopharmaceuticals
Love, J. Christopher
Love, Kerry Routenberg
Barone, Paul W.
CURRENT OPINION IN CHEMICAL ENGINEERING, 2013, 2 (04) : 383 - 390

← 1 2 3 4 5 →