A Risk Awareness Approach for Monitoring the Compliance of RBAC-based Policies

被引：0

作者：

Jaidi, Faouzi ^{[1
]}

Ayachi, Faten Labbene ^{[1
]}

机构：

[1] Higher Sch Commun Tunis SupCom, DSRU, Tunis, Tunisia

来源：

2015 12TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS (ICETE), VOL 4 | 2015年

关键词：

RBAC; Databases Security; Policy Compliance; Risk Awareness; Quantified Risk;

D O I：

暂无

中图分类号：

F [经济];

学科分类号：

02 ;

摘要：

The considerable increase of the risk associated to inner threats has motivated researches in risk assessment for access control systems. Two main approaches were adapted: (i) a risk mitigation approach via features such as constraints, and (ii) a risk quantification approach that manages access based on a quantified risk. Evaluating the risk associated to the evolutions of an access control policy is an important theme that allows monitoring the conformity of the policy in terms of risk. Unfortunately, no work has been defined in this context. We propose in this paper, a quantified risk-assessment approach for monitoring the compliance of concrete RBAC-based policies. We formalize the proposal and illustrate its application via a case of study.

引用

页码：454 / 459

页数：6

共 50 条

[1] An RBAC-based policy information base
Squair, TE
Jamhour, E
Nabhen, RC
SIXTH IEEE INTERNATIONAL WORKSHOP ON POLICIES FOR DISTRIBUTED SYSTEMS AND NETWORKS, PROCEEDINGS, 2005, : 171 - 180
[2] The Problem of Integrity in RBAC-Based Policies within Relational Databases: Synthesis and Problem Study
Jaidi, Faouzi
Labbene Ayachi, Faten
ACM IMCOM 2015, PROCEEDINGS, 2015,
[3] A Family of RBAC-Based Workflow Authorization Models
HONG Fan
WuhanUniversityJournalofNaturalSciences, 2005, (01) : 324 - 328
[4] On Role Mappings for RBAC-based Secure Interoperation
Hu, Jinwei
Li, Ruixuan
Lu, Zhengding
NSS: 2009 3RD INTERNATIONAL CONFERENCE ON NETWORK AND SYSTEM SECURITY, 2009, : 270 - 277
[5] The RBAC-based user authorization in Sanxin ERP system
Liu, LL
Shu, J
Zheng, JX
PROCEEDINGS OF THE 11TH JOINT INTERNATIONAL COMPUTER CONFERENCE, 2005, : 155 - 158
[6] Modeling of RBAC-based access control of virtual enterprise
Chen, Dejun
Zhou, Zude
Ma, Yingzhe
Pham, D. T.
KYBERNETES, 2008, 37 (9-10) : 1242 - 1249
[7] RBAC-Based UAV Control System for Multiple Operator Environments
Jeong, Hyeok-June
Ha, Young-Guk
COMPUTER APPLICATIONS FOR SOFTWARE ENGINEERING, DISASTER RECOVERY, AND BUSINESS CONTINUITY, 2012, 340 : 210 - +
[8] A Cooperative RBAC-Based IoTs Server with Trust Evaluation Mechanism
Chen, Hsing-Chung
IOT AS A SERVICE, IOTAAS 2017, 2018, 246 : 36 - 42
[9] Extended RBAC-based design and implementation for a secure data warehouse
Thuraisingham, Bhavani
Iyer, Srinivasan
ARES 2007: SECOND INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, 2007, : 821 - +
[10] RBAC-Based Access Control Integration Framework for Legacy System
Guo, He
Lu, Guoji
Wang, Yuxin
Li, Han
Chen, Xin
WEB INFORMATION SYSTEMS AND MINING, 2010, 6318 : 194 - +

← 1 2 3 4 5 →