A Risk Awareness Approach for Monitoring the Compliance of RBAC-based Policies

被引:0
|
作者
Jaidi, Faouzi [1 ]
Ayachi, Faten Labbene [1 ]
机构
[1] Higher Sch Commun Tunis SupCom, DSRU, Tunis, Tunisia
来源
2015 12TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS (ICETE), VOL 4 | 2015年
关键词
RBAC; Databases Security; Policy Compliance; Risk Awareness; Quantified Risk;
D O I
暂无
中图分类号
F [经济];
学科分类号
02 ;
摘要
The considerable increase of the risk associated to inner threats has motivated researches in risk assessment for access control systems. Two main approaches were adapted: (i) a risk mitigation approach via features such as constraints, and (ii) a risk quantification approach that manages access based on a quantified risk. Evaluating the risk associated to the evolutions of an access control policy is an important theme that allows monitoring the conformity of the policy in terms of risk. Unfortunately, no work has been defined in this context. We propose in this paper, a quantified risk-assessment approach for monitoring the compliance of concrete RBAC-based policies. We formalize the proposal and illustrate its application via a case of study.
引用
收藏
页码:454 / 459
页数:6
相关论文
共 50 条
  • [21] An RBAC-based access control model for object-oriented systems offering dynamic aspect features
    Chou, SC
    IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2005, E88D (09) : 2143 - 2147
  • [22] Mining Attribute-Based Access Control Policies from RBAC Policies
    Xu, Zhongyuan
    Stoller, Scott D.
    2013 10TH INTERNATIONAL CONFERENCE AND EXPO ON EMERGING TECHNOLOGIES FOR A SMARTER WORLD (CEWIT), 2013,
  • [23] A Formal Approach for Risk Assessment in RBAC Systems
    Ma, Ji
    JOURNAL OF UNIVERSAL COMPUTER SCIENCE, 2012, 18 (17) : 2432 - 2451
  • [24] A BERT Based Approach to Measure Web Services Policies Compliance With GDPR
    Elluri, Lavanya
    Chukkapalli, Sai Sree Laya
    Joshi, Karuna Pande
    Finin, Tim
    Joshi, Anupam
    IEEE ACCESS, 2021, 9 (09): : 148004 - 148016
  • [25] A Model-driven Approach to Representing and Checking RBAC Contextual Policies
    Ben Fadhel, Ameni
    Bianculli, Domenico
    Briand, Lionel
    Hourte, Benjamin
    CODASPY'16: PROCEEDINGS OF THE SIXTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY, 2016, : 243 - 253
  • [26] Delegation model for CSCW based on RBAC policies and visual modeling
    Zhang, ZY
    Pu, JX
    Proceedings of the 11th Joint International Computer Conference, 2005, : 126 - 130
  • [27] Monitoring of compliance risk in the bank
    Losiewicz-Dniestrzanska, Ewa
    4TH WORLD CONFERENCE ON BUSINESS, ECONOMICS AND MANAGEMENT (WCBEM-2015), 2015, 26 : 800 - 805
  • [28] Schema based XML security: RBAC approach
    Zhang, XW
    Park, JH
    Sandhu, R
    DATA AND APPLICATIONS SECURITY XVII: STATUS AND PROSPECTS, 2004, 142 : 330 - 343
  • [29] Network security management:: A formal evaluation tool based on RBAC policies
    Laborde, R
    Nasser, B
    Grasset, F
    Barrère, F
    NETWORK CONTROL AND ENGINEERING FOR QOS, SECURITY AND MOBILITY, III, 2005, 165 : 69 - 80
  • [30] RBAC policies in XML for X.509 based privilege management
    Chadwick, DW
    Otenko, A
    SECURITY IN THE INFORMATION SOCIETY: VISIONS AND PERSPECTIVES, 2002, 86 : 39 - 53
12345