Evaluating the Risk of Adopting RBAC Roles

Abstract : We propose a framework to evaluate the risk incurred when managing users and permissions through RBAC. The risk analysis framework does not require roles to be defined, thus making it applicable before the role engineering phase. In particular, the proposed approach highlights users and permissions that markedly deviate from others, and that might consequently be prone to error when roles are operating. By focusing on such users and permissions during the role definition process, it is possible to mitigate the risk of unauthorized accesses and role misuse.
Document type :
Conference papers
Complete list of metadatas

Cited literature [7 references]  Display  Hide  Download

https://hal.inria.fr/hal-01056679
Contributor : Hal Ifip <>
Submitted on : Wednesday, August 20, 2014 - 1:32:29 PM
Last modification on : Wednesday, April 17, 2019 - 12:30:13 PM
Long-term archiving on : Thursday, November 27, 2014 - 11:46:30 AM

File

_51.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Alessandro Colantonio, Roberto Pietro, Alberto Ocello, Nino Vincenzo Verde. Evaluating the Risk of Adopting RBAC Roles. 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. pp.303-310, ⟨10.1007/978-3-642-13739-6_21⟩. ⟨hal-01056679⟩

Share

Metrics

Record views

130

Files downloads

387