Evaluating the Risk of Adopting RBAC Roles

Abstract : We propose a framework to evaluate the risk incurred when managing users and permissions through RBAC. The risk analysis framework does not require roles to be defined, thus making it applicable before the role engineering phase. In particular, the proposed approach highlights users and permissions that markedly deviate from others, and that might consequently be prone to error when roles are operating. By focusing on such users and permissions during the role definition process, it is possible to mitigate the risk of unauthorized accesses and role misuse.
Type de document :
Communication dans un congrès
Sara Foresti; Sushil Jajodia. 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. Springer, Lecture Notes in Computer Science, LNCS-6166, pp.303-310, 2010, Data and Applications Security and Privacy XXIV. 〈10.1007/978-3-642-13739-6_21〉
Liste complète des métadonnées

Littérature citée [7 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01056679
Contributeur : Hal Ifip <>
Soumis le : mercredi 20 août 2014 - 13:32:29
Dernière modification le : vendredi 11 août 2017 - 17:32:47
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 11:46:30

Fichier

_51.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Alessandro Colantonio, Roberto Pietro, Alberto Ocello, Nino Vincenzo Verde. Evaluating the Risk of Adopting RBAC Roles. Sara Foresti; Sushil Jajodia. 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. Springer, Lecture Notes in Computer Science, LNCS-6166, pp.303-310, 2010, Data and Applications Security and Privacy XXIV. 〈10.1007/978-3-642-13739-6_21〉. 〈hal-01056679〉

Partager

Métriques

Consultations de la notice

92

Téléchargements de fichiers

224