Evaluating the risk of adopting RBAC roles

Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello, Nino Vincenzo Verde

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

We propose a framework to evaluate the risk incurred when managing users and permissions through RBAC. The risk analysis framework does not require roles to be defined, thus making it applicable before the role engineering phase. In particular, the proposed approach highlights users and permissions that markedly deviate from others, and that might consequently be prone to error when roles are operating. By focusing on such users and permissions during the role definition process, it is possible to mitigate the risk of unauthorized accesses and role misuse. © 2010 IFIP International Federation for Information Processing.
Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages303-310
Number of pages8
DOIs
StatePublished - Oct 29 2010
Externally publishedYes

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Evaluating the risk of adopting RBAC roles'. Together they form a unique fingerprint.

Cite this