A Risk Awareness Approach for Monitoring the Compliance of RBAC-based Policies

Faouzi Jaidi, Faten Labbene Ayachi

2015

Abstract

The considerable increase of the risk associated to inner threats has motivated researches in risk assessment for access control systems. Two main approaches were adapted: (i) a risk mitigation approach via features such as constraints, and (ii) a risk quantification approach that manages access based on a quantified risk. Evaluating the risk associated to the evolutions of an access control policy is an important theme that allows monitoring the conformity of the policy in terms of risk. Unfortunately, no work has been defined in this context. We propose in this paper, a quantified risk-assessment approach for monitoring the compliance of concrete RBAC-based policies. We formalize the proposal and illustrate its application via a case of study.

Paper Citation

in Harvard Style

Jaidi F. and Labbene Ayachi F. (2015). A Risk Awareness Approach for Monitoring the Compliance of RBAC-based Policies . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 454-459. DOI: 10.5220/0005577304540459

in Bibtex Style

@conference{secrypt15,
author={Faouzi Jaidi and Faten Labbene Ayachi},
title={A Risk Awareness Approach for Monitoring the Compliance of RBAC-based Policies},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={454-459},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005577304540459},
isbn={978-989-758-117-5},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - A Risk Awareness Approach for Monitoring the Compliance of RBAC-based Policies
SN - 978-989-758-117-5
AU - Jaidi F.
AU - Labbene Ayachi F.
PY - 2015
SP - 454
EP - 459
DO - 10.5220/0005577304540459