A Framework for Threat Assessment in Access Control Systems

Khambhammettu, Hemanth; Boulares, Sofiene; Adi, Kamel; Logrippo, Luigi

doi:10.1007/978-3-642-30436-1_16

Cited by 4 publications

(1 citation statement)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Authors in [18] proceed as in [6]. The difference is just that while the late decide to allow access only and only if the trustworthiness is more than the clearance, in [18] authors treat the problem of unauthorized access by identifying different cases : they consider the level of the object sensitivity score compared to that of the subject trustworthiness score and vice versa.…”

Section: The State-of-the Artmentioning

confidence: 99%

Risk Management in Access Control Policies

Evina¹,

Ayachi²,

Jaidi³

2017

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

Abstract-The evolution of information systems and their openness to their socio-economic environment has led to new needs in terms of security. At the heart of information systems, Database Management Systems (DBMS) are increasingly exposed to specific intrusion types, including internal threats due to authorized users. In addition, the access control policy (ACP) defined on a database schema is stored at the same location as the data it protects and is thus highly prone to corruption attempts such as non-conformity of the roles or permissions assignment in the policy observation state compared to a reference state, especially in the case of the Role-based access Control (RBAC). We establish a correlation between the detected anomalies and we explore the log files and other audit mechanisms to propose a global and comprehensive risk management formal approach that mainly verifies the recommendations of the ISO 31000:2009 standard.

show abstract

Section: The State-of-the Artmentioning

confidence: 99%