Specification and Enforcement of the General User Authorization Query Problem in Role Based Access Control System

Ma, Xiuquan; Liu, Yan; Zhao, Li; Lan, Yihua; Lu, Jianfeng

doi:10.2174/1874444301406010692

TOAUTOCJ

2014

DOI: 10.2174/1874444301406010692

|View full text |Cite

Specification and Enforcement of the General User Authorization Query Problem in Role Based Access Control System

Xiuquan Ma¹,

Yan Liu²,

Li Zhao³

et al.

Abstract: Abstract:The User Authorization Query (UAQ) problem in Role Based Access Control (RBAC) is assigning roles to users in an appropriate manner. That is, take as input a set of permissions that a user requests to have in a session, and determine whether there exists an optimum set of roles to active. However the existing definition of UAQ is inadequate, it only considers the number of permissions whereas the number of roles is also equally important, has been largely ignored. In addition, little attention has bee… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2018

Publication Types

Select...

Article1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Impact of Excessive Access Permissions and Insider Threat Opportunity in the Financial Industry

Quispe¹

2018

International Journal of Strategic Information Technology and Applications

View full text Add to dashboard Cite

The purpose of this qualitative, exploratory research study was to gain insights into the correlations between: (a) security threats related to the dangers of excessive access permissions in information systems (IS); and (b) the potential risk exposure to insider threat in the financial sector. The study examined the vulnerability risk to insider threats from the view of the possible connection to excessive access permissions which represent a gap in the literature. The central research question of the study was: What are the determinants that influence the applicability of internal security controls such as segregation of duties (SoD), the least privilege principle, the need-to-know concept and the relationship between access permissions and insider threat in IS? A sample of 15 financial sector professionals that included business users, IT personnel, and certified fraud examiners were interviewed to answer the central research question.

show abstract

Impact of Excessive Access Permissions and Insider Threat Opportunity in the Financial Industry

Quispe¹

2018

International Journal of Strategic Information Technology and Applications

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Specification and Enforcement of the General User Authorization Query Problem in Role Based Access Control System

Cited by 1 publication

References 12 publications

Impact of Excessive Access Permissions and Insider Threat Opportunity in the Financial Industry

Impact of Excessive Access Permissions and Insider Threat Opportunity in the Financial Industry

Contact Info

Product

Resources

About