Towards a Reliable Formal Framework for Enhancing Risk Assessment in Access Control Systems

Evina, Pierrette Annie; Ayachi, Faten Labbene; Jaidi, Faouzi; Bouhoula, Adel

doi:10.29007/42j8

Cited by 1 publication

(1 citation statement)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Indeed, as recommended by the ISO 31000: 2009 standard, our Risk Management System (RMS) is composed by (i) a Risk Assessment Engine (RAE) and (ii) a Risk Treatment engine (RTE). (figure 1) The risk assessment phase is usually developed in 4 steps: Context assessment, Risk Identification, Risk Analysis and Risk Evaluation [19].…”

Section: Our Proposed Frameworkmentioning

confidence: 99%

Risk Management in Access Control Policies

Evina¹,

Ayachi²,

Jaidi³

2017

Annals of Computer Science and Information Systems

Self Cite

View full text Add to dashboard Cite

Abstract-The evolution of information systems and their openness to their socio-economic environment has led to new needs in terms of security. At the heart of information systems, Database Management Systems (DBMS) are increasingly exposed to specific intrusion types, including internal threats due to authorized users. In addition, the access control policy (ACP) defined on a database schema is stored at the same location as the data it protects and is thus highly prone to corruption attempts such as non-conformity of the roles or permissions assignment in the policy observation state compared to a reference state, especially in the case of the Role-based access Control (RBAC). We establish a correlation between the detected anomalies and we explore the log files and other audit mechanisms to propose a global and comprehensive risk management formal approach that mainly verifies the recommendations of the ISO 31000:2009 standard.

show abstract

Section: Our Proposed Frameworkmentioning

confidence: 99%