Severity Level of Permissions in Role-Based Access Control
@article{Belim2018SeverityLO, title={Severity Level of Permissions in Role-Based Access Control}, author={Sergey V. Belim and Nadezda F. Bogachenko and A. N. Kabanov}, journal={2018 Dynamics of Systems, Mechanisms and Machines (Dynamics)}, year={2018}, pages={1-5} }
The analysis of hidden channels of information leakage with respect to role-based access control includes monitoring of excessive permissions among users. It is not always possible to completely eliminate redundancy. The problem of ranking permissions arises in order to identify the most significant, for which redundancy is most not desirable. A numerical characteristic that reflects the value or importance of permissions is called the "severity level". A number of heuristic assumptions have…
One Citation
The Security Policies Optimization Problem for Composite Information Systems
- Computer Science2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon)
- 2020
The problem of optimizing the security policy for the composite information system is formulated and subject-object model for information system was used and the main problems of optimization the composite security policy are formulated.
References
SHOWING 1-10 OF 28 REFERENCES
User authorization in a system with a role-based access control on the basis of the analytic hierarchy process
- Computer Science2017 Dynamics of Systems, Mechanisms and Machines (Dynamics)
- 2017
The problem of optimal authorization of a user in a system with a role-based access control policy is considered and an algorithm for calculating weight coefficients is presented, based on the quantitative characteristics of the role graph and not dependent on subjective expert evaluations.
CRiBAC: Community-centric role interaction based access control model
- Computer ScienceComput. Secur.
- 2012
On the formalization and analysis of a spatio-temporal role-based access control model
- Computer ScienceJ. Comput. Secur.
- 2011
This work describes how each entity in the role-based access control model is affected by time and location and proposes constraints to express this, and shows how the formal semantics of the model can be expressed using graph-theoretic notation.
Role-Based Access Control Models
- Computer ScienceComputer
- 1996
Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
Scalable automated symbolic analysis of administrative role-based access control policies by SMT solving
- Computer ScienceJ. Comput. Secur.
- 2012
This paper designs an automated analysis technique that can handle both a bounded and an unbounded number of users by adapting recent methods for the symbolic model checking of infinite state systems that use first-order logic and SMT solving techniques.
Role-Based Access Controls
- Computer ScienceArXiv
- 2009
A type of non-discretionary access contro l - role-based access control (RBAC) that is more central to the secure processing needs ofnon-military systems than DAC is described.
Roles in information security - A survey and classification of the research area
- Computer ScienceComput. Secur.
- 2011
A graph-based system for network-vulnerability analysis
- Computer ScienceNSPW '98
- 1998
A graph-based tool can identify the set of attack paths that have a high probability of success (or a low effort cost) for the attacker, and is used to test the effectiveness of making configuration changes, implementing an intrusion detection system, etc.
Network Security Risk Assessment Based on Fuzzy Analytical Hierarchy Process
- Computer Science
- 2014
An evaluation method based on fuzzy analytic hierarchy process (FAHP) for network security risk assessment is proposed and it provides a reliable basis for security risk control strategy of network security staff.