Istituto di Informatica e Telematica     
Krautsevich L., Lazouski A., Martinelli F., Yautsiukhin A. Towards Attribute-based Access Control Policy Engineering Using Risk. In: 1st International Workshop on Risk Assessment and Risk-driven Testing (RISK) (Istambul, 2013). Proceedings, pp. 85 - 102. TBA, 2013.
In this paper, we consider a policy engineering problem forattribute-based access control. The general goal is to help a policy writerto specify access control policies. In particular, we target the problem ofde ning the values of attributes when access to an object should begranted or denied. We use risk to quantify possible harm caused by mis-uses and abuses of granted access rights and apply the risk-bene t anal-ysis to maximize the pro t from granting an access.
Subject ABAC
policy engineering
access control
K.6.5 Security and protection

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional