PUMA
Istituto di Informatica e Telematica     
Krautsevich L., Lazouski A., Martinelli F., Yautsiukhin A. Towards Attribute-based Access Control Policy Engineering Using Risk. In: 1st International Workshop on Risk Assessment and Risk-driven Testing (RISK) (Istambul, 2013). Proceedings, pp. 85 - 102. TBA, 2013.
 
 
Abstract
(English)
In this paper, we consider a policy engineering problem forattribute-based access control. The general goal is to help a policy writerto specify access control policies. In particular, we target the problem ofde ning the values of attributes when access to an object should begranted or denied. We use risk to quantify possible harm caused by mis-uses and abuses of granted access rights and apply the risk-bene t anal-ysis to maximize the pro t from granting an access.
Subject ABAC
policy engineering
access control
K.6.5 Security and protection


Icona documento 1) Download Document PDF


Icona documento Open access Icona documento Restricted Icona documento Private

 


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional