%0 Conference Proceedings
%T Evaluating the Risk of Adopting RBAC Roles
%+ Engiweb Security
%+ Università degli Studi Roma Tre = Roma Tre University (ROMA TRE)
%A Colantonio, Alessandro
%A Pietro, Roberto
%A Ocello, Alberto
%A Verde, Nino Vincenzo
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC)
%C Rome, Italy
%Y Sara Foresti; Sushil Jajodia
%I Springer
%3 Data and Applications Security and Privacy XXIV
%V LNCS-6166
%P 303-310
%8 2010-06-21
%D 2010
%R 10.1007/978-3-642-13739-6_21
%Z Computer Science [cs]/Digital Libraries [cs.DL]Conference papers
%X We propose a framework to evaluate the risk incurred when managing users and permissions through RBAC. The risk analysis framework does not require roles to be defined, thus making it applicable before the role engineering phase. In particular, the proposed approach highlights users and permissions that markedly deviate from others, and that might consequently be prone to error when roles are operating. By focusing on such users and permissions during the role definition process, it is possible to mitigate the risk of unauthorized accesses and role misuse.
%G English
%2 https://inria.hal.science/hal-01056679/document
%2 https://inria.hal.science/hal-01056679/file/_51.pdf
%L hal-01056679
%U https://inria.hal.science/hal-01056679
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-LNCS-6166
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-2010