Risk Based Security Analysis of Permissions in RBAC
نویسندگان
چکیده
Because of its vulnerability to errors and, hence, unauthorised access, assignment of access rights is a critically important aspect of RBAC. Despite major advances in addressing this clearly using formal models, there is still a need for a more robust formulation, especially incorporating strict guidelines on assignment of access rights and how to perform such tasks as delegation of access rights. In this respect, this paper proposes a precise mathematical framework, capable of considering important factors such as the relative security risks posed by different access operations when performed by different users. This is based on a novel concept of a security risk ordering relation on such tasks, to be established by a detailed independent risk assessment process. In the case of lack of information on security risks, the approach makes conservative assumptions, thus forcing the security analyst to re-assess such situations if he disagrees with this default interpretation. The risk ordering relation is central to a security-orientated definition of role hierarchies and a security-risk minimising strategy to role delegation.
منابع مشابه
ریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملToward an Insider Threat Detection Framework Using Honey Permissions
The insider threat remains one of the most serious challenges to computer security. An insider attack occurs when an authorized user misuses his privileges and causes damages to the organization. Deception techniques have served as a common solution to insider threat detection, and several techniques, such as approaches based on honey entities, have been proposed. On the other hand, access cont...
متن کاملRole-based Administration of User-Role Assignment: The URA97 Model and its Oracle Implementation
In role-based access control (RBAC) permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles’ permissions. The principal motivation behind RBAC is to simplify administration. An appealing possibility is to use RBAC itself to manage RBAC, to further provide administrative convenience. In this paper we investigate one aspect of RBAC admini...
متن کاملA Service-Centric Approach to a Parameterized RBAC Service
Significant research has been done in the area of Role Based Access Control [RBAC]. Within this research there has been a thread of work focusing on adding parameters to the role and permissions within RBAC. The primary benefit of parameter support in RBAC comes in the form of a significant increase in specificity in how permissions may be granted. This paper focuses on implementing a parameter...
متن کاملFormal Analysis of Workflow Systems with Security Considerations
Workflow systems play an essential role in today’s enterprises by providing automatic manipulation of business processes. As an integral part of workflow systems, workflow security has received extensive attentions, within which role-based access control (RBAC) mechanism and separation of duty (SoD) constraints are important topics. RBAC is a natural mechanism to lighten the complexity of secur...
متن کاملTie-RBAC: An application of RBAC to Social Networks
This paper explores the application of role-based access control to social networks, from the perspective of social network analysis. Each tie, composed of a relation, a sender and a receiver, involves the sender's assignation of the receiver to a role with permissions. The model is not constrained to system-defined relations and lets users define them unilaterally. It benefits of RBAC's advant...
متن کامل