Visible to the public Enforcing a Risk Assessment Approach in Access Control Policies Management: Analysis, Correlation Study and Model Enhancement

TitleEnforcing a Risk Assessment Approach in Access Control Policies Management: Analysis, Correlation Study and Model Enhancement
Publication TypeConference Paper
Year of Publication2019
AuthorsEVINA, P. A., AYACHI, F. LABBENE, JAIDI, F., Bouhoula, A.
Conference Name2019 15th International Wireless Communications Mobile Computing Conference (IWCMC)
Date Publishedjun
KeywordsAccess Control, access control policies management, access control policy, access control service, Anomalies Correlation, authorisation, Correlation, correlation links, Database Security, Databases, information system security, Information systems, model enhancement, policy-based governance, pubcrawl, RBAC, risk assessment, risk assessment approach, risk assessment model, risk management, Security Policies Analysis, security risks, Servers
AbstractNowadays, the domain of Information System (IS) security is closely related to that of Risk Management (RM). As an immediate consequence, talking about and tackling the security of IS imply the implementation of a set of mechanisms that aim to reduce or eliminate the risk of IS degradations. Also, the high cadence of IS evolution requires careful consideration of corresponding measures to prevent or mitigate security risks that may cause the degradation of these systems. From this perspective, an access control service is subjected to a number of rules established to ensure the integrity and confidentiality of the handled data. During their lifecycle, the use or manipulation of Access Control Policies (ACP) is accompanied with several defects that are made intentionally or not. For many years, these defects have been the subject of numerous studies either for their detection or for the analysis of the risks incurred by IS to their recurrence and complexity. In our research works, we focus on the analysis and risk assessment of noncompliance anomalies in concrete instances of access control policies. We complete our analysis by studying and assessing the risks associated with the correlation that may exist between different anomalies. Indeed, taking into account possible correlations can make a significant contribution to the reliability of IS. Identifying correlation links between anomalies in concrete instances of ACP contributes in discovering or detecting new scenarios of alterations and attacks. Therefore, once done, this study mainly contributes in the improvement of our risk assessment model.
Citation Keyevina_enforcing_2019