IIT Home Page CNR Home Page

Towards Attribute-based Access Control Policy Engineering Using Risk

In this paper, we consider a policy engineering problem for attribute-based access control. The general goal is to help a policy writer to specify access control policies. In particular, we target the problem of de ning the values of attributes when access to an object should be granted or denied. We use risk to quantify possible harm caused by misuses and abuses of granted access rights and apply the risk-bene t analysis to maximize the pro t from granting an access.


1st International Workshop on Risk Assessment and Risk-driven Testing (RISK), Istambul, 2013

Autori IIT:

Leanid Krautsevich

Foto di Leanid Krautsevich

Aliaksandr Lazouski

Foto di Aliaksandr Lazouski

Tipo: Articolo in Atti di convegno internazionale con referee
Area di disciplina: Information Technology and Communication Systems