![[img]](https://epub.uni-regensburg.de/style/images/fileicons/application_pdf.png) | Submitted Version Download ( PDF | 504kB) |
Optimization of Access Control Policies
Kern, Sascha
, Baumer, Thomas , Groll, Sebastian , Fuchs, Ludwig and Pernul, Günther
(2022)
Optimization of Access Control Policies.
Journal of Information Security and Applications 70, p. 103301.
Date of publication of this fulltext: 20 Sep 2022 09:08
Article
DOI to cite this document: 10.5283/epub.52885
Abstract
Organizations undertake complex and costly projects to model high-quality Access Control Policies (ACPs). Once built, these policies must be maintained and managed in an ongoing process to keep their quality high. Insufficient maintenance leads to inaccurate authorization decisions and increases the policies' administrative effort and susceptibility to errors. While the initial modeling of ACPs ...
Organizations undertake complex and costly projects to model high-quality Access Control Policies (ACPs). Once built, these policies must be maintained and managed in an ongoing process to keep their quality high. Insufficient maintenance leads to inaccurate authorization decisions and increases the policies' administrative effort and susceptibility to errors. While the initial modeling of ACPs has received significant research interest, their optimization is not yet covered as broadly. This work provides a theoretical foundation for ACP quality and its optimization. Furthermore, it analyzes how existing research addresses optimization of ACPs with regard to six crucial optimization dimensions. It presents a structured literature survey tracing these optimization dimensions, the contributed research artifact and data requirements. Building on this literature catalogue, this work elaborates on inaccuracies for user permission assignments, data availability, minimal perturbation and recommendation-based optimization.
Alternative links to fulltext
Involved Institutions
Details
| Item type | Article | ||||
| Journal or Publication Title | Journal of Information Security and Applications | ||||
| Publisher: | Elsevier | ||||
|---|---|---|---|---|---|
| Place of Publication: | AMSTERDAM | ||||
| Volume: | 70 | ||||
| Page Range: | p. 103301 | ||||
| Date | 15 September 2022 | ||||
| Institutions | Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) Informatics and Data Science > Department Information Systems > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) | ||||
| Identification Number |
| ||||
| Keywords | CONTROL MODEL; ROLES; REFINEMENT; DISCOVERY; USER; RBAC; Access Management; Data quality; Policy optimization; Policy maintenance; Role-Based Access Control; Attribute-Based Access Control | ||||
| Dewey Decimal Classification | 300 Social sciences > 330 Economics | ||||
| Status | Published | ||||
| Refereed | Yes, this version has been refereed | ||||
| Created at the University of Regensburg | Yes | ||||
| URN of the UB Regensburg | urn:nbn:de:bvb:355-epub-528859 | ||||
| Item ID | 52885 |
Export bibliographical data
Owner only: item control page
Download Statistics
Download Statistics