![[img]](https://epub.uni-regensburg.de/style/images/fileicons/application_pdf.png) | Accepted Version Download ( PDF | 459kB) |
Maintain High-Quality Access Control Policies: An Academic and Practice-Driven Approach
Kern, Sascha
, Baumer, Thomas , Fuchs, Ludwig and Pernul, Günther
(2023)
Maintain High-Quality Access Control Policies: An Academic and Practice-Driven Approach.
In: DBSec 2023, 19.-21. Jul 2023, Sophia Antipolis, France.
Date of publication of this fulltext: 18 Jul 2024 07:09
Conference or workshop item
Abstract
Organizations encounter great difficulties in maintaining high-quality Access Control Policies (ACPs). Policies originally modeled and implemented with good quality deteriorate over time, leading to inaccurate authorization decisions and reduced policy maintainability. As a result, security risks arise, delays prevent users from carrying out tasks, and ACP management becomes more expensive and ...
Organizations encounter great difficulties in maintaining high-quality Access Control Policies (ACPs). Policies originally modeled and implemented with good quality deteriorate over time, leading to inaccurate authorization decisions and reduced policy maintainability. As a result, security risks arise, delays prevent users from carrying out tasks, and ACP management becomes more expensive and error-prone. In contrast to the initial modeling of ACPs, their long-term maintenance has been addressed scarcely by existing research. This work addresses this research gap with three contributions: First, we provide a detailed problem analysis based on a literature survey and six real-world practitioner expert interviews. Second, we propose a framework that supports organizations in implementing and performing ACP maintenance. Third, we present a maintenance case study in which we implemented maintenance capabilities for a real-world ACP dataset that allowed us to significantly improve its quality.
Involved Institutions
Details
| Item type | Conference or workshop item (Paper) | ||||
| ISBN | 978-3-031-37586-6 | ||||
| Title of Book: | Data and Applications Security and Privacy XXXVII | ||||
|---|---|---|---|---|---|
| Publisher: | Springer | ||||
| Place of Publication: | Cham | ||||
| Other Series: | Lecture Notes in Computer Science | ||||
| Volume: | 13942 | ||||
| Page Range: | pp. 223-242 | ||||
| Date | 12 July 2023 | ||||
| Institutions | Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) Informatics and Data Science > Department Information Systems > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) | ||||
| Identification Number |
| ||||
| Related URLs |
| ||||
| Keywords | Identity management, Access control, Access control policies, Data quality, Policy maintenance, Security management | ||||
| Dewey Decimal Classification | 000 Computer science, information & general works > 004 Computer science 300 Social sciences > 330 Economics | ||||
| Status | Published | ||||
| Refereed | Yes, this version has been refereed | ||||
| Created at the University of Regensburg | Partially | ||||
| URN of the UB Regensburg | urn:nbn:de:bvb:355-epub-586603 | ||||
| Item ID | 58660 |
Export bibliographical data
Owner only: item control page
Download Statistics
Download Statistics