![[img]](https://epub.uni-regensburg.de/style/images/fileicons/application_pdf.png) | Angenommene Version Download ( PDF | 459kB) |
Maintain High-Quality Access Control Policies: An Academic and Practice-Driven Approach
Kern, Sascha
, Baumer, Thomas , Fuchs, Ludwig und Pernul, Günther
(2023)
Maintain High-Quality Access Control Policies: An Academic and Practice-Driven Approach.
In: DBSec 2023, 19.-21. Jul 2023, Sophia Antipolis, France.
Veröffentlichungsdatum dieses Volltextes: 18 Jul 2024 07:09
Konferenz- oder Workshop-Beitrag
Zusammenfassung
Organizations encounter great difficulties in maintaining high-quality Access Control Policies (ACPs). Policies originally modeled and implemented with good quality deteriorate over time, leading to inaccurate authorization decisions and reduced policy maintainability. As a result, security risks arise, delays prevent users from carrying out tasks, and ACP management becomes more expensive and ...
Organizations encounter great difficulties in maintaining high-quality Access Control Policies (ACPs). Policies originally modeled and implemented with good quality deteriorate over time, leading to inaccurate authorization decisions and reduced policy maintainability. As a result, security risks arise, delays prevent users from carrying out tasks, and ACP management becomes more expensive and error-prone. In contrast to the initial modeling of ACPs, their long-term maintenance has been addressed scarcely by existing research. This work addresses this research gap with three contributions: First, we provide a detailed problem analysis based on a literature survey and six real-world practitioner expert interviews. Second, we propose a framework that supports organizations in implementing and performing ACP maintenance. Third, we present a maintenance case study in which we implemented maintenance capabilities for a real-world ACP dataset that allowed us to significantly improve its quality.
Alternative Links zum Volltext
Beteiligte Einrichtungen
Details
| Dokumentenart | Konferenz- oder Workshop-Beitrag (Paper) | ||||
| ISBN | 978-3-031-37586-6 | ||||
| Buchtitel: | Data and Applications Security and Privacy XXXVII | ||||
|---|---|---|---|---|---|
| Verlag: | Springer | ||||
| Ort der Veröffentlichung: | Cham | ||||
| Sonstige Reihe: | Lecture Notes in Computer Science | ||||
| Band: | 13942 | ||||
| Seitenbereich: | S. 223-242 | ||||
| Datum | 12 Juli 2023 | ||||
| Institutionen | Wirtschaftswissenschaften > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) Informatik und Data Science > Fachbereich Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) | ||||
| Identifikationsnummer |
| ||||
| Verwandte URLs |
| ||||
| Stichwörter / Keywords | Identity management, Access control, Access control policies, Data quality, Policy maintenance, Security management | ||||
| Dewey-Dezimal-Klassifikation | 000 Informatik, Informationswissenschaft, allgemeine Werke > 004 Informatik 300 Sozialwissenschaften > 330 Wirtschaft | ||||
| Status | Veröffentlicht | ||||
| Begutachtet | Ja, diese Version wurde begutachtet | ||||
| An der Universität Regensburg entstanden | Zum Teil | ||||
| URN der UB Regensburg | urn:nbn:de:bvb:355-epub-586603 | ||||
| Dokumenten-ID | 58660 |
Bibliographische Daten exportieren
Nur für Besitzer und Autoren: Kontrollseite des Eintrags
Downloadstatistik
Downloadstatistik