Internet Archive Scholar

Risk Management in Access Control Policies

Pierrette Annie Evina, Faten Labenne Ayachi, Faouzi Jaidi
2017 Position Papers of the 2017 Federated Conference on Computer Science and Information Systems  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (368.5 kB)
https://web.archive.org/web/20180420211555/https://annals-csis.org/Volume_12/drp/pdf/555.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL. The file type is application/pdf.

The evolution of information systems and their openness to their socio-economic environment has led to new needs in terms of security. At the heart of information systems, Database Management Systems (DBMS) are increasingly exposed to specific intrusion types, including internal threats due to authorized users. In addition, the access control policy (ACP) defined on a database schema is stored at the same location as the data it protects and is thus highly prone to corruption attempts such as
more » ... n-conformity of the roles or permissions assignment in the policy observation state compared to a reference state, especially in the case of the Role-based access Control (RBAC). We establish a correlation between the detected anomalies and we explore the log files and other audit mechanisms to propose a global and comprehensive risk management formal approach that mainly verifies the recommendations of the ISO 31000:2009 standard.
doi:10.15439/2017f555 dblp:conf/fedcsis/EvinaAJ17 fatcat:ib3wxihicjd7ro7wnagx5clcmu
Citation

Pierrette Annie Evina, Faten Labenne Ayachi, Faouzi Jaidi. "Risk Management in Access Control Policies." Position Papers of the 2017 Federated Conference on Computer Science and Information Systems (2017) 107-112