Risk Management in Access Control Policies

Pierrette Annie Evina, Faten Labenne Ayachi, Faouzi Jaidi
2017 Position Papers of the 2017 Federated Conference on Computer Science and Information Systems  
The evolution of information systems and their openness to their socio-economic environment has led to new needs in terms of security. At the heart of information systems, Database Management Systems (DBMS) are increasingly exposed to specific intrusion types, including internal threats due to authorized users. In addition, the access control policy (ACP) defined on a database schema is stored at the same location as the data it protects and is thus highly prone to corruption attempts such as
more » ... n-conformity of the roles or permissions assignment in the policy observation state compared to a reference state, especially in the case of the Role-based access Control (RBAC). We establish a correlation between the detected anomalies and we explore the log files and other audit mechanisms to propose a global and comprehensive risk management formal approach that mainly verifies the recommendations of the ISO 31000:2009 standard.
doi:10.15439/2017f555 dblp:conf/fedcsis/EvinaAJ17 fatcat:ib3wxihicjd7ro7wnagx5clcmu