- Title
- A practical task-based approach to access control configurations
- Creator
- Athauda, Rukshan I.; Ahn, Euijoon
- Relation
- Applied Informatics Research Group Working Paper Series Number 4, November 2013
- Relation
- http://silverbullet.newcastle.edu.au/air
- Resource Type
- working paper
- Description
- Configuring optimal access control is a difficult task in today's complex IT environments. Too restrictive access control leads to frustration by users, while excessive privileges leads to vulnerabilities. Unfortunately, the problem of verifying safety - i.e. no rights can be leaked to an unauthorised principal - for an arbitrary configuration of a general access model is shown to be undecidable. In this paper, a practical methodology and framework is proposed to elicit access control rights stealthily while users perform tasks in a test environment that mimic a real-production environment. To illustrate the feasibility of the framework, a prototype is implemented and presented.
- Subject
- access control; configurations; IT environments; practical methodology; task based approach
- Identifier
- http://hdl.handle.net/1959.13/1037951
- Identifier
- uon:13499
- Language
- eng
- Full Text
- Hits: 6667
- Visitors: 7304
- Downloads: 191
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | ATTACHMENT01 | Author final version | 1 MB | Adobe Acrobat PDF | View Details Download |