Bartsch, Steffen (2010)
A calculus for the qualitative risk assessment of policy override authorization.
Taganrog, Rostov-on-Don, Russian Federation
doi: 10.1145/1854099.1854115
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Policy override is gaining traction in the research community to improve the efficiency and usability of authorization mechanisms. These mechanisms turn the conventional privileges into a soft boundary that may be overridden by users in exceptional situations. The challenge for the practical deployment of the policy override mechanisms often is whether policy override is adequate and, if so, to which extent. In this paper, we propose a calculus to support this decisionmaking process. The calculus is based on proven risk assessment practices and derives a qualitative result on the adequacy for specific roles and override extents. Moreover, we developed a tool to support the policy override risk assessment. The calculus and the tool are briefly evaluated in two distinct contexts.
Typ des Eintrags: | Konferenzveröffentlichung |
---|---|
Erschienen: | 2010 |
Autor(en): | Bartsch, Steffen |
Art des Eintrags: | Bibliographie |
Titel: | A calculus for the qualitative risk assessment of policy override authorization |
Sprache: | Englisch |
Publikationsjahr: | September 2010 |
Verlag: | ACM |
Buchtitel: | SIN: Proceedings of the 3rd international conference on Security of information and networks |
Veranstaltungsort: | Taganrog, Rostov-on-Don, Russian Federation |
DOI: | 10.1145/1854099.1854115 |
Kurzbeschreibung (Abstract): | Policy override is gaining traction in the research community to improve the efficiency and usability of authorization mechanisms. These mechanisms turn the conventional privileges into a soft boundary that may be overridden by users in exceptional situations. The challenge for the practical deployment of the policy override mechanisms often is whether policy override is adequate and, if so, to which extent. In this paper, we propose a calculus to support this decisionmaking process. The calculus is based on proven risk assessment practices and derives a qualitative result on the adequacy for specific roles and override extents. Moreover, we developed a tool to support the policy override risk assessment. The calculus and the tool are briefly evaluated in two distinct contexts. |
Freie Schlagworte: | Secure Data |
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Fachbereich Informatik > SECUSO - Security, Usability and Society LOEWE > LOEWE-Zentren 20 Fachbereich Informatik LOEWE |
Hinterlegungsdatum: | 28 Jul 2016 18:35 |
Letzte Änderung: | 17 Mai 2018 13:02 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |