TU Darmstadt / ULB / TUbiblio

A calculus for the qualitative risk assessment of policy override authorization

Bartsch, Steffen (2010):
A calculus for the qualitative risk assessment of policy override authorization.
In: SIN: Proceedings of the 3rd international conference on Security of information and networks, ACM, Taganrog, Rostov-on-Don, Russian Federation, ISBN 978-1-4503-0234-0,
DOI: 10.1145/1854099.1854115,
[Conference or Workshop Item]

Abstract

Policy override is gaining traction in the research community to improve the efficiency and usability of authorization mechanisms. These mechanisms turn the conventional privileges into a soft boundary that may be overridden by users in exceptional situations. The challenge for the practical deployment of the policy override mechanisms often is whether policy override is adequate and, if so, to which extent. In this paper, we propose a calculus to support this decisionmaking process. The calculus is based on proven risk assessment practices and derives a qualitative result on the adequacy for specific roles and override extents. Moreover, we developed a tool to support the policy override risk assessment. The calculus and the tool are briefly evaluated in two distinct contexts. 

Item Type: Conference or Workshop Item
Erschienen: 2010
Creators: Bartsch, Steffen
Title: A calculus for the qualitative risk assessment of policy override authorization
Language: English
Abstract:

Policy override is gaining traction in the research community to improve the efficiency and usability of authorization mechanisms. These mechanisms turn the conventional privileges into a soft boundary that may be overridden by users in exceptional situations. The challenge for the practical deployment of the policy override mechanisms often is whether policy override is adequate and, if so, to which extent. In this paper, we propose a calculus to support this decisionmaking process. The calculus is based on proven risk assessment practices and derives a qualitative result on the adequacy for specific roles and override extents. Moreover, we developed a tool to support the policy override risk assessment. The calculus and the tool are briefly evaluated in two distinct contexts. 

Title of Book: SIN: Proceedings of the 3rd international conference on Security of information and networks
Publisher: ACM
ISBN: 978-1-4503-0234-0
Uncontrolled Keywords: Secure Data
Divisions: 20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > SECUSO - Security, Usability and Society
LOEWE > LOEWE-Zentren
20 Department of Computer Science
LOEWE
Event Location: Taganrog, Rostov-on-Don, Russian Federation
Date Deposited: 28 Jul 2016 18:35
DOI: 10.1145/1854099.1854115
Identification Number: Bartsch10a
Export:

Optionen (nur für Redakteure)

View Item View Item