Logo des Repositoriums
 

Risk-centred role engineering within identity data audits - continuous improvement of the rights structure and possible risk accumulations

dc.contributor.authorKurowski, Sebastian
dc.contributor.editorHühnlein, Detlef
dc.contributor.editorRoßnagel, Heiko
dc.contributor.editorSchunck, Christian H.
dc.contributor.editorTalamo, Maurizio
dc.date.accessioned2017-06-20T11:39:38Z
dc.date.available2017-06-20T11:39:38Z
dc.date.issued2016
dc.description.abstractSuccess and costs of audits in identity management largely depend on the structure of the underlying access control model. Auditing access rights includes the determination of actuality and adequacy of provided access rights. In order to ease audit and administration of access rights, role mining approaches have provided several solutions for identifying a minimal set of roles based upon either existing usage data, or business data. However, these approaches have focused on homogeneous, static environments. When facing dynamic, heterogeneous environments, such as infrastructure administration or smart systems, the accompanied noise of access rights provisioning hinder the determination of adequacy and actuality of access rights. With application of static approaches, accumulation of access risks at users may arise due to inadequate access rights, or aggregation of access roles. These issues are however mostly neglected by current approaches. Within this contribution we propose a method based upon the design structure matrix approach, which enables the identification of role aggregations, and examination of access risk accumulation within aggregated roles, and their assigned users throughout continuous audits of the access control model.
dc.identifier.isbn978-3-88579-658-9
dc.identifier.pissn1617-5468
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-264
dc.titleRisk-centred role engineering within identity data audits - continuous improvement of the rights structure and possible risk accumulations
dc.typeText/Conference Paper
gi.citation.endPage133
gi.citation.publisherPlaceBonn
gi.citation.startPage117
gi.conference.date13.-14. October 2016
gi.conference.locationRome, Italy

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
117.pdf
Größe:
228.12 KB
Format:
Adobe Portable Document Format