Self-Adaptive Role-Based Access Control for Business Processes

DA SILVA, Carlos, DA SILVA, JDS, PATERSON, C and CALINESCU, R (2017). Self-Adaptive Role-Based Access Control for Business Processes. In: 2017 IEEE/ACM 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS). IEEE, 193-203.

[img]
Preview
PDF
2017-SEAMS-saRBAC.pdf - Accepted Version
All rights reserved.

Download (513kB) | Preview
Official URL: https://ieeexplore.ieee.org/document/7968147
Link to published version:: https://doi.org/10.1109/SEAMS.2017.13
Related URLs:

    Abstract

    © 2017 IEEE. We present an approach for dynamically reconfiguring the role-based access control (RBAC) of information systems running business processes, to protect them against insider threats. The new approach uses business process execution traces and stochastic model checking to establish confidence intervals for key measurable attributes of user behaviour, and thus to identify and adaptively demote users who misuse their access permissions maliciously or accidentally. We implemented and evaluated the approach and its policy specification formalism for a real IT support business process, showing their ability to express and apply a broad range of self-adaptive RBAC policies.

    Item Type: Book Section
    Identification Number: https://doi.org/10.1109/SEAMS.2017.13
    Page Range: 193-203
    SWORD Depositor: Symplectic Elements
    Depositing User: Symplectic Elements
    Date Deposited: 31 Jan 2020 12:33
    Last Modified: 31 Jan 2020 12:45
    URI: http://shura.shu.ac.uk/id/eprint/25231

    Actions (login required)

    View Item View Item

    Downloads

    Downloads per month over past year

    View more statistics