da Silva, Carlos Eduardo, da Silva, Jose Diego Saraiva, Paterson, Colin Alexander orcid.org/0000-0002-6678-3752 et al. (1 more author) (Accepted: 2017) Self-Adaptive Role-Based Access Control for Business Processes. In: 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2017). IEEE (In Press)
Abstract
We present an approach for dynamically reconfiguring the role-based access control (RBAC) of information systems running business processes, to protect them against insider threats. The new approach uses business process execution traces and stochastic model checking to establish confidence intervals for key measurable attributes of user behaviour, and thus to identify and adaptively demote users who misuse their access permissions maliciously or accidentally. We implemented and evaluated the approach and its policy specification formalism for a real IT support business process, showing their ability to express and apply a broad range of self-adaptive RBAC policies.
Metadata
Item Type: | Proceedings Paper |
---|---|
Authors/Creators: |
|
Dates: |
|
Institution: | The University of York |
Academic Units: | The University of York > Faculty of Sciences (York) > Computer Science (York) |
Depositing User: | Pure (York) |
Date Deposited: | 10 Mar 2017 16:40 |
Last Modified: | 11 Feb 2025 00:05 |
Status: | In Press |
Publisher: | IEEE |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:113454 |
Download
Filename: SEAMS_2017_camera_ready.pdf
Description: SEAMS-2017-camera-ready