Download PDFOpen PDF in browser

Towards a Reliable Formal Framework for Enhancing Risk Assessment in Access Control Systems

6 pagesPublished: March 26, 2017

Abstract

The constant evolution of access control requirements and the dynamic environment in which they evolve require nowadays quick and instant decision-making related to risk of illegitimate access in Information Systems. Various contributions defined in the literature aim to overcome or to mitigate related risks and paradoxically adopted the hypothesis of reliability and validity of access control policies. However, the corruption of these policies is a security aspect of great importance and should be handled actively because (i) an access control policy is also exposed to the same threats as the managed data is and (ii) properties and parameters of the concrete policy at a given stage may differ, in a critical manner, from a reference stage. We define a reliable and complete solution for risk management in the context of Database Servers. We intend to define a rigorous risk management approach that mainly verifies recommendations of the standard ISO 31000:2009. Our approach takes into consideration all identified threats on a Database Server and provides an environment for the analysis of the correlation
between the threats detected in particular by different security devices.
To ensure a high level of surety, we opt for defining a formal framework that allows to efficiently address this problematic and to formally represent and verify our risk management
processes.

Keyphrases: access control, access control policy, risk, risk assessment, risk management

In: Mohamed Mosbah and Michael Rusinowitch (editors). SCSS 2017. The 8th International Symposium on Symbolic Computation in Software Science 2017, vol 45, pages 77-82.

BibTeX entry
@inproceedings{SCSS2017:Towards_Reliable_Formal_Framework,
  author    = {Pierrette Annie Evina and Faten Labbene Ayachi and Faouzi Jaidi and Adel Bouhoula},
  title     = {Towards a Reliable Formal Framework for Enhancing Risk Assessment in Access Control Systems},
  booktitle = {SCSS 2017. The 8th International Symposium on Symbolic Computation in Software Science 2017},
  editor    = {Mohamed Mosbah and Michael Rusinowitch},
  series    = {EPiC Series in Computing},
  volume    = {45},
  publisher = {EasyChair},
  bibsource = {EasyChair, https://easychair.org},
  issn      = {2398-7340},
  url       = {/publications/paper/w5j},
  doi       = {10.29007/42j8},
  pages     = {77-82},
  year      = {2017}}
Download PDFOpen PDF in browser