We propose a framework to evaluate the risk incurred when managing users and permissions through RBAC. The risk analysis framework does not require roles to be defined, thus making...
Alessandro Colantonio, Roberto Di Pietro, Alberto ...
Role engineering, the task of defining roles and associating permissions to them, is essential to realize the full benefits of the role-based access control paradigm. Essentially,...
Abstract Role-based access control RBAC has recently received a lot of attention due to its exibility, expressive power and simplicity in administration. In RBAC permissions are as...
Role Engineering is a security-critical task for systems using role-based access control (RBAC). Different role-mining approaches have been proposed that attempt to automatically ...
Role mining algorithms address an important access control problem: configuring a role-based access control system. Given a direct assignment of users to permissions, role mining...
Mario Frank, Andreas P. Streich, David A. Basin, J...