Kurowski, 2016

Type

Article

Title

Risk-centred role engineering in identity management audits – An approach for continuous improvement of the access control model and possible risk accumulations

Authors

Kurowski, S.

Year

2016

Harvard

Kurowski, S., 2016. Risk-centred role engineering in identity management audits – An approach for continuous improvement of the access control model and possible risk accumulations, in: Lecture Notes in Informatics (LNI). Presented at the Open Identity Summit 2016, pp. 117–133.

Links

https://dl.gi.de/bitstream/handle/20.500.12116/609/117.pdf?sequence=1

Abstract

Success and costs of audits in identity management largely depend on the structure of the underlying access control model. Auditing access rights includes the determination of actuality and adequacy of provided access rights. In order to ease audit and administration of access rights, role mining approaches have provided several solutions for identifying a minimal set of roles based upon either existing usage data, or business data. However, these approaches have focused on homogeneous, static environments. When facing dynamic, heterogeneous environments, such as infrastructure administration or smart systems, the accompanied noise of access rights provisioning hinder the determination of adequacy and actuality of access rights. With application of static approaches, accumulation of access risks at users may arise due to inadequate access rights, or aggregation of access roles. These issues are however mostly neglected by current approaches. Within this contribution we propose a method based upon the design structure matrix approach, which enables the identification of role aggregations, and examination of access risk accumulation within aggregated roles, and their assigned users throughout continuous audits of the access control model.

(Kurowski, 2016, p. 1)


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.