loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Malek Belhaouane ; Joaquin Garcia-Alfaro and Hervé Debar

Affiliation: Institut Mines-Telecom and Télécom SudParis, France

Keyword(s): ICT Security, Authorization, Access Control, Quantitative Security, Security Assurance, Security Metrics.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Security in Information Systems ; Security Metrics and Measurement

Abstract: Access control models allow flexible authoring and management of security policies, using high-level statements. They enable the expression of structured and expressive policies. However, they have an impact on the policy characteristics. The complexity of such policies is one of the affected characteristics. We propose a series of quantitative metrics to assess comprehensive complexity of policies. By comprehensive, we mean the difficulty of understanding a policy by administrators. We formalize the concepts of authorization-based access control models, to propose general metrics regardless of the model. We also show the application of the proposed metrics through a content management system (CMS) policy example. We outline a proof-of-concept to evaluate the feasibility of our proposal, based on SELinux policies for a general-purpose CMS.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.21.93.44

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Belhaouane, M.; Garcia-Alfaro, J. and Debar, H. (2015). Evaluating the Comprehensive Complexity of Authorization-based Access Control Policies using Quantitative Metrics. In Proceedings of the 12th International Conference on Security and Cryptography (ICETE 2015) - SECRYPT; ISBN 978-989-758-117-5; ISSN 2184-3236, SciTePress, pages 53-64. DOI: 10.5220/0005544100530064

@conference{secrypt15,
author={Malek Belhaouane. and Joaquin Garcia{-}Alfaro. and Hervé Debar.},
title={Evaluating the Comprehensive Complexity of Authorization-based Access Control Policies using Quantitative Metrics},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography (ICETE 2015) - SECRYPT},
year={2015},
pages={53-64},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005544100530064},
isbn={978-989-758-117-5},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the 12th International Conference on Security and Cryptography (ICETE 2015) - SECRYPT
TI - Evaluating the Comprehensive Complexity of Authorization-based Access Control Policies using Quantitative Metrics
SN - 978-989-758-117-5
IS - 2184-3236
AU - Belhaouane, M.
AU - Garcia-Alfaro, J.
AU - Debar, H.
PY - 2015
SP - 53
EP - 64
DO - 10.5220/0005544100530064
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic