Self-Adaptive Role-Based Access Control for Business Processes

Carlos Eduardo da Silva; Jose Diego Saraiva da Silva; Colin Alexander Paterson; Radu Constantin Calinescu

Self-Adaptive Role-Based Access Control for Business Processes

Carlos Eduardo da Silva, Jose Diego Saraiva da Silva, Colin Alexander Paterson, Radu Constantin Calinescu

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We present an approach for dynamically reconfiguring the role-based access control (RBAC) of information systems running business processes, to protect them against
insider threats. The new approach uses business process execution traces and stochastic model checking to establish confidence intervals for key measurable attributes of user behaviour, and thus to identify and adaptively demote users who misuse their access permissions maliciously or accidentally. We implemented and evaluated the approach and its policy specification formalism for a real IT support business process, showing their ability to express and apply a broad range of self-adaptive RBAC policies.

Original language	English
Title of host publication	12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2017)
Publisher	IEEE
Number of pages	11
Publication status	Accepted/In press - 2017

Access to Document

SEAMS-2017-camera-ready
This is an author-produced version of the published paper. Uploaded in accordance with the publisher’s self-archiving policy. Further copying may not be permitted; contact the publisher for details
Accepted author manuscript, 496 KB

Cite this

@inproceedings{7d980101770a4c7ebddb5a234a3e26b5,

title = "Self-Adaptive Role-Based Access Control for Business Processes",

abstract = "We present an approach for dynamically reconfiguring the role-based access control (RBAC) of information systems running business processes, to protect them againstinsider threats. The new approach uses business process execution traces and stochastic model checking to establish confidence intervals for key measurable attributes of user behaviour, and thus to identify and adaptively demote users who misuse their access permissions maliciously or accidentally. We implemented and evaluated the approach and its policy specification formalism for a real IT support business process, showing their ability to express and apply a broad range of self-adaptive RBAC policies.",

author = "{da Silva}, {Carlos Eduardo} and {da Silva}, {Jose Diego Saraiva} and Paterson, {Colin Alexander} and Calinescu, {Radu Constantin}",

year = "2017",

language = "English",

booktitle = "12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2017)",

publisher = "IEEE",

address = "United States",

}

TY - GEN

T1 - Self-Adaptive Role-Based Access Control for Business Processes

AU - da Silva, Carlos Eduardo

AU - da Silva, Jose Diego Saraiva

AU - Paterson, Colin Alexander

AU - Calinescu, Radu Constantin

PY - 2017

Y1 - 2017

N2 - We present an approach for dynamically reconfiguring the role-based access control (RBAC) of information systems running business processes, to protect them againstinsider threats. The new approach uses business process execution traces and stochastic model checking to establish confidence intervals for key measurable attributes of user behaviour, and thus to identify and adaptively demote users who misuse their access permissions maliciously or accidentally. We implemented and evaluated the approach and its policy specification formalism for a real IT support business process, showing their ability to express and apply a broad range of self-adaptive RBAC policies.

AB - We present an approach for dynamically reconfiguring the role-based access control (RBAC) of information systems running business processes, to protect them againstinsider threats. The new approach uses business process execution traces and stochastic model checking to establish confidence intervals for key measurable attributes of user behaviour, and thus to identify and adaptively demote users who misuse their access permissions maliciously or accidentally. We implemented and evaluated the approach and its policy specification formalism for a real IT support business process, showing their ability to express and apply a broad range of self-adaptive RBAC policies.

M3 - Conference contribution

BT - 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2017)

PB - IEEE

ER -