Abstract
The evolution of information systems and their openness to their socio-economic environment has led to new needs in terms of security. At the heart of information systems, Database Management Systems (DBMS) are increasingly exposed to specific intrusion types, including internal threats due to authorized users. In addition, the access control policy (PCA) defined on a database schema is stored at the same location as the data it protects and is thus highly prone to corruption attempts such as non-conformity of the roles or permissions assignment in the policy observation state compare to a reference state, especially in the case of the Role-based access Control (RBAC). We establish a correlation between the detected anomalies and we explore the log files and other audit mechanisms to propose a global and comprehensive risk management formal approach that mainly verifies the recommendations of the ISO 31000:2009 standard.
Cite
CITATION STYLE
Evina, P. A., Ayachi, F. L., & Jaidi, F. (2017). Risk Management in Access Control Policies. In Position Papers of the 2017 Federated Conference on Computer Science and Information Systems (Vol. 12, pp. 107–112). PTI. https://doi.org/10.15439/2017f555
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
