JUCS - Journal of Universal Computer Science 18(17): 2432-2451, doi: 10.3217/jucs-018-17-2432
A Formal Approach for Risk Assessment in RBAC Systems
expand article infoJi Ma
‡ Software Competence Center Hagenberg, Hagenberg, Austria
Open Access
Abstract
Risk assessment and access control are important issues in cloud computing. In this paper, we propose a formal approach to risk assessment for RBAC Systems, in which access control decisions are taken after consideration of risk assessment. The risk assessment method considers partial orderings on objects and actions, which allow us to effectively capture the notions of importance of objects and criticality of actions and then to determine the risk of assigning a specific role to a specific user. We in particular consider the cases of permission assignment and delegation assignment.
Keywords
risk assessment, access control, RBAC, poset, security classification