In this thesis, we propose an extension of an existing RAAC abstract model that supports risk assessment, risk-aware authorisation decision making and the use of system and user obligations as risk mitigation methods. We also propose an implementation of the extended abstract model based on XACML, a standard that defines an XML-based language for the specification of access control policies, requests and responses. We develop a novel Risk-Aware Group Based Access Control (RA-GBAC)

Risk-Aware Access Control And XACML

Gasparini, Luca
2013/2014

Abstract

In this thesis, we propose an extension of an existing RAAC abstract model that supports risk assessment, risk-aware authorisation decision making and the use of system and user obligations as risk mitigation methods. We also propose an implementation of the extended abstract model based on XACML, a standard that defines an XML-based language for the specification of access control policies, requests and responses. We develop a novel Risk-Aware Group Based Access Control (RA-GBAC)
Scuola di Ingegneria
INGEGNERIA INFORMATICA
2013-04-22
access control, XACML, XML, obligations
Ferrari, Carlo
Norman, Tim
Lauree magistrali
File in questo prodotto:
File Dimensione Formato  
TesiGasparini1014325.pdf

accesso aperto

Dimensione 748.67 kB
Formato Adobe PDF
Visualizza/Apri
748.67 kB Adobe PDF Visualizza/Apri

The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12608/16598