Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Risk-centred role engineering in identity management audits

An approach for continuous improvement of the access control model and possible risk accumulations
: Kurowski, Sebastian

Hühnlein, Detlef (Ed.); Roßnagel, Heiko (Ed.); Schunck, Christian H. (Ed.); Talamo, Maurizio (Ed.) ; Gesellschaft für Informatik -GI-, Bonn:
Open Identity Summit 2016 : 13.-14. October 2016, Rome, Italy; Proceedings
Bonn: GI, 2016 (GI-Edition - Lecture Notes in Informatics (LNI). Proceedings 264)
ISBN: 978-3-88579-658-9
ISBN: 3-88579-658-9
Open Identity Summit <2016, Rome>
Bundesministerium für Bildung und Forschung BMBF
13N13102; VERTRAG
Vertrauenswürdiger Austausch Geistigen Eigentums
Conference Paper
Fraunhofer IAO ()

Success and costs of audits in identity management largely depend on the structure of the underlying access control model. Auditing access rights includes the determination of actuality and adequacy of provided access rights. In order to case audit and administration of access rights, role mining approaches have provided several solutions for identifying a minimal set of roles based upon either existing usage data, or business data. However, these approaches have focused on homogeneous, static environments. When facing dynamic, heterogeneous environments, such as infrastructure administration or smart systems, the accompanied noise of access rights provisioning hinder the determination of adequacy and actuality of access rights. With application of static approaches, accumulation of access risks at users may arise due to inadequate access rights, or aggregation of access roles. These issues are however mostly neglected by current approaches. Within this contribution we propose a method based upon the design structure matrix approach, which enables the identification of role aggregations, and examination of access risk accumulation within aggregated roles, and their assigned users throughout continuous audits of the access control model.