Reconfiguring Role Based Access Control policies using risk semantics

Benjamin Aziz*, Simon N. Foley, John Herbert, Garret Swart

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


We present a refined model for Role Based Access Control policies and define a risk measure for the model, which expresses elements of the operational, combinatorial and conflict of interest risks present in a particular policy instance. The model includes risk-reducing mechanisms corresponding to practical mechanisms like firewalls, stack checking, redundancy, and event tracking that are frequently used to reduce risks in real systems. We also define policy transformation operators that produce new policies that allow the behaviours of the old policy while potentially reducing the risk measure. Sequences of these operators can be used to find policies that are less risky but still implement the initial policy. An example is give for Grid computing.

Original languageEnglish
Pages (from-to)261-273
Number of pages13
JournalJournal of High Speed Networks
Issue number3
Publication statusPublished - 31 Aug 2006


  • Configuration analysis
  • RBAC
  • Risk
  • Security policies


Dive into the research topics of 'Reconfiguring Role Based Access Control policies using risk semantics'. Together they form a unique fingerprint.

Cite this