Towards open data-driven evaluation of access control policies

Benjamin Aziz

Research output: Contribution to journalArticlepeer-review

206 Downloads (Pure)


Modern approaches towards the understanding of the behaviour of systems and policies have recently been driven by the abundance of open and non-open data moving away from the classical model-based approaches, in which data were secondary to the solution. In this paper, we present a similar approach by suggesting that the analysis of the risk probability for access control and security policies can be based on an empirical data-driven study. We outline a constraint-based approach that allows organisations to examine policies in light of the probabilities of internal actors damaging organisational assets. Our approach is validated using Verizon's open community dataset for security incidents, known as VERIS/VCDB.
Original languageEnglish
Pages (from-to)13-26
Number of pages14
JournalComputer Standards & Interfaces
Early online date14 Sept 2017
Publication statusPublished - 1 Feb 2018


  • security metrics
  • risk analysis
  • access control
  • data analysis


Dive into the research topics of 'Towards open data-driven evaluation of access control policies'. Together they form a unique fingerprint.

Cite this