Skip to content

Towards open data-driven evaluation of access control policies

Research output: Contribution to journalArticlepeer-review

Modern approaches towards the understanding of the behaviour of systems and policies have recently been driven by the abundance of open and non-open data moving away from the classical model-based approaches, in which data were secondary to the solution. In this paper, we present a similar approach by suggesting that the analysis of the risk probability for access control and security policies can be based on an empirical data-driven study. We outline a constraint-based approach that allows organisations to examine policies in light of the probabilities of internal actors damaging organisational assets. Our approach is validated using Verizon's open community dataset for security incidents, known as VERIS/VCDB.
Original languageEnglish
Pages (from-to)13-26
Number of pages14
JournalComputer Standards & Interfaces
Early online date14 Sep 2017
Publication statusPublished - 1 Feb 2018


Related information

Relations Get citation (various referencing formats)

ID: 7710063