Search

Your search keyword '"Fuchs, Ludwig"' showing total 9 results
Start Over Author "Fuchs, Ludwig" Topic ddc:004
9 results on '"Fuchs, Ludwig"'

1. How to Discover High-quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining

Author

Kunz, Michael, Fuchs, Ludwig, Netter, Michael, and Pernul, Günther

Subjects
ddc:004, ddc:330, IAM, Role Quality, RBAC, Role-based Access Control, 330 Wirtschaft, 004 Informatik
Abstract

Roles have evolved into the de facto standard for access control in Enterprise Identity Management. However, companies struggle to develop and maintain a role-based access control state. For the initial role deployment, role mining is widely used. Due to the high number and complexity of available role mining algorithms, companies fail to perceive which is selected best according to their needs. Furthermore, requirements on the composition of roles such as reduction of administration cost are to be taken into account in role development. In order to give them guidance, in this paper we aggregate existing role mining approaches and classify them. For consideration of individual prerequisites we extract quality criteria that should be met. Later on, we discuss interdependencies between the criteria to help role developers avoid unwanted side-effects and produce RBAC states that are tailored to their preferences., book title "Information Systems Security and Privacy. First International Conference, ICISSP 2015, Angers, France, February 9-11, 2015, Revised Selected Papers" (ISBN 978-3-319276-67-05-0937)

Published
2016

2. Adaptive identity and access management—contextual data based policies

Author

Hummer, Matthias, Kunz, Michael, Netter, Michael, Fuchs, Ludwig, and Pernul, Günther

Subjects
ddc:004, Identity management, Policy management, Policy mining, Access control, Security management, 004 Informatik
Abstract

Due to compliance and IT security requirements, company-wide identity and access management within organizations has gained significant importance in research and practice over the last years. Companies aim at standardizing user management policies in order to reduce administrative overhead and strengthen IT security. These policies provide the foundation for every identity and access management system no matter if poured into IT systems or only located within responsible identity and access management (IAM) engineers’ mind. Despite its relevance, hardly any supportive means for the automated detection and refinement as well as management of policies are available. As a result, policies outdate over time, leading to security vulnerabilities and inefficiencies. Existing research mainly focuses on policy detection and enforcement without providing the required guidance for policy management nor necessary instruments to enable policy adaptibility for today’s dynamic IAM. This paper closes the existing gap by proposing a dynamic policy management process which structures the activities required for policy management in identity and access management environments. In contrast to current approaches, it utilizes the consideration of contextual user management data and key performance indicators for policy detection and refinement and offers result visualization techniques that foster human understanding. In order to underline its applicability, this paper provides an evaluation based on real-life data from a large industrial company.

Published
2016
Full Text
View/download PDF

4. Managing the Access Grid - A Process View to Minimize Insider Misuse Risks

Author

Meier, Stefan, Fuchs, Ludwig, and Pernul, Günther

Subjects
ddc:004, 004 Informatik
Abstract

It is generally agreed upon the fact that the quality of Identity- and Access Management (IAM) data such as user accounts, access privileges or consistent user representation among different security domains is low. Growing user populations in medium- and large-sized organizations lead to a so called “identity chaos” in which over-privileged employees increase the risk of insider misuse. Recent governance and compliance mandates have amplified the importance of minimizing these risks. In order to fulfill these requirements, organizations focus on implementing role-based user management. To set up a role-based access control system, they face the challenge of modeling suitable roles for their employees. In this paper we show how the role modeling process can be improved by utilizing the so called access grid, a visualization technique to incorporate human interaction into the process of role creation.

Published
2013
Full Text
View/download PDF

5. Minimizing insider misuse through secure Identity Management

Author

Fuchs, Ludwig and Pernul, Günther

Subjects
ddc:004, 004 Informatik
Abstract

To avoid insider computer misuse, identity, and authorization data referring to the legitimate users of systems must be properly organized, constantly and systematically analyzed, and evaluated. In order to support this, structured and secure Identity Management is required. A comprehensive methodology supporting Identity Management within organizations has been developed, including gathering of identity data spread among different applications, systematic cleansing of user account data in order to detect semantic as well as syntactic errors, grouping of privileges and access rights, and semiautomatic engineering of user roles. The focus of this paper is on the cleansing of identity and account data leading to feedback where insider misuse due to existing privileges which go beyond the scope of the users' current need-to-know may occur. The paper in detail presents used data cleansing mechanisms and underlines their applicability in two real-world case studies., Article first published online: 25 FEB 2011

Published
2012

6. Reducing the Risk of Insider Misuse by Revising Identity Management and UserAccount Data

Author

Pernul, Günther and Fuchs, Ludwig

Subjects
ddc:004, 004 Informatik
Abstract

To avoid insider computer misuse, identity and authorization data referring to the legitimate users of the systems must be properly organized and constantly and systematically analyzed and evaluated. In order to support this, a methodology for structured Identity Management has been developed. This methodology includes gathering of identity data spread among different applications, systematic cleansing of user account data in order to detect semantic as well as syntactic errors, grouping of privileges and access rights, and semiautomatic engineering of user roles. Each of the steps involved includes quality criteria and comprehensive tool support. The focus of this paper is on the data cleansing phase leading to feedback where insider misuse may occur due to existing privileges which go beyond the scope of the users’ current need-to-know.

Published
2010

Catalog

Books, media, physical & digital resources
See catalog results