A methodology to minimise excessively permissive security configurations

Athauda, Rukshan; Skinner, Geoff; Regan, Brian

Title: A methodology to minimise excessively permissive security configurations
Creator: Athauda, Rukshan; Skinner, Geoff; Regan, Brian
Relation: 8th WSEAS International Conference on Applied Computer Science (ACS'08). Recent Advances in Applied Computer Science: Proceedings of the 8th WSEAS International Conference on Applied Computer Science (ACS' 08) (Venice, Italy 21-23 November, 2008) p. 187-192
Relation: http://portal.acm.org/citation.cfm?id=1504034.1504069
Publisher: WSEAS Press
Resource Type: conference paper
Date: 2008
Description: Today's complex IT systems and multitude of possible permission configurations create a challenge for IT administrators, especially in determining optimal permission configuration for user groups. This is further exaggerated with the users' privilege requirements not being clearly specified or available. This typically leads to excessively permissive security configurations in IT systems which results in security vulnerabilities. This paper proposes a methodology and high-level architecture for a system that enables to elicit and deploy IT permissions in a convenient and secure manner avoiding many pitfalls that exist today. The proposed methodology's applicability is illustrated using two scenarios: a typical organisation with complex security requirements and a collaborative online environment.
Subject: excessively permissive security configurations; privilege requirements; security configurations
Identifier: uon:6506
Identifier: http://hdl.handle.net/1959.13/803783
Identifier: ISBN:9789604740284
Identifier: ISSN:1790-5109
Full Text
Reviewed

Hits: 1455
Visitors: 1626
Downloads: 198

		Thumbnail	File	Description	Size	Format
View Details Download			SOURCE3	Publisher version (open access)	587 KB	Adobe Acrobat PDF	View Details Download