{"id":"https://openalex.org/W2033344846","doi":"https://doi.org/10.1109/cns.2013.6682761","title":"A framework for risk-aware role based access control","display_name":"A framework for risk-aware role based access control","publication_year":2013,"publication_date":"2013-10-01","ids":{"openalex":"https://openalex.org/W2033344846","doi":"https://doi.org/10.1109/cns.2013.6682761","mag":"2033344846"},"language":"en","primary_location":{"id":"doi:10.1109/cns.2013.6682761","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2013.6682761","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5091377823","display_name":"Khalid Zaman Bijon","orcid":"https://orcid.org/0000-0002-0527-0013"},"institutions":[{"id":"https://openalex.org/I4210138172","display_name":"Institute of Information Security","ror":"https://ror.org/03rmfrm44","country_code":"JP","type":"education","lineage":["https://openalex.org/I4210138172"]},{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["JP","US"],"is_corresponding":true,"raw_author_name":"Khalid Zaman Bijon","raw_affiliation_strings":["Department of Computer Science, Institute for Cyber Security",": Department of Computer Science, University of Texas at San Antonio, San Antonio, TX, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Institute for Cyber Security","institution_ids":["https://openalex.org/I4210138172"]},{"raw_affiliation_string":": Department of Computer Science, University of Texas at San Antonio, San Antonio, TX, USA","institution_ids":["https://openalex.org/I45438204"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085555416","display_name":"Ram Krishnan","orcid":"https://orcid.org/0000-0002-7402-553X"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ram Krishnan","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Texas at San Antonio","Dept. of Electr. & Comput. Eng., Univ. of Texas at San Antonio, San Antonio, TX, USA#TAB#"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Texas at San Antonio","institution_ids":["https://openalex.org/I45438204"]},{"raw_affiliation_string":"Dept. of Electr. & Comput. Eng., Univ. of Texas at San Antonio, San Antonio, TX, USA#TAB#","institution_ids":["https://openalex.org/I45438204"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5038692973","display_name":"Ravi Sandhu","orcid":"https://orcid.org/0000-0002-3165-1813"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]},{"id":"https://openalex.org/I4210138172","display_name":"Institute of Information Security","ror":"https://ror.org/03rmfrm44","country_code":"JP","type":"education","lineage":["https://openalex.org/I4210138172"]}],"countries":["JP","US"],"is_corresponding":false,"raw_author_name":"Ravi Sandhu","raw_affiliation_strings":["Department of Computer Science, Institute for Cyber Security",": Department of Computer Science, University of Texas at San Antonio, San Antonio, TX, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Institute for Cyber Security","institution_ids":["https://openalex.org/I4210138172"]},{"raw_affiliation_string":": Department of Computer Science, University of Texas at San Antonio, San Antonio, TX, USA","institution_ids":["https://openalex.org/I45438204"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5091377823"],"corresponding_institution_ids":["https://openalex.org/I4210138172","https://openalex.org/I45438204"],"apc_list":null,"apc_paid":null,"fwci":6.0949,"has_fulltext":false,"cited_by_count":48,"citation_normalized_percentile":{"value":0.95871819,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"462","last_page":"469"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":1.0,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":1.0,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/role-based-access-control","display_name":"Role-based access control","score":0.9481395483016968},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.784692108631134},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.762773871421814},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.6223469972610474},{"id":"https://openalex.org/keywords/separation-of-duties","display_name":"Separation of duties","score":0.6203550100326538},{"id":"https://openalex.org/keywords/flexibility","display_name":"Flexibility (engineering)","score":0.6120610237121582},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.49674826860427856},{"id":"https://openalex.org/keywords/risk-management","display_name":"Risk management","score":0.4782882332801819},{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.4354112446308136},{"id":"https://openalex.org/keywords/constraint","display_name":"Constraint (computer-aided design)","score":0.42128047347068787},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.17218580842018127},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.09682705998420715},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.08802667260169983}],"concepts":[{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.9481395483016968},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.784692108631134},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.762773871421814},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.6223469972610474},{"id":"https://openalex.org/C100587491","wikidata":"https://www.wikidata.org/wiki/Q1474665","display_name":"Separation of duties","level":4,"score":0.6203550100326538},{"id":"https://openalex.org/C2780598303","wikidata":"https://www.wikidata.org/wiki/Q65921492","display_name":"Flexibility (engineering)","level":2,"score":0.6120610237121582},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.49674826860427856},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.4782882332801819},{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.4354112446308136},{"id":"https://openalex.org/C2776036281","wikidata":"https://www.wikidata.org/wiki/Q48769818","display_name":"Constraint (computer-aided design)","level":2,"score":0.42128047347068787},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.17218580842018127},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.09682705998420715},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.08802667260169983},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C10138342","wikidata":"https://www.wikidata.org/wiki/Q43015","display_name":"Finance","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/cns.2013.6682761","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2013.6682761","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.700.1347","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.700.1347","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://engineering.utsa.edu/%7Ekrishnan/conferences/2013-safeconfig.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals","score":0.4099999964237213}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W27149491","https://openalex.org/W1997888312","https://openalex.org/W2007999111","https://openalex.org/W2021079739","https://openalex.org/W2058347046","https://openalex.org/W2061594924","https://openalex.org/W2065288470","https://openalex.org/W2067106503","https://openalex.org/W2082554729","https://openalex.org/W2097171586","https://openalex.org/W2107903816","https://openalex.org/W2120050784","https://openalex.org/W2134167896","https://openalex.org/W2138754523","https://openalex.org/W2143509186","https://openalex.org/W2152505375","https://openalex.org/W2154765153","https://openalex.org/W2154889864","https://openalex.org/W2163283609","https://openalex.org/W2166602595","https://openalex.org/W2169620043","https://openalex.org/W2548236240","https://openalex.org/W2626643089","https://openalex.org/W3134410366","https://openalex.org/W6674468412","https://openalex.org/W6729688579"],"related_works":["https://openalex.org/W2361825345","https://openalex.org/W2945232779","https://openalex.org/W2056139315","https://openalex.org/W2354790132","https://openalex.org/W2393886221","https://openalex.org/W2378809132","https://openalex.org/W2751035473","https://openalex.org/W1606180331","https://openalex.org/W2354055181","https://openalex.org/W2938177213"],"abstract_inverted_index":{"Over":[0],"the":[1,18,24,37,107,147,150,156,190],"years,":[2],"role":[3],"based":[4,121],"access":[5,14,30,95,119],"control":[6,15,31,96],"(RBAC)":[7],"has":[8,32,71],"remained":[9],"a":[10,65,74,103,129,133,165,179],"dominant":[11],"form":[12],"of":[13,42,63,68,182],"both":[16],"in":[17,29,36,40,94,118,161,170],"industry":[19],"and":[20,60,100,102,155,163],"academia.":[21],"More":[22],"recently,":[23],"need":[25],"for":[26,90,167],"risk":[27,51,69,104,153],"awareness":[28],"received":[33],"considerable":[34],"attention":[35],"research":[38,76],"community":[39],"light":[41],"issues":[43],"such":[44,55,97,124],"as":[45,56,73,98,125],"insider":[46],"threats.":[47],"Although":[48],"RBAC":[49,162,171,186,193],"facilitates":[50],"mitigation":[52,154],"via":[53],"features":[54],"constraints":[57],"(e.g.":[58],"static":[59],"dynamic":[61],"separation":[62],"duty),":[64],"quantified":[66,114,158],"approach":[67,115],"awareness/mitigation":[70],"emerged":[72],"promising":[75],"theme":[77],"due":[78],"to":[79],"its":[80],"inherent":[81],"flexibility.":[82],"In":[83,142],"this":[84,143],"approach,":[85],"risk/cost":[86],"metrics":[87],"are":[88],"computed":[89],"various":[91],"entities":[92],"involved":[93],"users":[99],"objects":[101],"threshold":[105],"limits":[106],"permissions":[108],"that":[109,173],"can":[110],"be":[111],"exercised.":[112],"The":[113],"accommodates":[116],"dynamism":[117],"decisions":[120],"on":[122],"contexts/situations":[123],"an":[126,183],"employee":[127],"accessing":[128,137],"sensitive":[130],"file":[131],"using":[132,138],"work":[134],"computer":[135],"versus":[136],"her":[139],"own":[140],"device.":[141],"paper,":[144],"we":[145],"analyze":[146],"difference":[148],"between":[149],"traditional":[151],"constraint-based":[152],"recent":[157],"risk-aware":[159,185],"approaches":[160],"propose":[164],"framework":[166],"introducing":[168],"risk-awareness":[169],"models":[172],"incorporates":[174],"quantified-risk.":[175],"We":[176],"also":[177],"provide":[178],"formal":[180],"specification":[181],"adaptive":[184],"model":[187],"by":[188],"enhancing":[189],"NIST":[191],"core":[192],"model.":[194]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":9},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}