{"id":"https://openalex.org/W1973007193","doi":"https://doi.org/10.1145/2295136.2295168","title":"A trust-and-risk aware RBAC framework","display_name":"A trust-and-risk aware RBAC framework","publication_year":2012,"publication_date":"2012-06-20","ids":{"openalex":"https://openalex.org/W1973007193","doi":"https://doi.org/10.1145/2295136.2295168","mag":"1973007193"},"language":"en","primary_location":{"id":"doi:10.1145/2295136.2295168","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2295136.2295168","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th ACM symposium on Access Control Models and Technologies","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5010677582","display_name":"Nathalie Baracaldo","orcid":"https://orcid.org/0000-0001-9469-045X"},"institutions":[{"id":"https://openalex.org/I170201317","display_name":"University of Pittsburgh","ror":"https://ror.org/01an3r305","country_code":"US","type":"education","lineage":["https://openalex.org/I170201317"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Nathalie Baracaldo","raw_affiliation_strings":["University of Pittsburgh, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"University of Pittsburgh, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I170201317"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5042767930","display_name":"James Joshi","orcid":"https://orcid.org/0000-0003-4519-9802"},"institutions":[{"id":"https://openalex.org/I170201317","display_name":"University of Pittsburgh","ror":"https://ror.org/01an3r305","country_code":"US","type":"education","lineage":["https://openalex.org/I170201317"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"James Joshi","raw_affiliation_strings":["University of Pittsburgh, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"University of Pittsburgh, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I170201317"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5010677582"],"corresponding_institution_ids":["https://openalex.org/I170201317"],"apc_list":null,"apc_paid":null,"fwci":14.7611,"has_fulltext":false,"cited_by_count":51,"citation_normalized_percentile":{"value":0.985567,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"167","last_page":"176"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9916999936103821,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9858999848365784,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7387421131134033},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.716214120388031},{"id":"https://openalex.org/keywords/insider-threat","display_name":"Insider threat","score":0.6975346803665161},{"id":"https://openalex.org/keywords/insider","display_name":"Insider","score":0.6215572953224182},{"id":"https://openalex.org/keywords/reputation","display_name":"Reputation","score":0.6171521544456482},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5727075934410095},{"id":"https://openalex.org/keywords/harm","display_name":"Harm","score":0.5210796594619751},{"id":"https://openalex.org/keywords/role-based-access-control","display_name":"Role-based access control","score":0.5049739480018616},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.4998972415924072},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.48898231983184814},{"id":"https://openalex.org/keywords/matching","display_name":"Matching (statistics)","score":0.4425155818462372},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.42635682225227356},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.42254024744033813},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.23636335134506226}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7387421131134033},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.716214120388031},{"id":"https://openalex.org/C2776633304","wikidata":"https://www.wikidata.org/wiki/Q6038026","display_name":"Insider threat","level":3,"score":0.6975346803665161},{"id":"https://openalex.org/C2778971194","wikidata":"https://www.wikidata.org/wiki/Q1664551","display_name":"Insider","level":2,"score":0.6215572953224182},{"id":"https://openalex.org/C48798503","wikidata":"https://www.wikidata.org/wiki/Q877546","display_name":"Reputation","level":2,"score":0.6171521544456482},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5727075934410095},{"id":"https://openalex.org/C2777363581","wikidata":"https://www.wikidata.org/wiki/Q15098235","display_name":"Harm","level":2,"score":0.5210796594619751},{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.5049739480018616},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.4998972415924072},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.48898231983184814},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.4425155818462372},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.42635682225227356},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.42254024744033813},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.23636335134506226},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2295136.2295168","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2295136.2295168","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 17th ACM symposium on Access Control Models and Technologies","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5899999737739563,"id":"https://metadata.un.org/sdg/8","display_name":"Decent work and economic growth"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W27149491","https://openalex.org/W92760516","https://openalex.org/W206833334","https://openalex.org/W1533070224","https://openalex.org/W1669748495","https://openalex.org/W2021079739","https://openalex.org/W2022036778","https://openalex.org/W2022901032","https://openalex.org/W2097367098","https://openalex.org/W2107113299","https://openalex.org/W2107903816","https://openalex.org/W2110723603","https://openalex.org/W2120239604","https://openalex.org/W2125942055","https://openalex.org/W2126536038","https://openalex.org/W2127399150","https://openalex.org/W2134641111","https://openalex.org/W2147022450","https://openalex.org/W2148952798","https://openalex.org/W2152318637","https://openalex.org/W2154765153","https://openalex.org/W2164799985","https://openalex.org/W2168683140","https://openalex.org/W2176363081","https://openalex.org/W2369295637","https://openalex.org/W2524502639","https://openalex.org/W2891255201","https://openalex.org/W3023064319","https://openalex.org/W4252934814","https://openalex.org/W6675978296","https://openalex.org/W6685968906"],"related_works":["https://openalex.org/W2372156812","https://openalex.org/W2766781562","https://openalex.org/W4205304595","https://openalex.org/W2374393728","https://openalex.org/W2979782961","https://openalex.org/W308359497","https://openalex.org/W1499596878","https://openalex.org/W3136170567","https://openalex.org/W2947769183","https://openalex.org/W4387194049"],"abstract_inverted_index":{"Insider":[0],"Attacks":[1],"are":[2,102,107],"one":[3],"of":[4,43,178],"the":[5,30,34,41,44,99,120,133,135,173,192,203],"most":[6],"dangerous":[7],"threats":[8],"organizations":[9],"face":[10],"today.":[11],"An":[12],"insider":[13,57],"attack":[14],"occurs":[15],"when":[16,85,153],"a":[17,60,95,116,128,158,167,183],"person":[18],"authorized":[19],"to":[20,28,67,70,144,176,186,210],"perform":[21,75],"certain":[22,159],"actions":[23],"in":[24,52,147],"an":[25,199],"organization":[26],"decides":[27],"abuse":[29,90],"trust,":[31],"and":[32,48,54,104,132,197],"harm":[33],"organization.":[35],"These":[36],"attacks":[37,58],"may":[38,49,83],"negatively":[39],"impact":[40],"reputation":[42],"organization,":[45],"its":[46,139],"productivity,":[47],"produce":[50],"losses":[51],"revenue":[53],"clients.":[55],"Avoiding":[56],"is":[59,65,109,163],"daunting":[61],"task.":[62],"While":[63],"it":[64],"necessary":[66,100],"provide":[68],"privileges":[69,82,101,152],"employees":[71],"so":[72],"they":[73],"can":[74],"their":[76,91],"jobs":[77],"efficiently,":[78],"providing":[79],"too":[80],"many":[81],"backfire":[84],"users":[86],"accidentally":[87],"or":[88],"intentionally":[89],"privileges.":[92],"Hence,":[93],"finding":[94],"middle":[96],"ground,":[97],"where":[98],"provided":[103],"malicious":[105],"usage":[106],"avoided,":[108],"necessary.":[110],"In":[111],"this":[112],"paper,":[113],"we":[114],"propose":[115,198],"framework":[117,142],"that":[118,171,201],"extends":[119],"role-based":[121],"access":[122],"control":[123],"(RBAC)":[124],"model":[125],"by":[126,150],"incorporating":[127],"risk":[129,168,174,204],"assessment":[130,169],"process,":[131],"trust":[134,155],"system":[136],"has":[137],"on":[138,166],"users.":[140],"Our":[141],"adapts":[143],"suspicious":[145],"changes":[146],"users'":[148,154],"behavior":[149],"removing":[151],"falls":[156],"below":[157],"threshold.":[160],"This":[161],"threshold":[162],"computed":[164],"based":[165],"process":[170],"includes":[172],"due":[175],"inference":[177],"unauthorized":[179],"information.":[180],"We":[181,189,206],"use":[182],"Coloured-Petri":[184],"net":[185],"detect":[187],"inferences.":[188],"also":[190],"redefine":[191],"existing":[193],"role":[194],"activation":[195],"problem,":[196],"algorithm":[200],"reduces":[202],"exposure.":[205],"present":[207],"experimental":[208],"evaluation":[209],"validate":[211],"our":[212],"work.":[213]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":7},{"year":2017,"cited_by_count":5},{"year":2016,"cited_by_count":8},{"year":2015,"cited_by_count":6},{"year":2014,"cited_by_count":4},{"year":2013,"cited_by_count":4},{"year":2012,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}