{"id":"https://openalex.org/W4388858470","doi":"https://doi.org/10.1145/3576915.3623196","title":"Is Modeling Access Control Worth It?","display_name":"Is Modeling Access Control Worth It?","publication_year":2023,"publication_date":"2023-11-15","ids":{"openalex":"https://openalex.org/W4388858470","doi":"https://doi.org/10.1145/3576915.3623196"},"language":"en","primary_location":{"id":"doi:10.1145/3576915.3623196","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3576915.3623196","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://digitalcollection.zhaw.ch/handle/11475/29482","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025344654","display_name":"David Basin","orcid":"https://orcid.org/0000-0003-2952-939X"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":true,"raw_author_name":"David Basin","raw_affiliation_strings":["ETH Z\u00fcrich, Zurich, Switzerland"],"raw_orcid":"https://orcid.org/0000-0003-2952-939X","affiliations":[{"raw_affiliation_string":"ETH Z\u00fcrich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012385881","display_name":"Juan Guarnizo","orcid":"https://orcid.org/0000-0002-2161-308X"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Juan Guarnizo","raw_affiliation_strings":["ETH Z\u00fcrich, Zurich, Switzerland"],"raw_orcid":"https://orcid.org/0000-0002-2161-308X","affiliations":[{"raw_affiliation_string":"ETH Z\u00fcrich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028440299","display_name":"Sr\u0111an Krsti\u0107","orcid":"https://orcid.org/0000-0001-8314-2589"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Sr\u0111an Krstic","raw_affiliation_strings":["ETH Z\u00fcrich, Zurich, Switzerland"],"raw_orcid":"https://orcid.org/0000-0001-8314-2589","affiliations":[{"raw_affiliation_string":"ETH Z\u00fcrich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008362007","display_name":"Ho\u00e0ng Nguyen Phuoc Bao","orcid":"https://orcid.org/0000-0003-4217-0983"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Hoang Nguyen","raw_affiliation_strings":["ETH Z\u00fcrich, Zurich, Switzerland"],"raw_orcid":"https://orcid.org/0000-0003-4217-0983","affiliations":[{"raw_affiliation_string":"ETH Z\u00fcrich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019979722","display_name":"Mart\u00edn Ochoa","orcid":"https://orcid.org/0000-0002-7816-5775"},"institutions":[{"id":"https://openalex.org/I858936495","display_name":"ZHAW Zurich University of Applied Sciences","ror":"https://ror.org/05pmsvm27","country_code":"CH","type":"education","lineage":["https://openalex.org/I858936495"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Mart\u00edn Ochoa","raw_affiliation_strings":["Zurich University of Applied Sciences, Zurich, Switzerland"],"raw_orcid":"https://orcid.org/0000-0002-7816-5775","affiliations":[{"raw_affiliation_string":"Zurich University of Applied Sciences, Zurich, Switzerland","institution_ids":["https://openalex.org/I858936495"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5025344654"],"corresponding_institution_ids":["https://openalex.org/I35440088"],"apc_list":null,"apc_paid":null,"fwci":0.5632,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.77216508,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"2830","last_page":"2844"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9923999905586243,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9761000275611877,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8005892634391785},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.6543360352516174},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.6070602536201477},{"id":"https://openalex.org/keywords/de-facto","display_name":"De facto","score":0.5681694149971008},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5548315644264221},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5459247827529907},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.46141064167022705},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4542061686515808},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4514845013618469},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4296978712081909},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.42562949657440186},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3321893811225891},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.27978450059890747},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.12699806690216064},{"id":"https://openalex.org/keywords/systems-engineering","display_name":"Systems engineering","score":0.12053182721138},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.12048840522766113},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.10495185852050781}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8005892634391785},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.6543360352516174},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.6070602536201477},{"id":"https://openalex.org/C2992317946","wikidata":"https://www.wikidata.org/wiki/Q712144","display_name":"De facto","level":2,"score":0.5681694149971008},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5548315644264221},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5459247827529907},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46141064167022705},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4542061686515808},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4514845013618469},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4296978712081909},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.42562949657440186},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3321893811225891},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.27978450059890747},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.12699806690216064},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.12053182721138},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.12048840522766113},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.10495185852050781},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3576915.3623196","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3576915.3623196","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:digitalcollection.zhaw.ch:11475/29482","is_oa":true,"landing_page_url":"https://digitalcollection.zhaw.ch/handle/11475/29482","pdf_url":null,"source":{"id":"https://openalex.org/S4306401811","display_name":"Z\u00fcrcher Hochschule f\u00fcr Angewandte Wissenschaften digital collection (Zurich University of Applied Sciences)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I200744771","host_organization_name":"ZHAW Zurich University of Applied Sciences","host_organization_lineage":["https://openalex.org/I200744771"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"},{"id":"pmh:oai:www.research-collection.ethz.ch:20.500.11850/641981","is_oa":true,"landing_page_url":"http://hdl.handle.net/20.500.11850/641981","pdf_url":null,"source":{"id":"https://openalex.org/S4306402302","display_name":"Repository for Publications and Research Data (ETH Zurich)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I35440088","host_organization_name":"ETH Zurich","host_organization_lineage":["https://openalex.org/I35440088"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"CCS '23:  Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"info:eu-repo/semantics/acceptedVersion"},{"id":"doi:10.3929/ethz-b-000641981","is_oa":true,"landing_page_url":"https://doi.org/10.3929/ethz-b-000641981","pdf_url":null,"source":{"id":"https://openalex.org/S7407051236","display_name":"ETH Z\u00fcrich Research Collection","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article-journal"}],"best_oa_location":{"id":"pmh:oai:digitalcollection.zhaw.ch:11475/29482","is_oa":true,"landing_page_url":"https://digitalcollection.zhaw.ch/handle/11475/29482","pdf_url":null,"source":{"id":"https://openalex.org/S4306401811","display_name":"Z\u00fcrcher Hochschule f\u00fcr Angewandte Wissenschaften digital collection (Zurich University of Applied Sciences)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I200744771","host_organization_name":"ZHAW Zurich University of Applied Sciences","host_organization_lineage":["https://openalex.org/I200744771"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Text"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.5899999737739563,"id":"https://metadata.un.org/sdg/9"}],"awards":[{"id":"https://openalex.org/G5725153931","display_name":"Model-driven Security & Privacy","funder_award_id":"204796","funder_id":"https://openalex.org/F4320320924","funder_display_name":"Schweizerischer Nationalfonds zur F\u00f6rderung der Wissenschaftlichen Forschung"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320320924","display_name":"Schweizerischer Nationalfonds zur F\u00f6rderung der Wissenschaftlichen Forschung","ror":"https://ror.org/00yjd3n13"},{"id":"https://openalex.org/F4320321652","display_name":"Eidgen\u00f6ssische Technische Hochschule Z\u00fcrich","ror":"https://ror.org/05a28rw58"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W1486178352","https://openalex.org/W1516257798","https://openalex.org/W1526993786","https://openalex.org/W1606093006","https://openalex.org/W1783768447","https://openalex.org/W1963887709","https://openalex.org/W2010173096","https://openalex.org/W2028627312","https://openalex.org/W2041928155","https://openalex.org/W2044463389","https://openalex.org/W2046895806","https://openalex.org/W2079831641","https://openalex.org/W2095881341","https://openalex.org/W2097223308","https://openalex.org/W2098634112","https://openalex.org/W2125189252","https://openalex.org/W2132688679","https://openalex.org/W2953917756","https://openalex.org/W3034075688","https://openalex.org/W4248361652","https://openalex.org/W4293236827","https://openalex.org/W4300948847","https://openalex.org/W4308643158"],"related_works":["https://openalex.org/W2807906686","https://openalex.org/W2794909825","https://openalex.org/W4247715995","https://openalex.org/W2594962586","https://openalex.org/W2518047880","https://openalex.org/W3175075103","https://openalex.org/W3157838713","https://openalex.org/W4200095465","https://openalex.org/W945978269","https://openalex.org/W4225160120"],"abstract_inverted_index":{"Implementing":[0],"access":[1],"control":[2],"policies":[3],"is":[4,53],"an":[5],"error-prone":[6],"task":[7,42],"that":[8],"can":[9],"have":[10,21,30],"severe":[11],"consequences":[12],"for":[13,75],"the":[14,25,34,38,60,71],"security":[15,64],"of":[16,36,40,56,62],"software":[17,49,76],"applications.":[18],"Model-driven":[19],"approaches":[20,65],"been":[22,31],"proposed":[23],"in":[24],"literature":[26],"and":[27,43],"associated":[28],"tools":[29],"developed":[32],"with":[33],"goal":[35],"reducing":[37],"complexity":[39],"this":[41],"helping":[44],"developers":[45],"to":[46],"produce":[47],"secure":[48],"efficiently.":[50],"Nevertheless,":[51],"there":[52],"a":[54],"lack":[55],"empirical":[57],"data":[58],"supporting":[59],"advantages":[61],"model-driven":[63],"over":[66],"code-centric":[67],"approaches,":[68],"which":[69],"are":[70],"de-facto":[72],"industry":[73],"standard":[74],"development.":[77]},"counts_by_year":[{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}