{"id":"https://openalex.org/W4214909560","doi":"https://doi.org/10.1186/s42400-022-00112-1","title":"Identifying high-risk over-entitlement in access control policies using fuzzy logic","display_name":"Identifying high-risk over-entitlement in access control policies using fuzzy logic","publication_year":2022,"publication_date":"2022-03-02","ids":{"openalex":"https://openalex.org/W4214909560","doi":"https://doi.org/10.1186/s42400-022-00112-1"},"language":"en","primary_location":{"id":"doi:10.1186/s42400-022-00112-1","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-022-00112-1","pdf_url":"https://cybersecurity.springeropen.com/track/pdf/10.1186/s42400-022-00112-1","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://cybersecurity.springeropen.com/track/pdf/10.1186/s42400-022-00112-1","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5037686924","display_name":"Simon Parkinson","orcid":"https://orcid.org/0000-0002-1747-9914"},"institutions":[{"id":"https://openalex.org/I133837150","display_name":"University of Huddersfield","ror":"https://ror.org/05t1h8f27","country_code":"GB","type":"education","lineage":["https://openalex.org/I133837150"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Simon Parkinson","raw_affiliation_strings":["Department of Computer Science, University of Huddersfield, Huddersfield, HD1 3DH, UK"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Huddersfield, Huddersfield, HD1 3DH, UK","institution_ids":["https://openalex.org/I133837150"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5053811883","display_name":"Saad Khan","orcid":"https://orcid.org/0000-0001-8613-8200"},"institutions":[{"id":"https://openalex.org/I133837150","display_name":"University of Huddersfield","ror":"https://ror.org/05t1h8f27","country_code":"GB","type":"education","lineage":["https://openalex.org/I133837150"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Saad Khana","raw_affiliation_strings":["Department of Computer Science, University of Huddersfield, Huddersfield, HD1 3DH, UK"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Huddersfield, Huddersfield, HD1 3DH, UK","institution_ids":["https://openalex.org/I133837150"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5037686924"],"corresponding_institution_ids":["https://openalex.org/I133837150"],"apc_list":null,"apc_paid":null,"fwci":5.5219,"has_fulltext":true,"cited_by_count":14,"citation_normalized_percentile":{"value":0.95443977,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"5","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9940999746322632,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.8394893407821655},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6369407773017883},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.6166218519210815},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5472440719604492},{"id":"https://openalex.org/keywords/role-based-access-control","display_name":"Role-based access control","score":0.5225445628166199},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5160269737243652},{"id":"https://openalex.org/keywords/fuzzy-logic","display_name":"Fuzzy logic","score":0.5064455270767212},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4488544464111328},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4372463822364807},{"id":"https://openalex.org/keywords/association-rule-learning","display_name":"Association rule learning","score":0.4187273383140564},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.4153788685798645},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.39721617102622986},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3837915062904358},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3185044229030609},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3171443045139313},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.24486681818962097},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.13824400305747986}],"concepts":[{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.8394893407821655},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6369407773017883},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.6166218519210815},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5472440719604492},{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.5225445628166199},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5160269737243652},{"id":"https://openalex.org/C58166","wikidata":"https://www.wikidata.org/wiki/Q224821","display_name":"Fuzzy logic","level":2,"score":0.5064455270767212},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4488544464111328},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4372463822364807},{"id":"https://openalex.org/C193524817","wikidata":"https://www.wikidata.org/wiki/Q386780","display_name":"Association rule learning","level":2,"score":0.4187273383140564},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.4153788685798645},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.39721617102622986},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3837915062904358},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3185044229030609},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3171443045139313},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.24486681818962097},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.13824400305747986},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1186/s42400-022-00112-1","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-022-00112-1","pdf_url":"https://cybersecurity.springeropen.com/track/pdf/10.1186/s42400-022-00112-1","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},{"id":"pmh:oai:pure.atira.dk:openaire/4036220f-51c5-4b50-9b04-8b4ce4e18bf7","is_oa":true,"landing_page_url":"https://pure.hud.ac.uk/en/publications/4036220f-51c5-4b50-9b04-8b4ce4e18bf7","pdf_url":null,"source":{"id":"https://openalex.org/S4306402508","display_name":"Huddersfield Research Portal (University of Huddersfield)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I133837150","host_organization_name":"University of Huddersfield","host_organization_lineage":["https://openalex.org/I133837150"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Parkinson, S & Khan, S 2022, 'Identifying high-risk over-entitlement in access control policies using fuzzy logic', Cybersecurity, vol. 5, no. 1, 6. https://doi.org/10.1186/s42400-022-00112-1","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:doaj.org/article:4b34fee031ee47f88fa3433ac0484e90","is_oa":true,"landing_page_url":"https://doaj.org/article/4b34fee031ee47f88fa3433ac0484e90","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cybersecurity, Vol 5, Iss 1, Pp 1-17 (2022)","raw_type":"article"},{"id":"pmh:oai:pure.atira.dk:publications/4036220f-51c5-4b50-9b04-8b4ce4e18bf7","is_oa":true,"landing_page_url":"http://www.scopus.com/inward/record.url?scp=85125964077&partnerID=8YFLogxK","pdf_url":null,"source":{"id":"https://openalex.org/S4306402508","display_name":"Huddersfield Research Portal (University of Huddersfield)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I133837150","host_organization_name":"University of Huddersfield","host_organization_lineage":["https://openalex.org/I133837150"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Parkinson, S & Khan, S 2022, 'Identifying high-risk over-entitlement in access control policies using fuzzy logic', Cybersecurity, vol. 5, no. 1, 6. https://doi.org/10.1186/s42400-022-00112-1","raw_type":"info:eu-repo/semantics/publishedVersion"}],"best_oa_location":{"id":"doi:10.1186/s42400-022-00112-1","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-022-00112-1","pdf_url":"https://cybersecurity.springeropen.com/track/pdf/10.1186/s42400-022-00112-1","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G5379082546","display_name":null,"funder_award_id":"EP/M029263/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G7622028247","display_name":"Digital Catapult Fellowship Programme","funder_award_id":"EP/M029263/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4214909560.pdf","grobid_xml":"https://content.openalex.org/works/W4214909560.grobid-xml"},"referenced_works_count":40,"referenced_works":["https://openalex.org/W27524139","https://openalex.org/W271922137","https://openalex.org/W1933979908","https://openalex.org/W1972907206","https://openalex.org/W1990041627","https://openalex.org/W1997199359","https://openalex.org/W1997888312","https://openalex.org/W2029830906","https://openalex.org/W2030085276","https://openalex.org/W2037716001","https://openalex.org/W2038206765","https://openalex.org/W2058347046","https://openalex.org/W2064696526","https://openalex.org/W2072331557","https://openalex.org/W2076246907","https://openalex.org/W2076817253","https://openalex.org/W2106335642","https://openalex.org/W2114917462","https://openalex.org/W2124183148","https://openalex.org/W2148952798","https://openalex.org/W2150911176","https://openalex.org/W2166602595","https://openalex.org/W2281587067","https://openalex.org/W2346228168","https://openalex.org/W2491148079","https://openalex.org/W2504836915","https://openalex.org/W2553727764","https://openalex.org/W2592225575","https://openalex.org/W2625481008","https://openalex.org/W2737324849","https://openalex.org/W2762091569","https://openalex.org/W2774510177","https://openalex.org/W2791751764","https://openalex.org/W2810689795","https://openalex.org/W2901665206","https://openalex.org/W2903266369","https://openalex.org/W2910020460","https://openalex.org/W2911566513","https://openalex.org/W2946201290","https://openalex.org/W4255848759"],"related_works":["https://openalex.org/W2373984226","https://openalex.org/W2349137515","https://openalex.org/W2130613250","https://openalex.org/W2361337511","https://openalex.org/W1513229083","https://openalex.org/W2358774039","https://openalex.org/W2353815999","https://openalex.org/W4390864104","https://openalex.org/W2364540050","https://openalex.org/W2124367090"],"abstract_inverted_index":{"Abstract":[0],"Analysing":[1],"access":[2,54,82],"control":[3,55],"policies":[4],"is":[5,18,27,41,67,83,117,130,135,139,157,168,195,256,264],"an":[6,48,52,77,96,103,128,166,175],"essential":[7],"process":[8],"for":[9,254],"ensuring":[10],"over-prescribed":[11],"permissions":[12,73,126],"are":[13,74],"identified":[14],"and":[15,21,86,137,197,212],"removed.":[16],"This":[17,203],"a":[19,28,111,159,186,193,219,225],"time-consuming":[20],"knowledge-intensive":[22],"process,":[23],"largely":[24],"because":[25],"there":[26,40],"wealth":[29],"of":[30,45,114,147,208],"policy":[31],"information":[32],"that":[33,71],"needs":[34],"to":[35,61,76,124,141,150,173,184,191,200,217,232,242,259],"be":[36,84,100,182],"manually":[37],"examined.":[38],"Furthermore,":[39],"no":[42,118],"standard":[43],"definition":[44],"what":[46],"constitutes":[47],"over-entitled":[49,72,196],"permission":[50,98,133],"within":[51],"organisation\u2019s":[53,78],"policy,":[56],"making":[57],"it":[58,138,263],"not":[59,158],"possible":[60],"develop":[62],"automated":[63],"rule-based":[64],"approaches.":[65],"It":[66],"often":[68],"the":[69,145,148,201,205,267],"case":[70],"subjective":[75],"role-based":[79],"structure,":[80],"where":[81,102,127],"divided":[85],"managed":[87],"based":[88],"on":[89,236],"different":[90],"employee":[91,104,129],"needs.":[92],"In":[93],"this":[94,164,245],"context,":[95],"irregular":[97,271],"could":[99],"one":[101,119],"has":[105,229],"frequently":[106],"changed":[107],"roles,":[108],"thus":[109],"accumulating":[110],"wide-ranging":[112],"set":[113],"permissions.":[115,272],"There":[116],"size":[120],"fits":[121],"all":[122],"approach":[123,167],"identifying":[125],"receiving":[131],"more":[132,187],"than":[134],"necessary,":[136],"necessary":[140],"examine":[142],"them":[143],"in":[144,163,247],"context":[146],"organisation":[149],"establish":[151],"their":[152],"individual":[153],"risk":[154,177,199,220],".":[155],"Risk":[156],"binary":[160],"measure":[161],"and,":[162],"work,":[165],"built":[169],"using":[170,251],"Fuzzy":[171],"Logic":[172],"determine":[174,218],"overall":[176],"rating,":[178],"which":[179,228],"can":[180],"then":[181,257],"used":[183],"make":[185],"informed":[188],"decision":[189],"as":[190,215],"whether":[192],"user":[194,213,268],"presenting":[198],"organisation.":[202],"requires":[204],"exploratory":[206],"use":[207],"establishing":[209],"resource":[210],"sensitivity":[211],"trust":[214],"measures":[216],"rating.":[221],"The":[222],"paper":[223],"presents":[224],"generic":[226],"solution,":[227],"been":[230],"implemented":[231],"perform":[233],"experimental":[234],"analysis":[235],"Microsoft\u2019s":[237],"New":[238],"Technology":[239],"File":[240],"System":[241],"show":[243],"how":[244,261],"works":[246],"practice.":[248],"A":[249],"simulation":[250],"expert":[252],"knowledge":[253],"comparison":[255],"performed":[258],"demonstrate":[260],"effective":[262],"at":[265],"helping":[266],"identify":[269],"potential":[270]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":3}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}