Effective Collaboration in the Management of Access Control Policies: A Survey of Tools
<p dir="ltr">Access control (AC) tools implement security policies for controlling access to various assets, including file systems, physical resources, and social media posts. They are also used as pedagogical tools for exploring and understanding intricate details of complex securi...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| مؤلفون آخرون: | , , , |
| منشور في: |
2023
|
| الموضوعات: | |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| _version_ | 1864513527886118912 |
|---|---|
| author | Rachael Fernandez (17545686) |
| author2 | Peter C.-H. Cheng (17947769) Armstrong Nhlabatsi (17773473) Khaled Md. Khan (17947772) Noora Fetais (16084859) |
| author2_role | author author author author |
| author_facet | Rachael Fernandez (17545686) Peter C.-H. Cheng (17947769) Armstrong Nhlabatsi (17773473) Khaled Md. Khan (17947772) Noora Fetais (16084859) |
| author_role | author |
| dc.creator.none.fl_str_mv | Rachael Fernandez (17545686) Peter C.-H. Cheng (17947769) Armstrong Nhlabatsi (17773473) Khaled Md. Khan (17947772) Noora Fetais (16084859) |
| dc.date.none.fl_str_mv | 2023-02-06T03:00:00Z |
| dc.identifier.none.fl_str_mv | 10.1109/access.2023.3242863 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/journal_contribution/Effective_Collaboration_in_the_Management_of_Access_Control_Policies_A_Survey_of_Tools/25204184 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Engineering Electrical engineering Electronics, sensors and digital hardware Materials engineering Access control Collaboration Visualization Task analysis Semantics Face recognition Complexity theory |
| dc.title.none.fl_str_mv | Effective Collaboration in the Management of Access Control Policies: A Survey of Tools |
| dc.type.none.fl_str_mv | Text Journal contribution info:eu-repo/semantics/publishedVersion text contribution to journal |
| description | <p dir="ltr">Access control (AC) tools implement security policies for controlling access to various assets, including file systems, physical resources, and social media posts. They are also used as pedagogical tools for exploring and understanding intricate details of complex security policies. However, current tools are not developed based on the actual needs of security and policy professionals. They are not equipped to support basic and vital operations like providing a policy overview, policy comparisons, identifying and resolving policy conflicts. In this paper, we explore (a) the specific challenges faced in the collaboration between access control policy makers and implementers, and (b) the limitations that current tools have towards addressing these challenges. We argue that a lack of effective collaboration between policy makers and implementers may lead to a misunderstanding of security policy semantics. The main reason for this problem is that policy makers and implementers use different technical languages for communication. The lack of a common technical language leads to a miscommunication between the two parties. The key aim of our work is to review the currently available research-based access control tools and to identify their pros and cons. To accomplish this, we have reviewed a set of access control tools that have a wide variety of features and applications. We have also identified a set of tasks that these access control tools possess to help the work of policy professionals who are involved in the creation, management and maintenance of security policies. We also compared the functionalities of these tools, the different types of security policies that they support, and their visualizations. Together, these comparisons provide a clear understanding of what current access control systems lack and how they can be improved in order to support effective collaboration between policy makers and policy implementers. We have also found that many of these tools could be more accessible to non-technical policy professionals to understand the semantics of security policies if these tools provide features for visualizing security policies.</p><h2>Other Information</h2><p dir="ltr">Published in: IEEE Access<br>License: <a href="http://creativecommons.org/licenses/by/4.0" target="_blank">http://creativecommons.org/licenses/by/4.0</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1109/access.2023.3242863" target="_blank">https://dx.doi.org/10.1109/access.2023.3242863</a></p> |
| eu_rights_str_mv | openAccess |
| id | Manara2_d90721e95624d67f30bbe8720444546f |
| identifier_str_mv | 10.1109/access.2023.3242863 |
| network_acronym_str | Manara2 |
| network_name_str | Manara2 |
| oai_identifier_str | oai:figshare.com:article/25204184 |
| publishDate | 2023 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | Effective Collaboration in the Management of Access Control Policies: A Survey of ToolsRachael Fernandez (17545686)Peter C.-H. Cheng (17947769)Armstrong Nhlabatsi (17773473)Khaled Md. Khan (17947772)Noora Fetais (16084859)EngineeringElectrical engineeringElectronics, sensors and digital hardwareMaterials engineeringAccess controlCollaborationVisualizationTask analysisSemanticsFace recognitionComplexity theory<p dir="ltr">Access control (AC) tools implement security policies for controlling access to various assets, including file systems, physical resources, and social media posts. They are also used as pedagogical tools for exploring and understanding intricate details of complex security policies. However, current tools are not developed based on the actual needs of security and policy professionals. They are not equipped to support basic and vital operations like providing a policy overview, policy comparisons, identifying and resolving policy conflicts. In this paper, we explore (a) the specific challenges faced in the collaboration between access control policy makers and implementers, and (b) the limitations that current tools have towards addressing these challenges. We argue that a lack of effective collaboration between policy makers and implementers may lead to a misunderstanding of security policy semantics. The main reason for this problem is that policy makers and implementers use different technical languages for communication. The lack of a common technical language leads to a miscommunication between the two parties. The key aim of our work is to review the currently available research-based access control tools and to identify their pros and cons. To accomplish this, we have reviewed a set of access control tools that have a wide variety of features and applications. We have also identified a set of tasks that these access control tools possess to help the work of policy professionals who are involved in the creation, management and maintenance of security policies. We also compared the functionalities of these tools, the different types of security policies that they support, and their visualizations. Together, these comparisons provide a clear understanding of what current access control systems lack and how they can be improved in order to support effective collaboration between policy makers and policy implementers. We have also found that many of these tools could be more accessible to non-technical policy professionals to understand the semantics of security policies if these tools provide features for visualizing security policies.</p><h2>Other Information</h2><p dir="ltr">Published in: IEEE Access<br>License: <a href="http://creativecommons.org/licenses/by/4.0" target="_blank">http://creativecommons.org/licenses/by/4.0</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1109/access.2023.3242863" target="_blank">https://dx.doi.org/10.1109/access.2023.3242863</a></p>2023-02-06T03:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1109/access.2023.3242863https://figshare.com/articles/journal_contribution/Effective_Collaboration_in_the_Management_of_Access_Control_Policies_A_Survey_of_Tools/25204184CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/252041842023-02-06T03:00:00Z |
| spellingShingle | Effective Collaboration in the Management of Access Control Policies: A Survey of Tools Rachael Fernandez (17545686) Engineering Electrical engineering Electronics, sensors and digital hardware Materials engineering Access control Collaboration Visualization Task analysis Semantics Face recognition Complexity theory |
| status_str | publishedVersion |
| title | Effective Collaboration in the Management of Access Control Policies: A Survey of Tools |
| title_full | Effective Collaboration in the Management of Access Control Policies: A Survey of Tools |
| title_fullStr | Effective Collaboration in the Management of Access Control Policies: A Survey of Tools |
| title_full_unstemmed | Effective Collaboration in the Management of Access Control Policies: A Survey of Tools |
| title_short | Effective Collaboration in the Management of Access Control Policies: A Survey of Tools |
| title_sort | Effective Collaboration in the Management of Access Control Policies: A Survey of Tools |
| topic | Engineering Electrical engineering Electronics, sensors and digital hardware Materials engineering Access control Collaboration Visualization Task analysis Semantics Face recognition Complexity theory |