{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T02:18:01Z","timestamp":1772158681722,"version":"3.50.1"},"publisher-location":"Cham","reference-count":19,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319070759","type":"print"},{"value":"9783319070766","type":"electronic"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-07076-6_6","type":"book-chapter","created":{"date-parts":[[2014,7,9]],"date-time":"2014-07-09T05:42:43Z","timestamp":1404884563000},"page":"80-90","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Towards Attribute-Based Access Control Policy Engineering Using Risk"],"prefix":"10.1007","author":[{"given":"Leanid","family":"Krautsevich","sequence":"first","affiliation":[]},{"given":"Aliaksandr","family":"Lazouski","sequence":"additional","affiliation":[]},{"given":"Fabio","family":"Martinelli","sequence":"additional","affiliation":[]},{"given":"Artsiom","family":"Yautsiukhin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2014,7,10]]},"reference":[{"issue":"3","key":"6_CR1","doi-asserted-by":"crossref","first-page":"261","DOI":"10.3233\/HSN-2006-290","volume":"15","author":"B Aziz","year":"2006","unstructured":"Aziz, B., Foley, S.N., Herbert, J., Swart, G.: Reconfiguring role based access control policies using risk semantics. J. High Speed Netw. 15(3), 261\u2013273 (2006)","journal-title":"J. High Speed Netw."},{"key":"6_CR2","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511804441","volume-title":"Convex Optimization","author":"S Boyd","year":"2004","unstructured":"Boyd, S., Vandenberghe, L.: Convex Optimization. Cambridge University Press, Cambridge (2004)"},{"issue":"1","key":"6_CR3","doi-asserted-by":"crossref","first-page":"21","DOI":"10.3233\/RDA-2008-0002","volume":"1","author":"E Celikel","year":"2009","unstructured":"Celikel, E., Kantarcioglu, M., Thuraisingham, B., Bertino, E.: Usage control in computer security: a survey. Risk Decis. Anal. 1(1), 21\u201333 (2009)","journal-title":"Risk Decis. Anal."},{"key":"6_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1007\/978-3-642-29963-6_11","volume-title":"Security and Trust Management","author":"L Chen","year":"2012","unstructured":"Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140\u2013156. Springer, Heidelberg (2012)"},{"issue":"4","key":"6_CR5","doi-asserted-by":"publisher","first-page":"715","DOI":"10.1016\/j.dss.2010.08.022","volume":"50","author":"A Colantonio","year":"2011","unstructured":"Colantonio, A., Pietro, R.D., Ocello, A., Verde, N.V.: A new role mining framework to elicit business roles and to mitigate enterprise risk. Decis. Support Syst. 50(4), 715\u2013731 (2011)","journal-title":"Decis. Support Syst."},{"key":"6_CR6","doi-asserted-by":"crossref","unstructured":"Diep, N.N., Hung, L.X., Zhung, Y., Lee, S., Lee, Y.-K., Lee, H.: Enforcing access control using risk assessment. In: Proceedings of the 4th European Conference on Universal Multiservice Networks, pp. 419\u2013424 (2007)","DOI":"10.1109\/ECUMN.2007.19"},{"key":"6_CR7","doi-asserted-by":"crossref","unstructured":"Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K.: Using trust and risk in role-based access control policies. In: Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, pp. 156\u2013162 (2004)","DOI":"10.1145\/990036.990062"},{"issue":"4","key":"6_CR8","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1016\/j.sysarc.2010.04.005","volume":"57","author":"D Ferraiolo","year":"2011","unstructured":"Ferraiolo, D., Atluri, V., Gavrila, S.: The policy machine: a novel architecture and framework for access control policy specification and enforcement. J. Syst. Architect. 57(4), 412\u2013424 (2011)","journal-title":"J. Syst. Architect."},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Frank, M, Buhmann, J.M., Basin, D.: On the definition of role mining. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, pp. 35\u201344. ACM","DOI":"10.1145\/1809842.1809851"},{"key":"6_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-31540-4_4","volume-title":"Data and Applications Security and Privacy XXVI","author":"X Jin","year":"2012","unstructured":"Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41\u201355. Springer, Heidelberg (2012)"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Krautsevich, L., Lazouski, A., Martinelli, F., Mori, P., Yautsiukhin, A.: Integration of quantitative methods for risk evaluation within usage control policies. In: Proceedings of 22nd International Conference on Computer Communications and Networks (2013) (to appear)","DOI":"10.1109\/ICCCN.2013.6614144"},{"issue":"2","key":"6_CR12","first-page":"223","volume":"7","author":"L Krautsevich","year":"2013","unstructured":"Krautsevich, L., Lazouski, A., Martinelli, F., Yautsiukhin, A.: Cost-effective enforcement of access and usage control policies under uncertainties. IEEE Syst. J. Spec. Issue Secur. Priv. Complex Syst. 7(2), 223\u2013235 (2013)","journal-title":"IEEE Syst. J. Spec. Issue Secur. Priv. Complex Syst."},{"key":"6_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/978-3-642-28879-1_14","volume-title":"Data Privacy Management and Autonomous Spontaneus Security","author":"L Krautsevich","year":"2012","unstructured":"Krautsevich, L., Martinelli, F., Morisset, C., Yautsiukhin, A.: Risk-based auto-delegation for probabilistic availability. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 206\u2013220. Springer, Heidelberg (2012)"},{"issue":"2","key":"6_CR14","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1016\/j.cosrev.2010.02.002","volume":"4","author":"A Lazouski","year":"2010","unstructured":"Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81\u201399 (2010)","journal-title":"Comput. Sci. Rev."},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Ni, Q., Bertino, E., Lobo, J.: Risk-based access control systems built on fuzzy inferences. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 250\u2013260 (2010)","DOI":"10.1145\/1755688.1755719"},{"key":"6_CR16","unstructured":"Nissanke, N., Khayat, E.J.: Risk based security analysis of permissions in RBAC. In: Proceedings of the 2nd International Workshop on Security in Information Systems, pp. 332\u2013341 (2004)"},{"key":"6_CR17","unstructured":"OASIS. eXtensible Access Control Markup Language (XACML) Version 3.0. http:\/\/www.oasis-open.org\/committees\/xacml"},{"key":"6_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-3-540-45215-7_2","volume-title":"Computer Network Security","author":"R Sandhu","year":"2003","unstructured":"Sandhu, R., Park, J.: Usage control: a vision for next generation access control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17\u201331. Springer, Heidelberg (2003)"},{"key":"6_CR19","unstructured":"Zhang, L., Brodsky, A., Jajodia, S.: Toward information sharing: Benefit and risk access control (BARAC). In: Proceedings of the 7th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 45\u201353 (2006)"}],"container-title":["Lecture Notes in Computer Science","Risk Assessment and Risk-Driven Testing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-07076-6_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,3]],"date-time":"2025-05-03T18:30:22Z","timestamp":1746297022000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-07076-6_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319070759","9783319070766"],"references-count":19,"aliases":["10.1007\/978-3-319-14114-5_6","10.1007\/978-3-319-14114-5_6"],"URL":"https:\/\/doi.org\/10.1007\/978-3-319-07076-6_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]},"assertion":[{"value":"10 July 2014","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}