{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T21:58:14Z","timestamp":1725832694405},"publisher-location":"Cham","reference-count":41,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319261478"},{"type":"electronic","value":"9783319261485"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26148-5_45","type":"book-chapter","created":{"date-parts":[[2015,10,14]],"date-time":"2015-10-14T01:50:57Z","timestamp":1444787457000},"page":"660-676","source":"Crossref","is-referenced-by-count":6,"title":["Balancing Trust and Risk in Access Control"],"prefix":"10.1007","author":[{"given":"Alessandro","family":"Armando","sequence":"first","affiliation":[]},{"given":"Michele","family":"Bezzi","sequence":"additional","affiliation":[]},{"given":"Francesco","family":"Di Cerbo","sequence":"additional","affiliation":[]},{"given":"Nadia","family":"Metoui","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,10,28]]},"reference":[{"key":"45_CR1","unstructured":"Trabelsi, S., Ecuyer, A., Alvarez, P.C.Y., Di Cerbo, F.: Optimizing access control performance for the cloud. In: Helfert, M., Desprez, F., Ferguson, D., Leymann, F., Mu\u00f1oz, V.M. (eds.): CLOSER 2014 - Proceedings of the 4th International Conference on Cloud Computing and Services Science, Barcelona, Spain, April 3\u20135, 2014, 551\u2013558. SciTePress (2014)"},{"key":"45_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1007\/978-3-642-29963-6_11","volume-title":"Security and Trust Management","author":"L Chen","year":"2012","unstructured":"Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140\u2013156. Springer, Heidelberg (2012)"},{"key":"45_CR3","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1016\/j.cose.2013.08.001","volume":"39","author":"N Baracaldo","year":"2013","unstructured":"Baracaldo, N., Joshi, J.: An adaptive risk management and access control framework to mitigate insider threats. Computers and Security 39, 237\u2013254 (2013)","journal-title":"Computers and Security"},{"issue":"2","key":"45_CR4","doi-asserted-by":"publisher","first-page":"618","DOI":"10.1016\/j.dss.2005.05.019","volume":"43","author":"A Josang","year":"2007","unstructured":"Josang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems 43(2), 618\u2013644 (2007). Emerging Issues in Collaborative Commerce","journal-title":"Decision Support Systems"},{"key":"45_CR5","unstructured":"Mcknight, D.H., Chervany, N.L.: The meanings of trust. Technical report (1996)"},{"key":"45_CR6","unstructured":"Gambetta, D.: Can we trust trust? In: Trust: Making and Breaking Cooperative Relations 213\u2013237. Basil Blackwell (1988)"},{"issue":"1","key":"45_CR7","doi-asserted-by":"crossref","first-page":"21","DOI":"10.3233\/RDA-2008-0002","volume":"1","author":"E Celikel","year":"2009","unstructured":"Celikel, E., Kantarcioglu, M., Thuraisingham, B., Bertino, E.: A risk management approach to RBAC. Risk Decis. Anal. 1(1), 21\u201333 (2009)","journal-title":"Risk Decis. Anal."},{"key":"45_CR8","unstructured":"ISO: Iec 27005: 2011 (en) information technology-security techniques-information security risk management switzerland. ISO\/IEC (2011)"},{"key":"45_CR9","doi-asserted-by":"crossref","unstructured":"Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 222\u2013230 (2007)","DOI":"10.1109\/SP.2007.21"},{"issue":"9","key":"45_CR10","doi-asserted-by":"publisher","first-page":"1622","DOI":"10.1016\/j.jss.2009.08.023","volume":"83","author":"SH Houmb","year":"2010","unstructured":"Houmb, S.H., Franqueira, V.N.L., Engum, E.A.: Quantifying security risk level from cvss estimates of frequency and impact. J. Syst. Softw. 83(9), 1622\u20131634 (2010)","journal-title":"J. Syst. Softw."},{"key":"45_CR11","unstructured":"Moses, T., et al.: extensible access control markup language (xacml) version 2.0. Oasis Standard 200502 (2005)"},{"key":"45_CR12","unstructured":"Council of Europe: Handbook on european data protection law. Technical report (2014)"},{"key":"45_CR13","doi-asserted-by":"crossref","unstructured":"Scholl, M.A., Stine, K.M., Hash, J., Bowen, P., Johnson, L.A., Smith, C.D., Steinberg, D.I.: Sp 800\u201366 rev. 1. an introductory resource guide for implementing the health insurance portability and accountability act (HIPAA) security rule. Technical report (2008)","DOI":"10.6028\/NIST.SP.800-66r1"},{"issue":"2","key":"45_CR14","first-page":"161","volume":"6","author":"C Clifton","year":"2013","unstructured":"Clifton, C., Tassa, T.: On syntactic anonymity and differential privacy. Trans. Data Privacy 6(2), 161\u2013183 (2013)","journal-title":"Trans. Data Privacy"},{"key":"45_CR15","unstructured":"Dalenius, T.: Finding a needle in a haystack-or identifying anonymous census record. Journal of official statistics 2(3) (1986)"},{"issue":"3","key":"45_CR16","first-page":"199","volume":"3","author":"M Bezzi","year":"2010","unstructured":"Bezzi, M.: An information theoretic approach for privacy metrics. Transactions on Data Privacy 3(3), 199\u2013215 (2010)","journal-title":"Transactions on Data Privacy"},{"issue":"6","key":"45_CR17","doi-asserted-by":"publisher","first-page":"1010","DOI":"10.1109\/69.971193","volume":"13","author":"P Samarati","year":"2001","unstructured":"Samarati, P.: Protecting respondents\u2019 identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010\u20131027 (2001)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"issue":"4","key":"45_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1749603.1749605","volume":"42","author":"BCM Fung","year":"2010","unstructured":"Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: A survey of recent developments. ACM Comput. Surv. 42(4), 1\u201353 (2010)","journal-title":"ACM Comput. Surv."},{"key":"45_CR19","doi-asserted-by":"crossref","unstructured":"Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Theory of privacy and anonymity. In: Atallah, M., Blanton, M. (eds.) Algorithms and Theory of Computation Handbook (2nd edn). CRC Press (2009)","DOI":"10.1201\/9781584888215-c18"},{"key":"45_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"266","DOI":"10.1007\/978-3-319-17016-9_17","volume-title":"Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance","author":"A Armando","year":"2015","unstructured":"Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-aware information disclosure. In: Garcia-Alfaro, J., Herrera-Joancomart\u00ed, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM\/SETOP\/QASA 2014. LNCS, vol. 8872, pp. 266\u2013276. Springer, Heidelberg (2015)"},{"key":"45_CR21","unstructured":"Committee on Strategies for Responsible Sharing of Clinical Trial Data: Sharing Clinical Trial Data: Maximizing Benefits, Minimizing Risk. National Academies Press (US), Washington (DC) (2015)"},{"key":"45_CR22","doi-asserted-by":"crossref","unstructured":"Mont, M.C., Beato, F.: On parametric obligation policies: enabling privacy-aware information lifecycle management in enterprises. In: Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007, pp. 51\u201355. IEEE (2007)","DOI":"10.1109\/POLICY.2007.30"},{"key":"45_CR23","unstructured":"Ali, M., Bussard, L., Pinsdorf, U.: Obligation language for access control and privacy policies (2010)"},{"key":"45_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-3-540-45215-7_2","volume-title":"Computer Network Security","author":"R Sandhu","year":"2003","unstructured":"Sandhu, R., Park, J.: Usage control: a vision for next generation access control. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17\u201331. Springer, Heidelberg (2003)"},{"issue":"4","key":"45_CR25","doi-asserted-by":"crossref","first-page":"369","DOI":"10.3233\/JCS-2008-0328","volume":"16","author":"CA Ardagna","year":"2008","unstructured":"Ardagna, C.A., Cremonini, M., Capitani di Vimercati, S., Samarati, P.: A privacy-aware access control system. Journal of Computer Security 16(4), 369\u2013397 (2008)","journal-title":"Journal of Computer Security"},{"issue":"9","key":"45_CR26","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/1151030.1151053","volume":"49","author":"A Pretschner","year":"2006","unstructured":"Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Communications of the ACM 49(9), 39\u201344 (2006)","journal-title":"Communications of the ACM"},{"key":"45_CR27","doi-asserted-by":"crossref","unstructured":"Di Cerbo, F., Doliere, F., Gomez, L., Trabelsi, S.: Ppl v2.0: uniform data access and usage control on cloud and mobile. In: Proceedings of the 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity, IEEE (2015)","DOI":"10.1109\/TELERISE.2015.9"},{"key":"45_CR28","doi-asserted-by":"crossref","unstructured":"Trabelsi, S., Sendor, J., Reinicke, S.: Ppl: primelife privacy policy engine. In: 2011 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pp. 184\u2013185, June 2011","DOI":"10.1109\/POLICY.2011.24"},{"issue":"3","key":"45_CR29","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1145\/501978.501979","volume":"4","author":"E Bertino","year":"2001","unstructured":"Bertino, E., Bonatti, P.A., Ferrari, E.: Trbac: A temporal role-based access control model. ACM Trans. Inf. Syst. Secur. 4(3), 191\u2013233 (2001)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"45_CR30","doi-asserted-by":"crossref","unstructured":"Bonatti, P., Galdi, C., Torres, D.: Erbac: event-driven rbac. In: Proceedings of the 18th ACM Symposium on Access Control Models and Technologies. SACMAT 2013. ACM NY (2013)","DOI":"10.1145\/2462410.2462415"},{"key":"45_CR31","doi-asserted-by":"crossref","unstructured":"Ahmed, A., Zhang, N.: A context-risk-aware access control model for ubiquitous environments. In: IMCSIT. IEEE (2008)","DOI":"10.1109\/IMCSIT.2008.4747331"},{"key":"45_CR32","doi-asserted-by":"crossref","unstructured":"Chen, L., Crampton, J., Kollingbaum, M.J., Norman, T.J.: Obligations in risk-aware access control. In: Cuppens-Boulahia, N., Fong, P., Garc\u00eda-Alfaro, J., Marsh, S., Stegh\u00f6fer, J. (eds.) PST, pp. 145\u2013152. IEEE (2012)","DOI":"10.1109\/PST.2012.6297931"},{"key":"45_CR33","doi-asserted-by":"crossref","unstructured":"Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: IEEE Symposium on Security and Privacy, pp. 222\u2013230. IEEE Computer Society (2007)","DOI":"10.1109\/SP.2007.21"},{"key":"45_CR34","unstructured":"Dickens, L., Russo, A., Cheng, P.C., Lobo, J.: Towards learning risk estimation functions for access control. In: In Snowbird Learning Workshop (2010)"},{"key":"45_CR35","unstructured":"Shaikh, R.A., Adi, K., Logrippo, L.: Dynamic risk-based decision methods for access control systems 31, 447\u2013464 (2012)"},{"issue":"2","key":"45_CR36","doi-asserted-by":"publisher","first-page":"70","DOI":"10.4018\/IJSSE.2015040104","volume":"6","author":"A Armando","year":"2015","unstructured":"Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-based privacy-aware information disclosure. International Journal of Secure Software Engineering (IJSSE) 6(2), 70\u201389 (2015)","journal-title":"International Journal of Secure Software Engineering (IJSSE)"},{"key":"45_CR37","doi-asserted-by":"crossref","unstructured":"Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy management and security applications. In: Proceedings of the 28th International Conference on Very Large Data Bases. VLDB 2002, pp. 502\u2013513. VLDB Endowment (2002)","DOI":"10.1016\/B978-155860869-6\/50051-2"},{"key":"45_CR38","doi-asserted-by":"crossref","unstructured":"Baracaldo, N., Joshi, J.: Beyond accountability: Using obligations to reduce risk exposure and deter insider attacks. In: Proceedings of the 18th ACM Symposium on Access Control Models and Technologies, SACMAT 2013, pp. 213\u2013224. ACM, New York (2013)","DOI":"10.1145\/2462410.2462411"},{"key":"45_CR39","doi-asserted-by":"crossref","unstructured":"Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K.: Using trust and risk in role-based access control policies. In: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies. SACMAT 2004, pp. 156\u2013162. ACM, New York (2004)","DOI":"10.1145\/990036.990062"},{"key":"45_CR40","unstructured":"Shah, A., Dahake, S., J., S.H.H.: Valuing data security and privacy using cyber insurance. SIGCAS Comput. Soc. 45(1), 38\u201341 (2015)"},{"key":"45_CR41","doi-asserted-by":"crossref","unstructured":"Kelley, P., Komanduri, S., Mazurek, M., Shay, R., Vidas, T., Bauer, L., Christin, N., Cranor, L., Lopez, J.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 523\u2013537 (2012)","DOI":"10.1109\/SP.2012.38"}],"container-title":["Lecture Notes in Computer Science","On the Move to Meaningful Internet Systems: OTM 2015 Conferences"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26148-5_45","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,9,9]],"date-time":"2020-09-09T14:59:41Z","timestamp":1599663581000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26148-5_45"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319261478","9783319261485"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26148-5_45","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}