{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:54:27Z","timestamp":1750308867854,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,6,20]],"date-time":"2012-06-20T00:00:00Z","timestamp":1340150400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,6,20]]},"DOI":"10.1145\/2295136.2295168","type":"proceedings-article","created":{"date-parts":[[2012,6,20]],"date-time":"2012-06-20T13:33:01Z","timestamp":1340199181000},"page":"167-176","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":29,"title":["A trust-and-risk aware RBAC framework"],"prefix":"10.1145","author":[{"given":"Nathalie","family":"Baracaldo","sequence":"first","affiliation":[{"name":"University of Pittsburgh, Pittsburgh, PA, USA"}]},{"given":"James","family":"Joshi","sequence":"additional","affiliation":[{"name":"University of Pittsburgh, Pittsburgh, PA, USA"}]}],"member":"320","published-online":{"date-parts":[[2012,6,20]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.5555\/645345.757505"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382913"},{"key":"e_1_3_2_1_3_1","volume-title":"Operationally critical threat, asset, and vulnerability evaluation (octave)","author":"Alberts C.","year":"1999","unstructured":"C. Alberts , S. Behrens , R. Pethia , and W. Wilson . Operationally critical threat, asset, and vulnerability evaluation (octave) , 1999 . C. Alberts, S. Behrens, R. Pethia, and W. Wilson. Operationally critical threat, asset, and vulnerability evaluation (octave), 1999."},{"key":"e_1_3_2_1_4_1","volume-title":"Journal of High Speed Networks: Special Issue on Managing Security Policies","author":"Aziz B.","year":"2006","unstructured":"B. Aziz , S. N. Foley , J. Herbert , and G. Swart . Reconfiguring role based access control policies using risk semantics . In Journal of High Speed Networks: Special Issue on Managing Security Policies , Modelling Verification and Configuration , 2006 . B. Aziz, S. N. Foley, J. Herbert, and G. Swart. Reconfiguring role based access control policies using risk semantics. In Journal of High Speed Networks: Special Issue on Managing Security Policies, Modelling Verification and Configuration, 2006."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.33"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/2029896.2029911"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/69.895801"},{"key":"e_1_3_2_1_8_1","volume-title":"November","author":"Celikel E.","year":"2009","unstructured":"E. Celikel , M. Kantarcioglu , X. Li , and E. Bertino . A Risk Management Approach to RBAC. Risk and Decision Analysis, 1(2) , November 2009 . E. Celikel, M. Kantarcioglu, X. Li, and E. Bertino. A Risk Management Approach to RBAC. Risk and Decision Analysis, 1(2), November 2009."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133058.1133067"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29963-6_11"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2007.190642"},{"key":"e_1_3_2_1_12_1","first-page":"159","volume-title":"Proc. of the Integrity and Internal Control in Information System","author":"Chung C. Y.","year":"1999","unstructured":"C. Y. Chung , M. Gertz , and K. Levitt . Demids: A misuse detection system for database systems . In Proc. of the Integrity and Internal Control in Information System , pp 159 -- 178 , 1999 . C. Y. Chung, M. Gertz, and K. Levitt. Demids: A misuse detection system for database systems. In Proc. of the Integrity and Internal Control in Information System, pp 159--178, 1999."},{"issue":"4","key":"e_1_3_2_1_13_1","first-page":"291","article-title":"Using conceptual graphs to represent database inference security analysis","volume":"4","author":"Delugach H. S.","year":"1994","unstructured":"H. S. Delugach and T. H. Hinke . Using conceptual graphs to represent database inference security analysis . Jour. Computing and Info. Tech. , 4 ( 4 ): 291 -- 307 , 1994 . H. S. Delugach and T. H. Hinke. Using conceptual graphs to represent database inference security analysis. Jour. Computing and Info. Tech., 4(4):291--307, 1994.","journal-title":"Jour. Computing and Info. Tech."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/990036.990062"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCC.2008.37"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"e_1_3_2_1_17_1","series-title":"Advances in Information Security","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1007\/978-0-387-77322-3_9","volume-title":"Insider Attack and Cyber Security","author":"Gligor V. D.","year":"2008","unstructured":"V. D. Gligor and C. S. Chandersekaran . Surviving insider attacks: A call for system experiments . In S. J. Stolfo, S. M. Bellovin, A. D. Keromytis, S. Hershkop, S. W. Smith, and S. Sinclair, editors, Insider Attack and Cyber Security , volume 39 of Advances in Information Security , pp. 153 -- 164 . Springer US , 2008 . V. D. Gligor and C. S. Chandersekaran. Surviving insider attacks: A call for system experiments. In S. J. Stolfo, S. M. Bellovin, A. D. Keromytis, S. Hershkop, S. W. Smith, and S. Sinclair, editors, Insider Attack and Cyber Security, volume 39 of Advances in Information Security, pp. 153--164. Springer US, 2008."},{"key":"e_1_3_2_1_18_1","unstructured":"IBM. Resource access control facility (racf) 2012. www-03.ibm.com\/systems\/z\/os\/zos\/features\/racf\/.  IBM. Resource access control facility (racf) 2012. www-03.ibm.com\/systems\/z\/os\/zos\/features\/racf\/."},{"key":"e_1_3_2_1_19_1","volume-title":"Csi computer crime and security survey","author":"C. S. Institute","year":"2010","unstructured":"C. S. Institute . Csi computer crime and security survey , 2010 . C. S. Institute. Csi computer crime and security survey, 2010."},{"key":"e_1_3_2_1_20_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"248","DOI":"10.1007\/978-3-540-47919-2_10","volume-title":"Petri Nets: Central Models and Their Properties","author":"Jensen K.","year":"1987","unstructured":"K. Jensen . Coloured petri nets . In W. Brauer, W. Reisig, and G. Rozenberg, editors, Petri Nets: Central Models and Their Properties , volume 254 of Lecture Notes in Computer Science , pp. 248 -- 299 . Springer Berlin \/ Heidelberg , 1987 . K. Jensen. Coloured petri nets. In W. Brauer, W. Reisig, and G. Rozenberg, editors, Petri Nets: Central Models and Their Properties, volume 254 of Lecture Notes in Computer Science, pp. 248--299. Springer Berlin \/ Heidelberg, 1987."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2010.5593248"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","DOI":"10.21236\/ADA482452","volume-title":"The \"big picture\" of insider it sabotage across u.s. critical infrastructures","author":"Moore A.","year":"2008","unstructured":"A. Moore , D. Cappelli , and T. R. The \"big picture\" of insider it sabotage across u.s. critical infrastructures , 2008 . CERT , http:\/\/www.cert.org\/insider_threat. A. Moore, D. Cappelli, and T. R. The \"big picture\" of insider it sabotage across u.s. critical infrastructures, 2008. CERT, http:\/\/www.cert.org\/insider_threat."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/820745.821158"},{"key":"e_1_3_2_1_24_1","first-page":"332","volume-title":"Proc. of the 2nd International Workshop on Security In Information Systems, Security In Information Systems","author":"Nissanke N.","year":"2004","unstructured":"N. Nissanke and E. J. Khayat . Risk based security analysis of permissions in rbac . In Proc. of the 2nd International Workshop on Security In Information Systems, Security In Information Systems , pp. 332 -- 341 . INSTICC Press , 2004 . N. Nissanke and E. J. Khayat. Risk based security analysis of permissions in rbac. In Proc. of the 2nd International Workshop on Security In Information Systems, Security In Information Systems, pp. 332--341. INSTICC Press, 2004."},{"volume-title":"Application access controls governor","year":"2012","key":"e_1_3_2_1_25_1","unstructured":"Oracle. Application access controls governor , 2012 . http:\/\/www.oracle.com\/us\/solutions\/corporate-governance\/access-controls\/index.html. Oracle. Application access controls governor, 2012. http:\/\/www.oracle.com\/us\/solutions\/corporate-governance\/access-controls\/index.html."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/354876.354878"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2011.11"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/286884.286891"},{"key":"e_1_3_2_1_29_1","unstructured":"SAP. Access risk management 2012. www.sap.com\/solutions\/sapbusinessobjects\/large\/governance-risk-compliance\/accessandauthorization.  SAP. Access risk management 2012. www.sap.com\/solutions\/sapbusinessobjects\/large\/governance-risk-compliance\/accessandauthorization."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-30","volume-title":"Risk management guide for information technology systems, recommendations of the national institute of standards and technology","author":"Stoneburner G.","year":"2002","unstructured":"G. Stoneburner , A. Goguen , and A. Feringa . Risk management guide for information technology systems, recommendations of the national institute of standards and technology , 2002 . G. Stoneburner, A. Goguen, and A. Feringa. Risk management guide for information technology systems, recommendations of the national institute of standards and technology, 2002."},{"key":"e_1_3_2_1_31_1","volume-title":"Identity and access governance","author":"Systems B.","year":"2012","unstructured":"B. Systems . Identity and access governance , 2012 . www.betasystems.com\/en\/portfolio\/identityaccessgovernance B. Systems. Identity and access governance, 2012. www.betasystems.com\/en\/portfolio\/identityaccessgovernance"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/794198.795101"},{"key":"e_1_3_2_1_33_1","volume-title":"Security risk assessment using octave\u00ae allegro, podcast's transcripts","author":"Young L.","year":"2008","unstructured":"L. Young and J. Allen . Security risk assessment using octave\u00ae allegro, podcast's transcripts , 2008 . L. Young and J. Allen. Security risk assessment using octave\u00ae allegro, podcast's transcripts, 2008."}],"event":{"name":"SACMAT '12: 17th ACM Symposium on Access Control Models and Technologies","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Newark New Jersey USA","acronym":"SACMAT '12"},"container-title":["Proceedings of the 17th ACM symposium on Access Control Models and Technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2295136.2295168","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2295136.2295168","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T21:15:09Z","timestamp":1750281309000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2295136.2295168"}},"subtitle":["tackling insider threat"],"short-title":[],"issued":{"date-parts":[[2012,6,20]]},"references-count":33,"alternative-id":["10.1145\/2295136.2295168","10.1145\/2295136"],"URL":"https:\/\/doi.org\/10.1145\/2295136.2295168","relation":{},"subject":[],"published":{"date-parts":[[2012,6,20]]},"assertion":[{"value":"2012-06-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}