Show simple item record

AuthorFernandez, Rachael
AuthorCheng, Peter C.-H.
AuthorNhlabatsi, Armstrong
AuthorKhan, Khaled Md.
AuthorFetais, Noora
Available date2024-03-10T05:42:08Z
Publication Date2023
Publication NameIEEE Access
ResourceScopus
ISSN21693536
URIhttp://dx.doi.org/10.1109/ACCESS.2023.3242863
URIhttp://hdl.handle.net/10576/52813
AbstractAccess control (AC) tools implement security policies for controlling access to various assets, including file systems, physical resources, and social media posts. They are also used as pedagogical tools for exploring and understanding intricate details of complex security policies. However, current tools are not developed based on the actual needs of security and policy professionals. They are not equipped to support basic and vital operations like providing a policy overview, policy comparisons, identifying and resolving policy conflicts. In this paper, we explore (a) the specific challenges faced in the collaboration between access control policy makers and implementers, and (b) the limitations that current tools have towards addressing these challenges. We argue that a lack of effective collaboration between policy makers and implementers may lead to a misunderstanding of security policy semantics. The main reason for this problem is that policy makers and implementers use different technical languages for communication. The lack of a common technical language leads to a miscommunication between the two parties. The key aim of our work is to review the currently available research-based access control tools and to identify their pros and cons. To accomplish this, we have reviewed a set of access control tools that have a wide variety of features and applications. We have also identified a set of tasks that these access control tools possess to help the work of policy professionals who are involved in the creation, management and maintenance of security policies. We also compared the functionalities of these tools, the different types of security policies that they support, and their visualizations. Together, these comparisons provide a clear understanding of what current access control systems lack and how they can be improved in order to support effective collaboration between policy makers and policy implementers. We have also found that many of these tools could be more accessible to non-technical policy professionals to understand the semantics of security policies if these tools provide features for visualizing security policies.
Languageen
PublisherInstitute of Electrical and Electronics Engineers Inc.
SubjectAccess control
information visualization
security policy
TitleEffective Collaboration in the Management of Access Control Policies: A Survey of Tools
TypeArticle Review
Pagination13929-13947
Volume Number11
dc.accessType Abstract Only


Files in this item

FilesSizeFormatView

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record