Experience-based access management: A life-cycle framework for identity and access management systems

Carl Gunter; David Liebovitz; Bradley Malin

doi:10.1109/MSP.2011.72

Experience-based access management: A life-cycle framework for identity and access management systems

Carl Gunter, David Liebovitz, Bradley Malin

Research output: Contribution to journal › Article › peer-review

Abstract

Experience-based access management (EBAM) is a life-cycle model for identity and access management. It incorporates models, techniques, and tools to reconcile differences between the ideal access model, as judged by professional and legal standards, and the enforced access control, specific to the operational system. EBAM's principal component is an expected-access model that represents differences between the ideal and enforced models on the basis of access logs and other operational information. A technique called access rules informed by probabilities (ARIP) can aid EBAM in the context of healthcare organizations.

Original language	English (US)
Article number	5887313
Pages (from-to)	48-55
Number of pages	8
Journal	IEEE Security and Privacy
Volume	9
Issue number	5
DOIs	https://doi.org/10.1109/MSP.2011.72
State	Published - Sep 2011

Keywords

and protection
data engineering tools and techniques
integrity
privacy
public policy issues
security
security and privacy protection knowledge

ASJC Scopus subject areas

Computer Networks and Communications
Electrical and Electronic Engineering
Law

Online availability

10.1109/MSP.2011.72

Library availability

Discover UIUC Full Text

Cite this

@article{35c4a1ee01f64c85a76ea2fe9020105e,

title = "Experience-based access management: A life-cycle framework for identity and access management systems",

abstract = "Experience-based access management (EBAM) is a life-cycle model for identity and access management. It incorporates models, techniques, and tools to reconcile differences between the ideal access model, as judged by professional and legal standards, and the enforced access control, specific to the operational system. EBAM's principal component is an expected-access model that represents differences between the ideal and enforced models on the basis of access logs and other operational information. A technique called access rules informed by probabilities (ARIP) can aid EBAM in the context of healthcare organizations.",

keywords = "and protection, data engineering tools and techniques, integrity, privacy, public policy issues, security, security and privacy protection knowledge",

author = "Carl Gunter and David Liebovitz and Bradley Malin",

note = "Funding Information: Grants from the US National Coordinator for Health Information Technology (SHARPS; the Strategic Healthcare IT Advanced Research Projects on Security), US National Library of Medicine (1R01LM010207), and US National Science Foundation (CNS-0964063 and CCF-0424422) supported this research.",

year = "2011",

month = sep,

doi = "10.1109/MSP.2011.72",

language = "English (US)",

volume = "9",

pages = "48--55",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "5",

}

TY - JOUR

T1 - Experience-based access management

T2 - A life-cycle framework for identity and access management systems

AU - Gunter, Carl

AU - Liebovitz, David

AU - Malin, Bradley

N1 - Funding Information: Grants from the US National Coordinator for Health Information Technology (SHARPS; the Strategic Healthcare IT Advanced Research Projects on Security), US National Library of Medicine (1R01LM010207), and US National Science Foundation (CNS-0964063 and CCF-0424422) supported this research.

PY - 2011/9

Y1 - 2011/9

N2 - Experience-based access management (EBAM) is a life-cycle model for identity and access management. It incorporates models, techniques, and tools to reconcile differences between the ideal access model, as judged by professional and legal standards, and the enforced access control, specific to the operational system. EBAM's principal component is an expected-access model that represents differences between the ideal and enforced models on the basis of access logs and other operational information. A technique called access rules informed by probabilities (ARIP) can aid EBAM in the context of healthcare organizations.

AB - Experience-based access management (EBAM) is a life-cycle model for identity and access management. It incorporates models, techniques, and tools to reconcile differences between the ideal access model, as judged by professional and legal standards, and the enforced access control, specific to the operational system. EBAM's principal component is an expected-access model that represents differences between the ideal and enforced models on the basis of access logs and other operational information. A technique called access rules informed by probabilities (ARIP) can aid EBAM in the context of healthcare organizations.

KW - and protection

KW - data engineering tools and techniques

KW - integrity

KW - privacy

KW - public policy issues

KW - security

KW - security and privacy protection knowledge

UR - http://www.scopus.com/inward/record.url?scp=80053461711&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80053461711&partnerID=8YFLogxK

U2 - 10.1109/MSP.2011.72

DO - 10.1109/MSP.2011.72

M3 - Article

AN - SCOPUS:80053461711

SN - 1540-7993

VL - 9

SP - 48

EP - 55

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 5

M1 - 5887313

ER -

Experience-based access management: A life-cycle framework for identity and access management systems

Abstract

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this