Role engineering for role-based access control (RBAC) is a process to define roles, permissions, constraints, and role hierarchies. The scenario-driven role engineering process pr...
Abstract. We devise a model for security investment that reflects dynamic interaction between a defender, who faces uncertainty, and an attacker, who repeatedly targets the weakes...
The need for controlled sharing of sensitive information occurs in many realistic everyday scenarios, ranging from critical (e.g., national security) to mundane (e.g., social netw...
In 2002, we established a baseline for Internet users’ online privacy values. Through a survey we found that information transfer, notice/awareness, and information storage were...