Data di Pubblicazione:
2025
Citazione:
Supporting Delegation in Outsourced ICA Process / S. De Capitani Di Vimercati, S. Foresti, S. Paraboschi, S. Petrilli, P. Samarati (LECTURE NOTES IN COMPUTER SCIENCE). - In: Data and Applications Security and Privacy XXXIX / [a cura di] S. Katsikas, B. Shafiq. - [s.l] : Springer, 2025. - ISBN 978-3-031-96589-0. - pp. 393-412 (( 39. IFIP WG 11.3 Annual Conference on Data and Applications Security and Privacy : June 23-24 Gjøvik (Norway) 2025 [10.1007/978-3-031-96590-6_21].
Abstract:
We consider the problem of enforcing corporate governance control relying on cloud-based services. Extending previous work, we focus in particular on the support of delegation of the director privileges, enabling their dynamic and temporary assignment to a vice-director. Like previous work, our control relies on encrypted tags, which are here extended addressing the challenges introduced by dynamic delegation which operates on a time dimension orthogonal to the corporate governance control process. Our solution enables delegation while ensuring a vice-director to enjoy the director privileges only when delegation is active and not to operate as director for operations the vice-director has processed as employee (separation of duties). Our tag construction ensures integrity of the dynamic delegation control and protection against tag tampering.
Tipologia IRIS:
03 - Contributo in volume
Keywords:
Cloud-based services; delegation; internal controls and audit process; outsourcing; separation of duties;
Elenco autori:
S. De Capitani Di Vimercati, S. Foresti, S. Paraboschi, S. Petrilli, P. Samarati
Link alla scheda completa:
Titolo del libro:
Data and Applications Security and Privacy XXXIX