Abstract
Role-Based Access Control (RBAC) policies are at the core of Cybersecurity as they ease the enforcement of basic security principles, e.g., Least Privilege and Separation of Duties. As ICT systems and business processes evolve, RBAC policies have to be updated to prevent unauthorised access to resources by capturing errors and misalignments between the current policy and reality. However, such update process is a human-intensive activity and it is expected to meet specific constraints. This paper proposes a semi-automatic RBAC maintenance process to fix and refine an RBAC state when “exceptions” and “violations” are detected. Exceptions are permissions some users realise they miss that are instrumental to their job and should be granted as soon as possible, while violations are permissions that have to be revoked since they are no longer required by their current owners. We propose a formalisation for the maintenance process which fixes single and multiple exceptions and violations by balancing two conflicting objectives, i.e., (i) optimising the current RBAC state, and (ii) reducing the transition cost. Our approach is based on a Max-SAT formalisation of the constraint-based optimisation problem, and on PDDL planning to define the transition strategy with minimum cost. Our implementation relies on incomplete Max-SAT solvers and satisficing PDDL planners which provide approximations of optimal solutions. Experiments along with a comparative evaluation show good performance on real-world benchmarks.
Highlights
Granting access based on direct assignments of permissions to users is highly inefficient for large-scale organisations, where complex business processes and numerous human resources are involved
Given (i) the input Role-Based Access Control (RBAC) state UA0, PA0, (ii) the exceptions list E to incorporate and the violations to remove in V, and (iii) some specific values for the parameters β, k+, and k−, we submit to a Maximum Satisfiability problem (Max-SAT) solver the hard clauses (14) plus the soft clauses (16)
Validation we validate our maintenance process (i) at a small-scale in “Maintenance of our working example” section, where we apply it to our motivating example from “A working example” section; (ii) at a larger scale in “Experimental evaluation” section, where we present experimental results showing its viability in real-word cases
Summary
Granting access based on direct assignments of permissions to users is highly inefficient for large-scale organisations, where complex business processes and numerous human resources are involved. Given (i) the input RBAC state UA0, PA0 , (ii) the exceptions list E to incorporate and the violations to remove in V, and (iii) some specific values for the parameters β, k+, and k−, we submit to a Max-SAT solver the hard clauses (14) plus the soft clauses (16).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
