Abstract
Role-Based Access Control (RBAC) policies are at the core of Cybersecurity as they ease the enforcement of basic security principles, e.g., Least Privilege and Separation of Duties. As ICT systems and business processes evolve, RBAC policies have to be updated to prevent unauthorised access to resources by capturing errors and misalignments between the current policy and reality. However, such update process is a human-intensive activity and it is expected to meet specific constraints. This paper proposes a semi-automatic RBAC maintenance process to fix and refine an RBAC state when “exceptions” and “violations” are detected. Exceptions are permissions some users realise they miss that are instrumental to their job and should be granted as soon as possible, while violations are permissions that have to be revoked since they are no longer required by their current owners. We propose a formalisation for the maintenance process which fixes single and multiple exceptions and violations by balancing two conflicting objectives, i.e., (i) optimising the current RBAC state, and (ii) reducing the transition cost. Our approach is based on a Max-SAT formalisation of the constraint-based optimisation problem, and on PDDL planning to define the transition strategy with minimum cost. Our implementation relies on incomplete Max-SAT solvers and satisficing PDDL planners which provide approximations of optimal solutions. Experiments along with a comparative evaluation show good performance on real-world benchmarks.
Highlights
Granting access based on direct assignments of permissions to users is highly inefficient for large-scale organisations, where complex business processes and numerous human resources are involved
Given (i) the input Role-Based Access Control (RBAC) state UA0, PA0, (ii) the exceptions list E to incorporate and the violations to remove in V, and (iii) some specific values for the parameters β, k+, and k−, we submit to a Maximum Satisfiability problem (Max-SAT) solver the hard clauses (14) plus the soft clauses (16)
Validation we validate our maintenance process (i) at a small-scale in “Maintenance of our working example” section, where we apply it to our motivating example from “A working example” section; (ii) at a larger scale in “Experimental evaluation” section, where we present experimental results showing its viability in real-word cases
Summary
Granting access based on direct assignments of permissions to users is highly inefficient for large-scale organisations, where complex business processes and numerous human resources are involved. Given (i) the input RBAC state UA0, PA0 , (ii) the exceptions list E to incorporate and the violations to remove in V, and (iii) some specific values for the parameters β, k+, and k−, we submit to a Max-SAT solver the hard clauses (14) plus the soft clauses (16).
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.