ACM Transactions on Information and System Security (TISSEC)
Protection in operating systems
Communications of the ACM
The Journal of Machine Learning Research
Methods and limitations of security policy reconciliation
ACM Transactions on Information and System Security (TISSEC)
A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Overriding of Access Control in XACML
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
A theory for comparing the expressive power of access control models
Journal of Computer Security
IEEE Security and Privacy
Trustworthy Log Reconciliation for Distributed Virtual Organisations
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
An algebra for fine-grained integration of XACML policies
Proceedings of the 14th ACM symposium on Access control models and technologies
Access control policy combining: theory meets practice
Proceedings of the 14th ACM symposium on Access control models and technologies
Extending access control models with break-glass
Proceedings of the 14th ACM symposium on Access control models and technologies
Multi-assignment clustering for Boolean data
ICML '09 Proceedings of the 26th Annual International Conference on Machine Learning
We have met the enemy and he is us
Proceedings of the 2008 workshop on New security paradigms
A probabilistic approach to hybrid role mining
Proceedings of the 16th ACM conference on Computer and communications security
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
| Hi-index | 0.00 |
Organizations rarely define formal security properties or policies for their access control systems, often choosing to react to changing needs. This paper addresses the problem of reconciling entitlement usage with configured policies for multiple objectives: policy optimization and risk mitigation. Policies should remain up-to-date, maintaining least privilege, and using unambiguous constructs that reduce administrative stress. We describe a number of algorithms and heuristics, validated on real-world data, to address various aspects of reconciling access control policies with security audit logs. The first set of algorithms track and correlate which policy items enable which actions, using which we can identify over privileged entitlements, redundant policy items that may not be correctly revoked by administrators, rarely used entitlements, and overly permissive entitlements. They can help reduce administrative errors and general operational risk. The second body of work compares user groups defined in the policy with roles generated from the actual usage patterns, from which we derive quality and security measures for policy groups. Finally, we track policy changes through assignments and revocations and test precursors for such changes (e.g., a failed request before an assignment). Broadly speaking, this body of work presents different facets of continuous compliance to see if the enforced security policy and the resulting usage is consistent with a common intended security goal.