Abstract
Planned organisational changes are frequent occurrences in large enterprises due to the dynamicity of employees’ roles, evolution of teams, units and divisions as a result of mergers, demergers, and general restructuring. To safeguard system security and employees’ productivity, it is paramount for system administrators to keep track and remediate all users’ changing access needs. This paper studies the impact of (planned) organisational changes on the access privileges of employees in line with access control policies. Our solution, Acumen, uses binary decision diagrams (BDDs) to encode XACML policies via a Boolean function conversion, and performs semantic interpretation of organisational changes for analysis over the BDDs. The BDD structure is versatile, enabling succinct representation as well as effective and efficient symbolic operations and visualisation. We demonstrate the efficacy of Acumen with two data sets via a series of case studies on: a) a commonly used benchmark access control policy data in the literature; and b) a proprietary data set containing planned organisational changes in a large real-world financial institution with a dynamic business environment. The empirically results show Acumen to be effective and efficient.
S. Kwashie, W. Kang, and S. Santhosh Kumar—Equal contributions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agrawal, D., Giles, J., Lee, K., Lobo, J.: Policy ratification. In: Proceedings of Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, Los Alamitos, CA, USA, pp. 223–232. IEEE Computer Society (2005)
Barrett, C., Tinelli, C.: Satisfiability modulo theories. In: Clarke, E., Henzinger, T., Veith, H., Bloem, R. (eds.) Handbook of Model Checking, pp. 305–343. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_11
ter Beek, M., Gnesi, S., Montangero, C., Semini, L.: Detecting policy conflicts by model checking UML state machines, pp. 59–74 (2009)
Brace, K.S., Rudell, R.L., Bryant, R.E.: Efficient implementation of a BDD package. In: Proceedings of the 27th ACM/IEEE Conference on Design Automation, pp. 40–45. IEEE/ACM, ACM Press (1991)
Bryant, R.E.: Binary decision diagrams. In: Clarke, E., Henzinger, T., Veith, H., Bloem, R. (eds.) Handbook of Model Checking, pp. 191–217. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_7
Clarke, E.M., Henzinger, T.A., Veith, H., Bloem, R.: Handbook of Model Checking, 1st edn. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8
Craven, R., Lobo, J., Ma, J., Russo, A., Lupu, E., Bandara, A.: Expressive policy analysis with enhanced system dynamicity. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 239–250 (2009)
van Dijk, T., Pol, J.: Sylvan: multi-core framework for decision diagrams. Int. J. Softw. Tools Technol. Transf. 19, 675–696 (2017)
Knuth, D.E.: The Art of Computer Programming, vol. 4A, 6th edn. Addison-Wesley, Boston (2015)
Filippidis, I., Haesaert, S., Livingston, S.C., Wenzel, M.: California Institute of Technology (2022)
Fisler, K., Krishnamurthi, S., Meyerovich, L., Tschantz, M.: Verification and change-impact analysis of access-control policies, pp. 196–205 (2005)
Jabal, A.A., et al.: Methods and tools for policy analysis. ACM Comput. Surv. (CSUR) 51(6), 1–35 (2019)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: On the specification and evolution of access control policies. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, SACMAT 2001, pp. 121–130. Association for Computing Machinery, New York (2001)
Kolovski, V., Hendler, J., Parsia, B.: Analyzing web access control policies. In: Proceedings of the 16th International Conference on World Wide Web, pp. 677–686 (2007)
Lin, D., Rao, P., Bertino, E., Li, N., Lobo, J.: Exam: a comprehensive environment for the analysis of access control policies. Int. J. Inf. Secur. 9(4), 253–273 (2010)
Lin, D., Rao, P., Bertino, E., Lobo, J.: An approach to evaluate policy similarity. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 1–10 (2007)
Martin, E., Xie, T.: A fault model and mutation testing of access control policies. In: Proceedings of the 16th International Conference on World Wide Web, pp. 667–676 (2007)
Minato, S.I., Ishiura, N., Yajima, S.: Shared binary decision diagram with attributed edges for efficient boolean function manipulation, vol. VLD89, pp. 52–57 (1990)
OASIS: extensible access control markup language (XACML) (2013)
Rice, M., Kulhari, S.: A survey of static variable ordering heuristics for efficient BDD/MDD construction. University of California, Technical report (2008)
Rudell, R.: Dynamic variable ordering for ordered binary decision diagrams. In: Proceedings of the 1993 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 1993, pp. 42–47. IEEE Computer Society Press, Washington, DC (1993)
Sandhu, R., Ferraiolo, D., Kuhn, R., et al.: The NIST model for role-based access control: towards a unified standard. In: ACM Workshop on Role-Based Access Control, vol. 10 (2000)
Shu, C.C., Yang, E., Arenas, A.: Detecting conflicts in ABAC policies with rule-reduction and binary-search techniques, pp. 182–185 (2009)
Turkmen, F., den Hartog, J., Ranise, S., Zannone, N.: Analysis of XACML policies with SMT. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 115–134. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46666-7_7
Xu, Z., Stoller, S.D.: Mining attribute-based access control policies. IEEE Trans. Dependable Secure Comput. 12(5), 533–545 (2015)
Acknowledgement
The work has been supported by the Cyber Security Research Centre Limited whose activities are partially funded by the Australian Government’s Cooperative Research Centres Programme.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Distribution of Entitlements and Its Implications
Here, we present a t-SNE plot to illustrate the distribution of entitlements in high dimensional user-profile feature space; and discuss its implications and the necessity for automated change analysis.
A t-SNE plot of entitlements.
Figure 7 is generated using 20% of randomly selected samples from DS1. It has over 837K dots (with overlapping) which seem to be randomly and evenly distributed in a sphere, where each dot is an entitlement instance and the colours represent the entitlement IDs. Among the 837K entitlement instances, there are over 60K unique entitlements – as one entitlement can be assigned to multiple subjects (e.g., users). Clearly, dots with dark colours dominate, meaning that the entitlements with smaller IDs are assigned much more frequently. According to our distribution analysis, the first 270 entitlements accounts for 50% of the total instances, and the first 5000 entitlements 75%. As the most common 270 entitlements appear in half of the instances, on average each of these entitlements will be assigned to roughly 1550 users. Thus, a single organisational change can affect the profiles of users, and consequently the access of an average of 1550 users can be impacted, rendering manual maintenance of access entitlements and analysis of change impact infeasible.
B The Project Management Policy: A Case Study
DS2 is an ABAC policy data for a project management system used in [25]. However, the access control rules are not strictly represented using attribute expressions in the form of \(a \vartriangleright v\) as we do in this work. Thus, we transformed the rules into their attribute expression equivalent so that they can be analysed by our algorithms. We refer interested readers to [25] for the complete dataset.
1.1 B.1 Policy Rules, Users and Resource Data
The original DS2 consists of 11 policies. For ease of comprehension, we use a single policy from the set for this discussion. The chosen policy’s tenet in natural language format as they appear in [25] states: “an employee working on a project can read and request to work on any task whose required areas of expertise are among his/her areas of expertise”.
We represent this policy by a set of eight rules, using the attribute expression in Sect. 2.1. Snippets of relevant users attribute data and resource attribute data in Tables 6 and 7 respectively, that support our discussion.
1.2 B.2 Change BDD
The BDD to support the case study in Sect. 6.3 is presented in Fig. 8. In Fig. 8(b), we can see two roots. The subgraph rooted at node @-1 captures the change BDD for rules changing from not applicable to applicable. On the other hand, the other subgraph rooted at @13 shows the change BDD capturing rules impacted from applicable to not applicable. To find those rules, we search for all the paths connecting any number of the indicator nodes down to variable nodes that are connected with the terminal node with solid arrow(s). Then we can easily obtain the binary representations of the four impacted rule ids 4, 5, 6 and 7 by decoding the arrows in each path above and replacing the solid lined arrow (\(\rightarrow \)) with 1 and the dashed lined arrow (\(\rightharpoonup \)) with 0 respectively. Therefore, the entitlements related to rules 4, 5, 6 and 7 will be lost due to the change.
Change analysis using BDD
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kwashie, S., Kang, W., Santhosh Kumar, S., Jarrad, G., Camtepe, S., Nepal, S. (2024). Acumen: Analysing the Impact of Organisational Change on Users’ Access Entitlements. In: Tsudik, G., Conti, M., Liang, K., Smaragdakis, G. (eds) Computer Security – ESORICS 2023. ESORICS 2023. Lecture Notes in Computer Science, vol 14347. Springer, Cham. https://doi.org/10.1007/978-3-031-51482-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-51482-1_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51481-4
Online ISBN: 978-3-031-51482-1
eBook Packages: Computer ScienceComputer Science (R0)