The Library will be performing maintenance on UWSpace on September 4th, 2024. UWSpace will be offline for all UW community members during this time.
 

Secrecy Resilience of Authorization Policies and Its Application to Role Mining

Thumbnail Image

Files

Guo_Qiang.pdf (407.55 KB)

Date

2021-09-21

Authors

GUO, QIANG

Journal Title

Journal ISSN

Volume Title

Publisher

University of Waterloo

Abstract

We propose and study a new property that we call secrecy resilience in the context of authorization policies that are used to secure information systems. An authorization policy expresses whether a principal (e.g., a user or process) is allowed to exercise a privilege (e.g., read or write) on a resource (e.g., a device or file). Access control is a process by which authorizations are enforced. We address the problem that disclosure of portions of an authorization policy is a threat that needs to be mitigated and argue that the ease with which an adversary can learn such portions of a policy can be a property of the policy itself. We then introduce the term secrecy resilience as a quantitative measure of the computational hardness that such an adversary encounters. We instantiate secrecy resilience for authorization policy which could be expressed as access control policy and Role-Based Access Control (RBAC) policy, and more specifically, consider the problem of role mining, in which a policy expressed as an access matrix is converted to a RBAC policy. We present a number of analytical results while highlighting that underlying assumptions we make, with regards to a priori knowledge an adversary has, is an important consideration in any such analysis. We present also our results from an empirical study of role mining algorithms from the literature and two new ”baseline” algorithms we propose. The results of our study suggest that when secrecy resilience is the objective, a role mining algorithm that performs well along a different criterion for goodness, e.g., minimization of roles (e.g., RBAC policy generated by User-Role Miner), does not necessarily perform well for some disclosure events. Moreover, under the assumptions we made for empirical study, for the disclosure event that the victim user has a role from the adversary, Permission-Role Miner is the best role mining algorithm from the standpoint of secrecy resilience.

Description

Keywords

rbac, authorization policy, role mining

LC Keywords

Citation

URI

http://hdl.handle.net/10012/17435

Collections

Theses
Electrical and Computer Engineering