Provenance-based Analytics Services for Access Control Policies

Abstract Successful collaborations require information and resource sharing and thus adequate access control policy management systems that control sharing among the collaborating entities. Such management systems need to be flexible in order to adapt to different environments and thus be able to support access control policy evolution. However, when dealing with large sets of evolving policies it is critical that policies meet certain policy quality requirements. Specifically, policies of interest must be up-to-date, complete, free of inconsistencies, relevant. In this paper, we propose an approach to analyze policies in order to determine whether policies meet such requirements. Our approach is based on the use of provenance techniques that collect comprehensive data about actions executed by users in the context of workflows, that is, sets of tasks executed according to some ordering by users. Provenance data are used by services that support various types of analysis to determine whether the policies of interest verify the quality requirements.
Authors
  • Elisa Bertino (Purdue)
  • Amani Abu Jabal (Purdue)
  • Seraphin Calo (IBM US)
  • Christian Makaya (IBM US)
  • Maroun Touma (IBM US)
  • Dinesh Verma (IBM US)
  • Chris Williams (Dstl)
Date Sep-2017
Venue 1st Annual Fall Meeting of the DAIS ITA, 2017
Variants