Saved in:
Bibliographic Details
Main Authors: Zhang, Si, Fong, Philip W. L.
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2401.00086
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913181509615616
author Zhang, Si
Fong, Philip W. L.
author_facet Zhang, Si
Fong, Philip W. L.
contents This paper proposes a computational model for policy administration. As an organization evolves, new users and resources are gradually placed under the mediation of the access control model. Each time such new entities are added, the policy administrator must deliberate on how the access control policy shall be revised to reflect the new reality. A well-designed access control model must anticipate such changes so that the administration cost does not become prohibitive when the organization scales up. Unfortunately, past Access Control research does not offer a formal way to quantify the cost of policy administration. In this work, we propose to model ongoing policy administration in an active learning framework. Administration cost can be quantified in terms of query complexity. We demonstrate the utility of this approach by applying it to the evolution of protection domains. We also modelled different policy administration strategies in our framework. This allowed us to formally demonstrate that domain-based policies have a cost advantage over access control matrices because of the use of heuristic reasoning when the policy evolves. To the best of our knowledge, this is the first work to employ an active learning framework to study the cost of policy deliberation and demonstrate the cost advantage of heuristic policy administration.
format Preprint
id arxiv_https___arxiv_org_abs_2401_00086
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Quantifying Policy Administration Cost in an Active Learning Framework
Zhang, Si
Fong, Philip W. L.
Cryptography and Security
Machine Learning
This paper proposes a computational model for policy administration. As an organization evolves, new users and resources are gradually placed under the mediation of the access control model. Each time such new entities are added, the policy administrator must deliberate on how the access control policy shall be revised to reflect the new reality. A well-designed access control model must anticipate such changes so that the administration cost does not become prohibitive when the organization scales up. Unfortunately, past Access Control research does not offer a formal way to quantify the cost of policy administration. In this work, we propose to model ongoing policy administration in an active learning framework. Administration cost can be quantified in terms of query complexity. We demonstrate the utility of this approach by applying it to the evolution of protection domains. We also modelled different policy administration strategies in our framework. This allowed us to formally demonstrate that domain-based policies have a cost advantage over access control matrices because of the use of heuristic reasoning when the policy evolves. To the best of our knowledge, this is the first work to employ an active learning framework to study the cost of policy deliberation and demonstrate the cost advantage of heuristic policy administration.
title Quantifying Policy Administration Cost in an Active Learning Framework
topic Cryptography and Security
Machine Learning
url https://arxiv.org/abs/2401.00086