Contemporaneous Update and Enforcement of ABAC Policies

Samir Talegaon, Gunjan Batra, Vijayalakshmi Atluri, Shamik Sural, Jaideep Vaidya
2022 Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies  
Access control policies are dynamic in nature, and therefore require frequent updates to synchronize with the latest organizational security requirements. As these updates are handled, it is important that all user access requests be answered contemporaneously and correctly without any interruption or delay. In this paper, considering the context of Attribute Based Access Control (ABAC), we propose an approach that is capable of immediately materializing any update to the policy and ensuring
more » ... t it is taken into account for any subsequent access requests. One possibility is to update the policy based on the incoming changes through ABAC policy mining techniques. However, it turns out that no existing mining approach can offer correct enforcement of policies when access requests are entertained during the updates. We provide a formal proof for this surprising result and then propose an approach called 𝛿wOP that does not suffer from this problem. Essentially, 𝛿wOP keeps track of the needed information from updates and uses this in conjunction with the existing ABAC policy rules to make access decisions. We present the complexity analysis as well as a comprehensive experimental evaluation to demonstrate the efficacy of the proposed approach for different types of changes.
doi:10.1145/3532105.3535021 fatcat:qzsz4dfqy5ajdc3tokjpcqz27m