Abstract

Organizations define access control policies to prevent users abusing their privileges. In large organizations, such policies are highly complex as they administer thousands of permissions for thousands of users. In addition, these policies are currently manually maintained, which makes policies prone to mistakes. Such mistakes may deny users the permissions they need to perform daily tasks or, even worse, they may grant permissions that users should not have. The latter may have dire consequences for the organization, even when the employees themselves do not abuse those additional permissions, as hackers may gain internal access and then abuse them to perform nefarious acts.

Privilege abuse remains a major problem for organizations handling sensitive data. Even for healthcare companies, where access to patient data is critical, abuse by internal employees is a threat to patients’ privacy. Indeed, Verizon’s data breach report from 2018 shows that 54% of data breaches in healthcare involved internal actors. Perhaps the most famous case of internal abuse is Edward Snowden, which shows that giving the right access to each employee is challenging even for the strongest security agencies.

Two fields have proposed solutions to strengthen policy specification and maintenance. The first one, policy analysis, offer queries that policy administrators can execute to determine whether policies are granting permissions as intended. Policy analysis has helped to discover inconsistencies in policies or unnecessary assignments of permissions. The second one, policy mining, analyzes how permissions are being used in the organization and computes a policy that grants to each employee the permissions he needs. By observing what permissions are not actually used, policy miners can compute policies that prevent privilege abuse and that are also tighter than manually specified policies.

This thesis makes three contributions to these fields. First, we propose FORBAC, an extension for RBAC (Role-Based Access Control) that strikes a balance between expressiveness in policy specification and efficiency in policy analysis. Through a case study with a major European bank, we show that FORBAC is expressive enough for modern RBAC policies while simple enough to keep the complexity of policy analysis in NP. Second, we propose Rhapsody, the first algorithm for mining ABAC (Attribute-Based Access Control) policies from logs that guarantees to mine precisely the set of all significant, reliable, and succinct rules. We also show how all other ABAC mining algorithms fail to provide these guarantees. Finally, we propose Unicorn, a universal method for building policy miners. Using Unicorn, we have built competitive policy miners for a wide variety of policy languages. In particular, the ABAC policy miner built with Unicorn outperforms Rhapsody and, using Unicorn, we have been able to build the first policy miners for XACML (eXtensible Access Control Markup Language) and RBAC with spatio-temporal constraints, languages for which no miner was known before.

Links

• https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/345941/1/thesis_carlos_cotrini.pdf

Citation

Jimenez, C.M.C., 2019. Preventing privilege abuse using policy analysis and policy mining. ETH Zurich, Zurich, Switzerland.