Access Control Policy Evolution: An Empirical Study
| Title | Access Control Policy Evolution: An Empirical Study |
| Publication Type | Conference Paper |
| Year of Publication | 2014 |
| Authors | Hwang, JeeHyun, Williams, Laurie, Vouk, Mladen |
| Conference Name | Proceedings of the 2014 Symposium and Bootcamp on the Science of Security |
| Publisher | ACM |
| Conference Location | Raleigh, NC, USA |
| ISBN Number | 978-1-4503-2907-1 |
| Keywords | access control policy, ACM CCS, Control, Database and Storage Security, evolution, Foundations, Information Accountability and Usage Control, science of security |
| Abstract | Access Control Policies (ACPs) evolve. Understanding the trends and evolution patterns of ACPs could provide guidance about the reliability and maintenance of ACPs. Our research goal is to help policy authors improve the quality of ACP evolution based on the understanding of trends and evolution patterns in ACPs We performed an empirical study by analyzing the ACP changes over time for two systems: Security Enhanced Linux (SELinux), and an open-source virtual computing platform (VCL). We measured trends in terms of the number of policy lines and lines of code (LOC), respectively. We observed evolution patterns. For example, an evolution pattern st1 - st2 says that st1 (e.g., "read") evolves into st2 (e.g., "read" and "write"). This pattern indicates that policy authors add "write" permission in addition to existing "read" permission. We found that some of evolution patterns appear to occur more frequently. |
| URL | http://doi.acm.org/10.1145/2600176.2600204 |
| DOI | 10.1145/2600176.2600204 |
| Citation Key | Hwang:2014:ACP:2600176.2600204 |