Abstract
Planned organisational changes are frequent occurrences in large enterprises due to the dynamicity of employees’ roles, evolution of teams, units and divisions as a result of mergers, demergers, and general restructuring. To safeguard system security and employees’ productivity, it is paramount for system administrators to keep track and remediate all users’ changing access needs. This paper studies the impact of (planned) organisational changes on the access privileges of employees in line with access control policies. Our solution, Acumen, uses binary decision diagrams (BDDs) to encode XACML policies via a Boolean function conversion, and performs semantic interpretation of organisational changes for analysis over the BDDs. The BDD structure is versatile, enabling succinct representation as well as effective and efficient symbolic operations and visualisation. We demonstrate the efficacy of Acumen with two data sets via a series of case studies on: a) a commonly used benchmark access control policy data in the literature; and b) a proprietary data set containing planned organisational changes in a large real-world financial institution with a dynamic business environment. The empirically results show Acumen to be effective and efficient.
Original language | English |
---|---|
Title of host publication | Computer Security – ESORICS 2023 |
Subtitle of host publication | 28th European Symposium on Research in Computer Security |
Editors | Gene Tsudik, Mauro Conti, Kaitai Liang, Georgios Smaragdakis |
Publisher | Springer |
Pages | 410-430 |
Number of pages | 21 |
Volume | 14347 |
ISBN (Electronic) | 9783031514821 |
ISBN (Print) | 9783031514814 |
DOIs | |
Publication status | Published - Jan 2024 |
Event | 28th European Symposium on Research in Computer Security, ESORICS 2023 - The Hague Conference Centre New Babylon, The Hague, Netherlands Duration: 25 Sept 2023 → 29 Sept 2023 https://esorics2023.org/ (Conference website) https://link.springer.com/book/10.1007/978-3-031-51482-1 (Conference proceedings) https://esorics2023.org/program/plan/ (Program) |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 14347 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 28th European Symposium on Research in Computer Security, ESORICS 2023 |
---|---|
Country/Territory | Netherlands |
City | The Hague |
Period | 25/09/23 → 29/09/23 |
Other | Computer security is concerned with the protection of information in environments where there is a possibility of intrusion or malicious action. The aim of ESORICS is to further the progress of research and development in computer security by establishing a European community for bringing together academia and industry in this area. Progressively organized in a series of European countries, the symposium is confirmed as one of the biggest European conferences in computer security. Nowadays, the symposium has also explored the R&D directions on AI, machine learning, privacy-enhancing technology, network security, software, and hardware security, blockchain, smart contract, and real-world applied cryptography. After the recent successful hosts in Fraunhofer (Germany, 2021) and DTU (Denmark, 2022), the 28th European Symposium on Research in Computer Security (ESORICS) 2023 will be hosted by TU Delft in the Hague, the Netherlands. |
Internet address |
|