Acumen: Analysing the impact of organisational change on users’ access entitlements

Selasi Kwashie, Wei Kang, Sandeep Santhosh Kumar, Geoff Jarrad, Seyit Camtepe, Surya Nepal

Research output: Book chapter/Published conference paperConference paperpeer-review

2 Downloads (Pure)

Abstract

Planned organisational changes are frequent occurrences in large enterprises due to the dynamicity of employees’ roles, evolution of teams, units and divisions as a result of mergers, demergers, and general restructuring. To safeguard system security and employees’ productivity, it is paramount for system administrators to keep track and remediate all users’ changing access needs. This paper studies the impact of (planned) organisational changes on the access privileges of employees in line with access control policies. Our solution, Acumen, uses binary decision diagrams (BDDs) to encode XACML policies via a Boolean function conversion, and performs semantic interpretation of organisational changes for analysis over the BDDs. The BDD structure is versatile, enabling succinct representation as well as effective and efficient symbolic operations and visualisation. We demonstrate the efficacy of Acumen with two data sets via a series of case studies on: a) a commonly used benchmark access control policy data in the literature; and b) a proprietary data set containing planned organisational changes in a large real-world financial institution with a dynamic business environment. The empirically results show Acumen to be effective and efficient.

Original languageEnglish
Title of host publicationComputer Security – ESORICS 2023
Subtitle of host publication28th European Symposium on Research in Computer Security
EditorsGene Tsudik, Mauro Conti, Kaitai Liang, Georgios Smaragdakis
PublisherSpringer
Pages410-430
Number of pages21
Volume14347
ISBN (Electronic)9783031514821
ISBN (Print)9783031514814
DOIs
Publication statusPublished - Jan 2024
Event28th European Symposium on Research in Computer Security, ESORICS 2023 - The Hague Conference Centre New Babylon, The Hague, Netherlands
Duration: 25 Sept 202329 Sept 2023
https://esorics2023.org/ (Conference website)
https://link.springer.com/book/10.1007/978-3-031-51482-1 (Conference proceedings)
https://esorics2023.org/program/plan/ (Program)

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14347 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference28th European Symposium on Research in Computer Security, ESORICS 2023
Country/TerritoryNetherlands
CityThe Hague
Period25/09/2329/09/23
OtherComputer security is concerned with the protection of information in environments where there is a possibility of intrusion or malicious action. The aim of ESORICS is to further the progress of research and development in computer security by establishing a European community for bringing together academia and industry in this area. Progressively organized in a series of European countries, the symposium is confirmed as one of the biggest European conferences in computer security. Nowadays, the symposium has also explored the R&D directions on AI, machine learning, privacy-enhancing technology, network security, software, and hardware security, blockchain, smart contract, and real-world applied cryptography.

After the recent successful hosts in Fraunhofer (Germany, 2021) and DTU (Denmark, 2022), the 28th European Symposium on Research in Computer Security (ESORICS) 2023 will be hosted by TU Delft in the Hague, the Netherlands.
Internet address

Fingerprint

Dive into the research topics of 'Acumen: Analysing the impact of organisational change on users’ access entitlements'. Together they form a unique fingerprint.

Cite this