Visible to the public Access Control Policy Evolution: An Empirical Study

TitleAccess Control Policy Evolution: An Empirical Study
Publication TypeConference Paper
Year of Publication2014
AuthorsHwang, JeeHyun, Williams, Laurie, Vouk, Mladen
Conference NameProceedings of the 2014 Symposium and Bootcamp on the Science of Security
Conference LocationRaleigh, NC, USA
ISBN Number978-1-4503-2907-1
Keywordsaccess control policy, ACM CCS, Control, Database and Storage Security, evolution, Foundations, Information Accountability and Usage Control, science of security

Access Control Policies (ACPs) evolve. Understanding the trends and evolution patterns of ACPs could provide guidance about the reliability and maintenance of ACPs. Our research goal is to help policy authors improve the quality of ACP evolution based on the understanding of trends and evolution patterns in ACPs We performed an empirical study by analyzing the ACP changes over time for two systems: Security Enhanced Linux (SELinux), and an open-source virtual computing platform (VCL). We measured trends in terms of the number of policy lines and lines of code (LOC), respectively. We observed evolution patterns. For example, an evolution pattern st1 - st2 says that st1 (e.g., "read") evolves into st2 (e.g., "read" and "write"). This pattern indicates that policy authors add "write" permission in addition to existing "read" permission. We found that some of evolution patterns appear to occur more frequently.

Citation KeyHwang:2014:ACP:2600176.2600204