Access Control Policy Evolution: An Empirical Study

Access control policies (ACPs) are necessary mechanisms for protection of critical resources and applications. As operational and security requirements of a system evolve, so do access control policies. It is important to help policy authors in effectively managing access control policies by providing insights into historical trends and evolution patterns of access control policies. We analyzed ACP evolution in three systems: Security Enhanced Linux (SELinux) operating system, Virtual Computing Laboratory (VCL) cloud, and a network intrusion detection (Snort) application. We propose an approach, which extracts evolution patterns based on the analysis of ACP historical change data. An evolution pattern indicates an abstraction of change in the permissions/privileges assigned to a group or a user. We then developed a model of ACPs evolution. We found eight frequently occurring evolution patterns across the three systems. In our context this model can predict evolution patterns in ACPs with a precision of 50-80%, a recall of 70-90% and an F-measure of 65-75%.