Severity Level of Permissions in Role-Based Access Control
This work addresses information leakage risks in access control systems, but it appears incremental as it builds on existing methods like analytic hierarchy process.
The paper tackles the problem of ranking permissions in role-based access control to identify the most significant ones for reducing redundancy, proposing a methodology that uses the analytic hierarchy process with the role graph as the decision tree.
The analysis of hidden channels of information leakage with respect to role-based access control includes monitoring of excessive permissions among users. It is not always possible to completely eliminate redundancy. The problem of ranking permissions arises in order to identify the most significant, for which redundancy is most not desirable. A numerical characteristic that reflects the value or importance of permissions is called the "severity level". A number of heuristic assumptions have been formulated that make it possible to establish the dependence of the severity level of permissions on the structure of the role hierarchy. A methodology for solving the problem is proposed, using analytic hierarchy process and taking into account these assumptions. The main idea is that the decision tree of the process will be the role graph.