Engineering Self-adaptive Authorisation Infrastructures
This work addresses the problem of scalable and cost-effective access control management for organisations, but it is incremental as it primarily reviews and structures existing developments rather than introducing new solutions.
The paper tackles the challenge of managing complex authorisation infrastructures by scoping and defining self-adaptive authorisation, which dynamically adapts access control policies to reduce human intervention and improve responsiveness to misuse, resulting in the identification of technical challenges classified by feedback control loop stages.
As organisations expand and interconnect, authorisation infrastructures become increasingly difficult to manage. Several solutions have been proposed, including self-adaptive authorisation, where the access control policies are dynamically adapted at run-time to respond to misuse and malicious behaviour. The ultimate goal of self-adaptive authorisation is to reduce human intervention, make authorisation infrastructures more responsive to malicious behaviour, and manage access control in a more cost effective way. In this paper, we scope and define the emerging area of self-adaptive authorisation by describing some of its developments, trends and challenges. For that, we start by identifying key concepts related to access control and authorisation infrastructures, and provide a brief introduction to self-adaptive software systems, which provides the foundation for investigating how self-adaptation can enable the enforcement of authorisation policies. The outcome of this study is the identification of several technical challenges related to self-adaptive authorisation, which are classified according to the different stages of a feedback control loop.