TY - JOUR
T1 - A Survey on Empirical Security Analysis of Access Control Systems
T2 - A Real-World Perspective
AU - Parkinson, Simon
AU - Khan, Saad
N1 - Publisher Copyright:
© 2022 Association for Computing Machinery.
PY - 2023/6/1
Y1 - 2023/6/1
N2 - There any many different access control systems, yet a commonality is that they provide flexible mechanisms to enforce different access levels. Their importance in organisations to adequately restrict resources, coupled with their use in a dynamic environment, mandates the need to routinely perform policy analysis. The aim of performing analysis is often to identify potential problematic permissions, which have the potential to be exploited and could result in data theft and unintended modification. There is a vast body of published literature on analysing access control systems, yet as performing analysis has a strong end-user motivation and is grounded in security challenges faced in real-world systems, it is important to understand how research is developing, what are the common themes of interest, and to identify key challenges that should be addressed in future work. To the best of the authors’ knowledge, no survey has been performed to gain an understanding of empirical access control analysis, focussing on how techniques are evaluated and how they align to the needs of real-world analysis tasks. This article provides a systematic literature review, identifying and summarising key works. Key findings are identified and discussed as areas of future work.
AB - There any many different access control systems, yet a commonality is that they provide flexible mechanisms to enforce different access levels. Their importance in organisations to adequately restrict resources, coupled with their use in a dynamic environment, mandates the need to routinely perform policy analysis. The aim of performing analysis is often to identify potential problematic permissions, which have the potential to be exploited and could result in data theft and unintended modification. There is a vast body of published literature on analysing access control systems, yet as performing analysis has a strong end-user motivation and is grounded in security challenges faced in real-world systems, it is important to understand how research is developing, what are the common themes of interest, and to identify key challenges that should be addressed in future work. To the best of the authors’ knowledge, no survey has been performed to gain an understanding of empirical access control analysis, focussing on how techniques are evaluated and how they align to the needs of real-world analysis tasks. This article provides a systematic literature review, identifying and summarising key works. Key findings are identified and discussed as areas of future work.
KW - security and privacy
KW - access control
KW - Operating systems security
KW - File system security
KW - security policy
KW - analysis
KW - empirical analysis
UR - http://www.scopus.com/inward/record.url?scp=85145848202&partnerID=8YFLogxK
U2 - 10.1145/3533703
DO - 10.1145/3533703
M3 - Article
VL - 55
JO - ACM Computing Surveys
JF - ACM Computing Surveys
SN - 0360-0300
IS - 6
M1 - 123
ER -