Self-adaptive federated authorization infrastructures
Authors
Abstract
Authorization infrastructures are an integral part of any network where resources need to be protected. As networks expand and organizations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this paper, we explore the automatic adaptation of authorization assets (policies and subject access rights) in order to manage federated authorization infrastructures. We demonstrate adaptation through a Self-Adaptive Authorization Framework (SAAF) controller that is capable of managing policy based federated role/attribute access control authorization infrastructures. The SAAF controller implements a feedback loop to monitor the authorization infrastructure in terms of authorization assets and subject behavior, analyze potential adaptations for handling malicious behavior, and act upon authorization assets to control future authorization decisions. We evaluate a prototype of the SAAF controller by simulating malicious behavior within a deployed federated authorization infrastructure (federation), demonstrating the escalation of adaptation, along with a comparison of SAAF to current technology.
Keywords
Self-adaptation, Authorization, Policy management, Identity management, Autonomic security, RBAC, ABAC, SAML, PERMIS
Related Project
ADAAS: Assuring Dependability in Architecture-based Adaptive Systems
Journal
Journal of Computer and System Sciences, Vol. 80, #5, pp. 935-952, M. Segal, January 2014
DOI
Cited by
No citations found