Self-adaptive federated authorization infrastructures

Authors

Abstract

Authorization infrastructures are an integral part of any network where resources need to be protected. As networks expand and organizations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this paper, we explore the automatic adaptation of authorization assets (policies and subject access rights) in order to manage federated authorization infrastructures. We demonstrate adaptation through a Self-Adaptive Authorization Framework (SAAF) controller that is capable of managing policy based federated role/attribute access control authorization infrastructures. The SAAF controller implements a feedback loop to monitor the authorization infrastructure in terms of authorization assets and subject behavior, analyze potential adaptations for handling malicious behavior, and act upon authorization assets to control future authorization decisions. We evaluate a prototype of the SAAF controller by simulating malicious behavior within a deployed federated authorization infrastructure (federation), demonstrating the escalation of adaptation, along with a comparison of SAAF to current technology.

Keywords

Self-adaptation, Authorization, Policy management, Identity management, Autonomic security, RBAC, ABAC, SAML, PERMIS

Related Project

ADAAS: Assuring Dependability in Architecture-based Adaptive Systems

Journal

Journal of Computer and System Sciences, Vol. 80, #5, pp. 935-952, M. Segal, January 2014

DOI