1. Field
The disclosure relates generally to access control policies and more specifically to generating role-based access control policies that minimize a risk profile of resulting risk-averse roles and assignments to those risk-averse roles.
2. Description of the Related Art
Effective risk management in an enterprise or organization involves quantifying the risk that an access control policy and enforcement of the access control policy poses to the enterprise or organization and the ability of the enterprise or organization to perform its mission. Access control policies are a primary line of defense for securing sensitive and valuable resources of an enterprise or organization. These access control policies dictate the types of actions users, such as, for example, humans, hardware devices, software applications, and networks, are allowed to perform on the protected resources. Errors in or mis-configuration of access control policies may allow malicious insiders or intruders to abuse the access control policies and perform unintended or undesirable actions on the protected resources. In addition, a user may combine, for example, several access permissions assigned to the user in an abusive way, which may produce a substantially higher degree of harm to an enterprise or organization than the user using a single permission in an abusive way.
To mitigate the impact of these risks, a common approach is to analyze the access control policy and assess the risk that is posed to the enterprise or organization. To accomplish this, one must consider the set of all permission assignments given to the user and then assess the potential impact of the misuse or abuse of these assigned permissions. Typically, the process of assessing the risk that is inherent in an access control policy is performed after the access control policy has been defined. One first defines an access control policy and then does a risk assessment to see if the resulting access control policy is acceptable. However, this approach to risk assessment is suboptimal because most access control policy definitions are aimed at optimizing the size and complexity of the access control policy, which is counter to risk management.