The Secrecy Resilience of Access Control Policies and Its Application to Role Mining

We propose a notion that we call the secrecy resilience of an access control policy that, to our knowledge, has not been explored in prior work. We seek to capture with this notion the property inherent to an access control policy that measures its resistance to disclosure. We motivate and then propose a definition for secrecy resilience that is based on the notion of entropy from information theory. We focus on policies expressed in Role-Based Access Control (RBAC), and contrast RBAC from the access matrix from the standpoint of secrecy resilience. We observe that similar to other objectives such as the minimization of the number of roles, an RBAC policy with the best secrecy resilience can be a desirable objective of bottom-up role-mining, with which we seek to compute an RBAC policy given as input an access matrix. We have carried out an empirical assessment of several role-mining algorithms from the standpoint of secrecy resilience for two underlying distribution-events pairs each of which captures a kind of best-case from the standpoint of a defender. Towards carrying out the empirical assessment, we make an additional contribution to role-mining: we propose new reductions for the two problems of minimizing the number of roles and the number of edges, and discuss the manner in which our reductions are superior to reductions in existing work.