Engineering Self-adaptive Authorisation Infrastructures

TL;DR

This paper explores the emerging field of self-adaptive authorisation infrastructures, focusing on how dynamic, run-time policy adaptation can improve security and reduce management costs amid increasing organizational complexity.

Contribution

It defines the concept of self-adaptive authorisation, reviews recent developments, and identifies key technical challenges across different stages of feedback control loops.

Findings

Identified key concepts in access control and self-adaptive systems.

Classified technical challenges in self-adaptive authorisation.

Provided a framework for future research in dynamic access control policies.

Abstract

As organisations expand and interconnect, authorisation infrastructures become increasingly difficult to manage. Several solutions have been proposed, including self-adaptive authorisation, where the access control policies are dynamically adapted at run-time to respond to misuse and malicious behaviour. The ultimate goal of self-adaptive authorisation is to reduce human intervention, make authorisation infrastructures more responsive to malicious behaviour, and manage access control in a more cost effective way. In this paper, we scope and define the emerging area of self-adaptive authorisation by describing some of its developments, trends and challenges. For that, we start by identifying key concepts related to access control and authorisation infrastructures, and provide a brief introduction to self-adaptive software systems, which provides the foundation for investigating how self-adaptation can enable the enforcement of authorisation policies. The outcome of this study is the identification of several technical challenges related to self-adaptive authorisation, which are classified according to the different stages of a feedback control loop.