Automatically Tightening Access Control Policies with Restricter

TL;DR

This paper introduces Restricter, a tool that automatically refines access control policies by analyzing access logs to reduce permissions while maintaining system functionality, thereby improving policy correctness and security.

Contribution

The paper presents a novel automated method for tightening access control policies based on real access logs, specifically implemented for Amazon's Cedar language.

Findings

Effective policy tightening reduces over-permissioning

Maintains system functionality after tightening

Demonstrated success in realistic case studies

Abstract

Robust access control is a cornerstone of secure software, systems, and networks. An access control mechanism is as effective as the policy it enforces. However, authoring effective policies that satisfy desired properties such as the principle of least privilege is a challenging task even for experienced administrators, as evidenced by many real instances of policy misconfiguration. In this paper, we set out to address this pain point by proposing Restricter, which automatically tightens each (permit) policy rule of a policy with respect to an access log, which captures some already exercised access requests and their corresponding access decisions (i.e., allow or deny). Restricter achieves policy tightening by reducing the number of access requests permitted by a policy rule without sacrificing the functionality of the underlying system it is regulating. We implement Restricter for Amazon's Cedar policy language and demonstrate its effectiveness through two realistic case studies.