News Column

Researchers Submit Patent Application, "Generating Role-Based Access Control Policies Based on Discovered Risk-Averse Roles", for Approval

July 29, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- From Washington, D.C., VerticalNews journalists report that a patent application by the inventors Chari, Suresh N. (Tarrytown, NY); Molloy, Ian M. (Chappaqua, NY), filed on August 17, 2013, was made available online on July 17, 2014.

The patent's assignee is Interntional Business Machines Corporation.

News editors obtained the following quote from the background information supplied by the inventors: "The disclosure relates generally to access control policies and more specifically to generating role-based access control policies that minimize a risk profile of resulting risk-averse roles and assignments to those risk-averse roles.

"Effective risk management in an enterprise or organization involves quantifying the risk that an access control policy and enforcement of the access control policy poses to the enterprise or organization and the ability of the enterprise or organization to perform its mission. Access control policies are a primary line of defense for securing sensitive and valuable resources of an enterprise or organization. These access control policies dictate the types of actions users, such as, for example, humans, hardware devices, software applications, and networks, are allowed to perform on the protected resources. Errors in or mis-configuration of access control policies may allow malicious insiders or intruders to abuse the access control policies and perform unintended or undesirable actions on the protected resources. In addition, a user may combine, for example, several access permissions assigned to the user in an abusive way, which may produce a substantially higher degree of harm to an enterprise or organization than the user using a single permission in an abusive way.

"To mitigate the impact of these risks, a common approach is to analyze the access control policy and assess the risk that is posed to the enterprise or organization. To accomplish this, one must consider the set of all permission assignments given to the user and then assess the potential impact of the misuse or abuse of these assigned permissions. Typically, the process of assessing the risk that is inherent in an access control policy is performed after the access control policy has been defined. One first defines an access control policy and then does a risk assessment to see if the resulting access control policy is acceptable. However, this approach to risk assessment is suboptimal because most access control policy definitions are aimed at optimizing the size and complexity of the access control policy, which is counter to risk management."

As a supplement to the background information on this patent application, VerticalNews correspondents also obtained the inventors' summary information for this patent application: "According to one illustrative embodiment, a computer system for generating role-based access control policies that minimize a risk profile of resulting risk-averse roles and assignments to those risk-averse roles is provided. A user-permission relation is generated from a stored access control policy by extracting users and permissions assigned to each of the users from the stored access control policy. A user-attribute relation is generated by mapping the users to attributes describing each of the users. A permission-attribute relation is generated by mapping the permissions to attributes describing each of the permissions. A set of risk-averse roles, assignment of the set of risk-averse roles to the users, and assignment of the permissions to the set of risk-averse roles is determined based on applying a risk-optimization function to the generated user-permission relation, the generated user-attribute relation, and the generated permission-attribute relation. Then, a role-based access control policy is generated that minimizes a risk profile of the set of risk-averse roles, the assignment of the set of risk-averse roles to the users, and the assignment of the permissions to the set of risk-averse roles. According to another illustrative embodiment, a computer program product for generating role-based access control policies that minimize a risk profile of resulting risk-averse roles and assignments to those risk-averse roles is provided.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

"FIG. 1 is a pictorial representation of a network of data processing systems in which illustrative embodiments may be implemented;

"FIG. 2 is a diagram of a data processing system in which illustrative embodiments may be implemented;

"FIG. 3 is a diagram illustrating an example of an access control policy system in accordance with an illustrative embodiment;

"FIG. 4 is a flowchart illustrating a process for generating a role-based access control policy using a set of risk-averse roles in accordance with an illustrative embodiment;

"FIG. 5 is a flowchart illustrating a process for generating a role-based access control policy based on a set of candidate roles added to an access control policy in accordance with an illustrative embodiment;

"FIG. 6A and FIG. 6B are a flowchart illustrating another process for generating a role-based access control policy based on a set of candidate roles added to an access control policy in accordance with an illustrative embodiment; and

"FIG. 7A and FIG. 7B are a flowchart illustrating a process for generating a role-based access control policy based on an initial role-based access control policy generated by a machine learning application in accordance with an illustrative embodiment."

For additional information on this patent application, see: Chari, Suresh N.; Molloy, Ian M. Generating Role-Based Access Control Policies Based on Discovered Risk-Averse Roles. Filed August 17, 2013 and posted July 17, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=83&p=2&f=G&l=50&d=PG01&S1=20140710.PD.&OS=PD/20140710&RS=PD/20140710

Keywords for this news article include: Information Technology, Information and Data Processing, Interntional Business Machines Corporation.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters