Access control schemes are traditionally compared in terms of raw expressive power (i.e., the policies they can encode and how those policies can be changed); however, such comparisons ignore the needs of the application within which a scheme will be deployed. For some applications, the most expressive scheme may be overly complex and not necessarily the best fit. To this end, this project investigates the suitability analysis problem: Given a system's access control workload, a set of candidate access control schemes, and a set of application-specific cost metrics, which scheme best meets the needs of the system?
The goal is to create a suitability-analysis framework that is sufficiently rigorous to be useful to researchers and theoreticians, while remaining accessible to security practitioners. Such a framework will help formalize an access control scheme's application-specific strengths and limitations, enable researchers to precisely describe the scenarios for which a scheme is best suited, allow assessment of the novelty and utility of proposed schemes, and help analysts diagnose shortcomings in existing systems. In particular, the project will develop (1) an application-specific, workload-based framework for analyzing the suitability of access control schemes that is sufficiently rich to compare logical, extensional, and hybrid schemes in both sequential and concurrent systems; (2) a cost analysis component that quantifies a scheme's suitability using custom metrics; and (3) tools that automate a range of suitability analysis tasks. A real-world security workload, PKI-based authentication and authorization on the web, will be used to evaluate the results.