The Design and Demonstration of an Actor-Based, Application-Aware Access Control Evaluation Framework

To date, most work regarding the formal analysis ofaccess control schemes has focused on quantifying and comparingthe expressive power of a set of schemes. Although expressivepower is important, it is a property that exists in an absolutesense, detached from the application-specific context within whichan access control scheme will ultimately be deployed. In thispaper, by contrast, we formalize the access control suitabilityanalysis problem, which seeks to evaluate the degree to whicha set of candidate access control schemes can meet the needsof an application-specific workload. This process involves bothreductions to assess whether a scheme is capable of implementinga workload, as well as cost analysis using ordered measuresto quantify the overheads of using each candidate scheme toservice the workload. We develop a mathematical frameworkfor analyzing instances of the suitability analysis problem, andevaluate this framework both formally (by quantifying its effi-ciency and accuracy properties) and practically (by exploringa group-based messaging workload from the literature). Anancillary contribution of our work is the identification of auxiliarymachines, which are a useful class of modifications that can bemade to enhance the expressive power of an access control schemewithout negatively impacting the safety properties of the scheme.