Extending Multivalued Dependencies for Refactoring Access Control Policies

Policy-based access control is a well-established paradigm for securing layered IT systems. Access control policies, however, often do not focus on dedicated architecture layers (e.g., network, web, application), but increasingly employ concepts of multiple layers. Web application servers, for instance, typically support request filtering on the basis of network addresses. The resulting flexibility comes with increased management complexity and the risk of securityrelevant misconfiguration when looking at the various policies in isolation. In this paper we focus on policy refactoring, i.e., the task of finding the least permissive rewriting of a collection of policies such that the global composed policy remains identical. Some connections between access control and the relational model have been already identified in literature. Following this avenue, we argue that normalization theory can help to solve the refactoring problem. By exploiting techniques inspired from multivalued dependencies, we lay down the foundations of a theoretical framework that allows (i) to describe authorization policies from different architecture layers, (ii) to capture the relationships between layers in order to create a universal view of the global policy, and (iii) to decompose the global policy into a collection of simpler ones.