Robust access control is a cornerstone of secure software, systems, and networks. An access control mechanism is as effective as the policy it enforces. However, authoring effective policies that satisfy desired properties such as the principle of least privilege is a challenging task even for experienced administrators, as evidenced by many real instances of policy misconfiguration. In this paper, we set out to address this pain point by proposing Restricter, which automatically tightens each (permit) policy rule of a policy with respect to an access log, which captures some already exercised access requests and their corresponding access decisions (i.e., allow or deny). Restricter achieves policy tightening by reducing the number of access requests permitted by a policy rule without sacrificing the functionality of the underlying system it is regulating. We implement Restricter for Amazon's Cedar policy language and demonstrate its effectiveness through two realistic case studies.
翻译:稳健的访问控制是保障软件、系统与网络安全的重要基石。访问控制机制的有效性取决于其所执行策略的质量。然而,即使是经验丰富的管理员,制定出满足最小权限原则等理想特性的有效策略也极具挑战,现实中大量存在的策略配置失误案例便印证了这一点。本文旨在通过提出Restricter系统来解决这一痛点,该系统能够依据访问日志自动收紧策略中的每一条(允许类)规则。访问日志记录了部分已执行的访问请求及其对应的访问决策(即允许或拒绝)。Restricter通过减少策略规则所允许的访问请求数量来实现策略收紧,同时确保其管控的底层系统功能不受影响。我们针对亚马逊的Cedar策略语言实现了Restricter,并通过两个真实案例研究验证了其有效性。