Certified unlearning for a trustworthy machine learning-based access control administration

Certified unlearning for a trustworthy machine learning-based access control administration

연구 분야: Software Development

학회: International Journal of Information Security

With the swift and increasing complexity of contemporary distributed software systems, there is a pressing demand for access control methods that are effective, scalable, and secure. In response, Machine Learning (ML) has been proposed to complement manually crafted authorisation policies to better handle the dynamic and constantly evolving nature of such software systems and detect unusual access requests. As systems evolve, so do the conditions under which access is granted. Validating access control policy updates is imperative to prevent unauthorised access to the system. While modifying traditional rule-based access control policies is relatively straightforward, the administration of Machine Learning-based Access Control (MLBAC) presents a substantial security challenge. This paper examines the trustworthiness of the administration of MLBAC systems through certified machine unlearning for reverting previous policies and correcting misbehaviour. More specifically, we address the security concerns of employing ML as a complementary access control mechanism by exploring exact and approximate unlearning and evaluating its impact using real-world data. We demonstrate the effectiveness and security of unlearning in both reverting policies and addressing vulnerabilities that may emerge during the model’s life cycle. The promising results serve to address one of the primary challenges associated with MLBAC systems and contribute to a future wider acceptance.