Transaction Logs in Access Control: Leveraging an Under-Utilized Data Source

Transaction Logs in Access Control: Leveraging an Under-Utilized Data Source

연구 분야: Software Development

학회: IFIP Annual Conference on Data and Applications Security and Privacy

Maintaining access control policies is an ongoing process to ensure required but not excessive authorizations. Organizations thus leverage various data sources to ease this maintenance. Among these data sources are access control matrices, attributes, access logs, and transaction logs. While research reasonably covers the former data sources, the potential of transaction logs remains untapped. We pave the way for transaction logs as a data source in access control by (i) expressing them with a formalization, (ii) pinpointing them in typical Identity and Access Management (IAM) infrastructures, and (iii) grounding them in IAM processes. We conclude that access control transaction logs are valuable data sources for improving analytical capabilities for IAM.