Parametric RBAC Maintenance via Max-SAT

In the past decade, many organizations have adopted a Role-Based Access Control model (RBAC) to reduce their administration costs and increase security. The migration to RBAC requires a role engineering phase aimed at generating "good" initial roles starting from direct assignments of permissions to users. For an RBAC approach to be effective, however, it is also necessary to update roles and keep them compliant with the dynamic nature of the business processes; not only this, but errors and misalignments between the current RBAC state and reality need to be promptly detected and fixed. In this paper, we propose a new maintenance process to fix and refine an RBAC state when "exceptions" are detected. Exceptions are permissions some users realize they miss that are instrumental to their job and should be granted as soon as possible. They are catched by a monitoring system as unexpected "access denied" conditions and then validated by the RBAC administrator. The fix we produce aims at balancing two conflicting objectives, i.e., (i) simplifying the current RBAC state, and (ii) reducing the transition cost. Our approach is based on a Max-SAT formalization of this trade-off and it exploits incomplete solvers that quickly provide approximations of optimal solutions. Experiments show good performance on real-world benchmarks.