Discovering Access-Control Misconfigurations: New Approaches and Evaluation Methodologies
Accesses that are not permitted by implemented policy but that share similarities with accesses that have been allowed, may be indicative of access-control policy misconfigurations. Identifying such misconfigurations allows administrators to resolve them before they interfere with the use of the system. We improve upon prior work in identifying such misconfigurations in two main ways. First, we develop a new methodology for evaluating misconfiguration prediction algorithms and applying them to real systems. We show that previous evaluations can substantially overestimate the benefits of using such algorithms in practice, owing to their tendency to reward predictions that can be deduced to be redundant. We also show, however, that these and other deductions can be harnessed to substantially recover the benefits of prediction. Second, we propose an approach that significantly simplifies the use of misconfiguration prediction algorithms. We remove the need to hand-tune (and empirically determine the effects of) various parameters, and instead replace them with a single, intuitive tuning parameter. We show empirically that this approach is generally competitive in terms of benefit and accuracy with algorithms that require hand-tuned parameters.