Quantifying Policy Administration Cost in an Active Learning Framework
Si Zhang, Philip W. L. Fong
TL;DR
The paper addresses the lack of formal quantification for policy administration cost in access control by modeling ongoing policy administration as an active-learning process over a growing protection graph $G=(V,E)$. It introduces domain-based policies and a comparative framework between a naive Tireless Learner (costing $kn^2$ CNQs) and a Conservative Learner that uses Occam's Razor and decision trees to reduce overhead, achieving bounds like $k+(n-1)(m-1)$ CNQs and linear error rates under certain conditions. The work formalizes learning in rounds with NVQ, CNQ, and HTQ queries, analyzes equivalence-class evolution, and proves convergence under well-defined invariants, showing that domain-based abstractions can significantly lower administration cost when heuristic strategies are employed. By linking policy deliberation to active learning and providing quantitative bounds, the paper offers a principled methodology to compare policy administration costs across models and strategies and to guide scalable policy management in IoT-like ecosystems.
Abstract
This paper proposes a computational model for policy administration. As an organization evolves, new users and resources are gradually placed under the mediation of the access control model. Each time such new entities are added, the policy administrator must deliberate on how the access control policy shall be revised to reflect the new reality. A well-designed access control model must anticipate such changes so that the administration cost does not become prohibitive when the organization scales up. Unfortunately, past Access Control research does not offer a formal way to quantify the cost of policy administration. In this work, we propose to model ongoing policy administration in an active learning framework. Administration cost can be quantified in terms of query complexity. We demonstrate the utility of this approach by applying it to the evolution of protection domains. We also modelled different policy administration strategies in our framework. This allowed us to formally demonstrate that domain-based policies have a cost advantage over access control matrices because of the use of heuristic reasoning when the policy evolves. To the best of our knowledge, this is the first work to employ an active learning framework to study the cost of policy deliberation and demonstrate the cost advantage of heuristic policy administration.