Forensic Analysis in Access Control: Foundations and a Case-Study from Practice

Abstract

We pose and study forensic analysis in the context of access control systems in a manner that prior work has not. Forensics seeks to answer questions about past states of a system, and thereby provides important clues and evidence in the event of a security incident. Access control deals with who may perform what action on a resource and is a critical security function. Our focus is access control systems that allow for changes to the authorization state to be delegated to potentially untrusted users. We argue that this context in access control is an important one in which to consider forensic analysis, and observe that it is a natural complement of safety analysis, which has been considered extensively in the literature. We pose the forensic analysis problem for such access control systems abstractly, and instantiate it for three schemes from the literature: a well-known access matrix scheme, a role-based scheme, and a discretionary scheme. We identify the computational complexity of forensic analysis, and compare it to that of safety analysis for each of the schemes. We consider also the notion of logs, i.e., data that can be collected over time to aid forensic analysis. We present results for sufficient and minimal logs that render forensic analysis for the three schemes efficient. This motivates discussions on goal-directed logging, with the explicit intent of aiding forensic analysis. We carry out a case-study in the realistic setting of a serverless cloud application, and observe that goal-directed logging can be highly effective. Our work makes contributions at the foundations of information security, and its practical implications.