The Inner Circle

Draft NISTIR 8360 Machine Learning for Access Control Policy Verification

  • 1.  Draft NISTIR 8360 Machine Learning for Access Control Policy Verification

    Posted 23 days ago
      |   view attached
    Hi All,

    NIST announces the release of Draft NIST Internal Report (NISTIR) 8360, Machine Learning for Access Control Policy Verification. Access control policy verification ensures that there are no faults within the policy that leak or block access privileges. To answer the challenges of traditional verification methods, this report proposes an efficient and straightforward method for access control policy verification by applying a classification algorithm of machine learning. This method does not require comprehensive test cases, oracle, or system translation but rather checks the logic of policy rules directly, making it more efficient and feasible compared to traditional methods. This report also demonstrates an experiment for the proposed method with an example that uses currently available machine learning tools to facilitate the random forest classification algorithm. The result illustrates its capabilities as well as parameter settings for performing the verification steps.

    A public comment period is open through May 7, 2021. See the publication details for a copy of the document and information on submitting comments.

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------