Detecting policy misconfigurations in temporal domain using object priority

In an organization, one of the important job of an administrator is to define different access control policies based on the various requirements. Access-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration. Depending upon the context of particular applications (e.g., health care, national security) the effect may be quite severe. Identification of such possible inconsistencies in the access control system at an early stage even before the user tries to access them, can help in rectifying such mistakes. Access Control List (ACL) purely reflects the various policies that a system must follow to carry out the desirable tasks. For most of the access control systems the ACL remains the same. In recent times, such models are not sufficient enough to meet the requirements, leading to models like TRBAC, GTRBAC. Identification of policy misconfigurations in such systems helps in minimizing the vulnerabilities, reducing the security risks and insider attacks. And in certain scenarios the policies may not be simple and may involve priorities among objects, where there is a fair chance of having erroneous policies unknowingly. Thus, identification of misconfigurations in such cases is of prior importance.