Bayesian networks for modeling failure dependency in access control models

Access controls are indispensable mechanisms for protecting access to resources of computing and communication systems. Currently, the design of access control models is centered on the access interaction between system subjects and objects. However, access authentication, control, auditing and administration services in today´s systems do not enjoy full operational independence while interacting with systems assets. That is, in a way or another they interact across different platforms, programs, processes or users, leading to build certain dependency while in operation. The identification and evaluation of this dependency is crucial to meeting security goals of access control models. To tackle this issue, we introduce a modeling technique that captures probabilistically the interaction between system assets and controls into a graph theoretic paradigm. We use Bayesian Networks (BN) in particular to model and analyze this dependency. We briefly show the proposed abstraction, modeling formalism and associated notation, along with a demonstration example of various useful inferences and some suggested research directions.