Multi-layer Audit of Access Rights

摘要

In the context of regulatory compliance, the question is often whether an enterprise can guarantee that only certain people can access certain data or perform certain business functions on them. Examples are controls over financial data in Sarbanes-Oxley and access to personal information in privacy laws such as HIPAA and the California Senate Bill 1386. Such guarantees also have to be strictly audited. For individual access control systems, such questions are standard at least in theory. However, to the best of our knowledge such questions have never been addressed for entire system stacks containing multiple layers of data representation with potentially different access mechanisms. For instance, financial data may be accessed by using an access right to the official financial application, but also by using an administrator right to an underlying database or by logically or physically accessing an unencrypted backup tape with the data. We propose an overall model and algorithms to deal with this situation. We study both advance queries for validating a proposed system and a posteriori queries in audit, problem determination, or litigation.