Machine Learning-Based Enhancement of Access Control in ERP Systems Using Real-World Data
摘要
The security of IT systems faces substantial risks from external and internal threats, emphasizing the need for access control. Role-based access control is widely used in IT systems, where permissions are assigned to users via roles. However, insufficient permission concepts and dynamic changes in user responsibilities often lead to errors in permission assignments. These issues can undermine key security principles such as Least Privilege and Segregation of Duties. Therefore, this study explores the application of machine learning-based access control (MLBAC) to address these challenges in the context of enterprise resource planning (ERP) systems. For this purpose, different ERP data sources, including permission concept data and records of user behavior, are described, and their suitability for MLBAC is investigated. This study further highlights the significant potential of MLBAC for predicting access decisions to evaluate existing permissions concepts and to assign permissions to new users. Moreover, this study demonstrates how combining permission concept data and records of user behavior can validate access decisions.