Self-adaptive systems are able to modify their behaviour and/or structure in response to changes that occur to the system, its environment, or even its goals. In terms of authorisation infrastructures, self-adaptation has shown to be a promising solution for enforcing access control policies and subject access privileges when mitigating insider threat. This paper describes the resilience evaluation of a self-adaptive authorisation infrastructure by simulating a case study related to insider threats. As part of this evaluation, a malicious changeload has been formally defined in order to describe scenarios of abuse in access control. This malicious changeload was then used to stimulate self-adaptation within a federated authorisation infrastructure. The evaluation confirmed the resilience of a self-adaptive authorisation infrastructure in handling abuse of access under repeatable conditions by consistently mitigating abuse under normal and high loads. The evaluation has also shown that self-adaptation had a minimal impact on the authorisation infrastructure, even when adapting authorisation policies while mitigating abuse of access.

自适应系统能够响应于系统，其环境甚至其目标发生的更改来修改其行为和/或结构。在授权基础结构方面，自适应技术已被证明是缓解内部威胁时执行访问控制策略和主题访问特权的有前途的解决方案。本文通过模拟与内部威胁有关的案例研究，描述了自适应授权基础结构的弹性评估。作为此评估的一部分，已正式定义了恶意变更负载，以描述访问控制中的滥用情形。然后，此恶意更改负载被用于激发联合授权基础结构中的自适应。评估证实了自适应授权基础架构通过在正常和高负载下持续缓解滥用的能力，可以在可重复条件下处理滥用滥用。评估还表明，即使在减少访问滥用的同时调整授权策略，自适应对授权基础结构的影响也很小。