Effective Machine Learning-based Access Control Administration through Unlearning.

With the rapid and increasing complexity of computer systems and software, there is a need for more effective, scalable, and secure access control methods. Machine learning (ML) has gained popularity in complementing manually crafted authorisation policies in such environments. However, given the dynamic and constantly evolving nature of software and access control systems, the administration of the latter presents a significant security challenge. This paper examines the administration problem of Machine Learning-based Access Control (MLBAC) systems through Machine Unlearning as a lightweight and secure method. More specifically, we explore this problem through exact and approximate unlearning and evaluate its impact using real-world data. We demonstrate the effectiveness of Machine Unlearning in both reverting policies and addressing potential vulnerabilities that may emerge during the model's lifecycle. Compared to alternative options such as retraining from scratch, our approach reduces deployment and verification costs, making it a promising solution for MLBAC administration.