Evolutionary Inference of Attribute-Based Access Control Policies

详细信息    查看全文

• 作者：Eric Medvet (16)
  Alberto Bartoli (16)
  Barbara Carminati (17)
  Elena Ferrari (17)
  
  16. Dip. di Ingegneria e Architettura ; Universit脿 degli Studi di Trieste ; Trieste ; Italy
  17. Dip. di Scienze Teoriche e Applicate ; Universit脿 degli Studi dell鈥橧nsubria ; Como ; Italy
  
• 刊名：Lecture Notes in Computer Science
• 出版年：2015
• 出版时间：2015
• 年：2015
• 卷：9018
• 期：1
• 页码：351-365
• 全文大小：234 KB
• 参考文献：1. Ferrari, E.: Access Control in Data Management Systems. Synthesis Lectures on Data Management. Morgan & Claypool Publishers (2010)
  2. Hu, V.C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., Scarfo, K.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST Special Publication (SP) 800-162, Guide, October 2014
  3. Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 197鈥?06. ACM (2009)
  4. Carminati, B, Ferrari, E, Guglielmi, M (2013) A System for Timely and Controlled Information Sharing in Emergency Situations. IEEE Transactions on Dependable and Secure Computing 10: pp. 129-142 CrossRef
  5. Xu, Z., Stoller, S.D.: Mining attribute-based access control policies. arXiv preprint arXiv:1306.2401 (2013)
  6. Xu, Z., Stoller, S.D.: Mining attribute-based access control policies from RBAC policies. In: 2013 10th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT), pp. 1鈥?. IEEE (2013)
  7. Gal-Oz, N, Gonen, Y, Yahalom, R, Gudes, E, Rozenberg, B, Shmueli, E Mining roles from web application usage patterns. In: ditors">Furnell, S, Lambrinoudakis, C, Pernul, G eds. (2011) Trust, Privacy and Security in Digital Business. Springer, Heidelberg, pp. 125-137 90-2_11" target="_blank" title="It opens in new window">CrossRef
  8. Molloy, I, Chen, H, Li, T, Wang, Q, Li, N, Bertino, E, Calo, S, Lobo, J (2010) Mining roles with multiple objectives. ACM Trans. Inf. Syst. Secur. 13: pp. 36:1-36:35 CrossRef
  9. Ni, Q., Lobo, J., Calo, S., Rohatgi, P., Bertino, E.: Automating role-based provisioning by learning from examples. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 75鈥?4. ACM (2009)
  10. Hu, N., Bradford, P.G., Liu, J.: Applying role based access control and genetic algorithms to insider threat detection. In: Proceedings of the 44th Annual Southeast Regional Conference, pp. 790鈥?91. ACM (2006)
  11. Lim, Y.T., Cheng, P.C., Rohatgi, P., Clark, J.A.: MLS security policy evolution with genetic programming. In: Proceedings of the 10th Annual Conference on Genetic and Evolutionary Computation, pp. 1571鈥?578. ACM (2008)
  12. Lim, Y.T., Cheng, P.C., Rohatgi, P., Clark, J.A.: Dynamic security policy learning. In: Proceedings of the First ACM Workshop on Information Security Governance, pp. 39鈥?8. ACM (2009)
  13. Bleuler, S., Brack, M., Thiele, L., Zitzler, E.: Multiobjective genetic programming: reducing bloat using SPEA2. In: Proceedings of the 2001 Congress on Evolutionary Computation, vol. 1, pp. 536鈥?43. IEEE (2001)
  14. Tapiador, J.E., Clark, J.A.: Learning autonomic security reconfiguration policies. In: 2010 IEEE 10th International Conference on Computer and Information Technology (CIT), pp. 902鈥?09. IEEE (2010)
  15. Bartoli, A, Cumar, S, Lorenzo, A, Medvet, E Compressing regular expression sets for deep packet inspection. In: ditors">Bartz-Beielstein, T, Branke, J, Filipi膷, B, Smith, J eds. (2014) Parallel Problem Solving from Nature 鈥?PPSN XIII. Springer, Heidelberg, pp. 394-403 CrossRef
  16. F眉rnkranz, J (1999) Separate-and-conquer rule learning. Artificial Intelligence Review 13: pp. 3-54 CrossRef
  17. Eggermont, J., Kok, J.N., Kosters, W.A.: Genetic programming for data classification: partitioning the search space. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 1001鈥?005. ACM (2004)
  
• 作者单位：Evolutionary Multi-Criterion Optimization
• 丛书名：978-3-319-15933-1
• 刊物类别：Computer Science
• 刊物主题：Artificial Intelligence and Robotics
  Computer Communication Networks
  Software Engineering
  Data Encryption
  Database Management
  Computation by Abstract Devices
  Algorithm Analysis and Problem Complexity
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1611-3349

文摘

The interest in attribute-based access control policies is increasingly growing due to their ability to accommodate the complex security requirements of modern computer systems. With this novel paradigm, access control policies consist of attribute expressions which implicitly describe the properties of subjects and protection objects and which must be satisfied for a request to be allowed. Since specifying a policy in this framework may be very complex, approaches for policy mining, i.e., for inferring a specification automatically from examples in the form of logs of authorized and denied requests, have been recently proposed. In this work, we propose a multi-objective evolutionary approach for solving the policy mining task. We designed and implemented a problem representation suitable for evolutionary computation, along with several search-optimizing features which have proven to be highly useful in this context: a strategy for learning a policy by learning single rules, each one focused on a subset of requests; a custom initialization of the population; a scheme for diversity promotion and for early termination. We show that our approach deals successfully with case studies of realistic complexity.