Mining Likely Properties of Access Control Policies via Association Rule Mining

Abstract : Access control mechanisms are used to control which principals (such as users or processes) have access to which resources based on access control policies. To ensure the correctness of access control policies, policy authors conduct policy verification to check whether certain properties are satisfied by a policy. However, these properties are often not written in practice. To facilitate property verification, we present an approach that automatically mines likely properties from a policy via the technique of association rule mining. In our approach, mined likely properties may not be true for all the policy behaviors but are true for most of the policy behaviors. The policy behaviors that do not satisfy likely properties could be faulty. Therefore, our approach then conducts likely-property verification to produce counterexamples, which are used to help policy authors identify faulty rules in the policy. To show the effectiveness of our approach, we conduct evaluation on four XACML policies. Our evaluation results show that our approach achieves more than 30% higher fault-detection capability than that of an existing approach. Our approach includes additional techniques such as basic and prioritization techniques that help reduce a significant percentage of counterexamples for inspection compared to the existing approach.
Document type :
Conference papers
Complete list of metadatas

Cited literature [11 references]  Display  Hide  Download

https://hal.inria.fr/hal-01056688
Contributor : Hal Ifip <>
Submitted on : Wednesday, August 20, 2014 - 1:25:37 PM
Last modification on : Wednesday, August 21, 2019 - 10:38:02 AM
Long-term archiving on : Thursday, November 27, 2014 - 11:48:24 AM

File

_53.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Jeehyun Hwang, Tao Xie, Vincent Hu, Mine Altunay. Mining Likely Properties of Access Control Policies via Association Rule Mining. 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. pp.193-208, ⟨10.1007/978-3-642-13739-6_13⟩. ⟨hal-01056688⟩

Share

Metrics

Record views

120

Files downloads

159