Skip to Main content Skip to Navigation
Conference papers

Mining Likely Properties of Access Control Policies via Association Rule Mining

Abstract : Access control mechanisms are used to control which principals (such as users or processes) have access to which resources based on access control policies. To ensure the correctness of access control policies, policy authors conduct policy verification to check whether certain properties are satisfied by a policy. However, these properties are often not written in practice. To facilitate property verification, we present an approach that automatically mines likely properties from a policy via the technique of association rule mining. In our approach, mined likely properties may not be true for all the policy behaviors but are true for most of the policy behaviors. The policy behaviors that do not satisfy likely properties could be faulty. Therefore, our approach then conducts likely-property verification to produce counterexamples, which are used to help policy authors identify faulty rules in the policy. To show the effectiveness of our approach, we conduct evaluation on four XACML policies. Our evaluation results show that our approach achieves more than 30% higher fault-detection capability than that of an existing approach. Our approach includes additional techniques such as basic and prioritization techniques that help reduce a significant percentage of counterexamples for inspection compared to the existing approach.
Document type :
Conference papers
Complete list of metadata

Cited literature [11 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Wednesday, August 20, 2014 - 1:25:37 PM
Last modification on : Tuesday, October 19, 2021 - 12:52:58 PM
Long-term archiving on: : Thursday, November 27, 2014 - 11:48:24 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Jeehyun Hwang, Tao Xie, Vincent Hu, Mine Altunay. Mining Likely Properties of Access Control Policies via Association Rule Mining. 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. pp.193-208, ⟨10.1007/978-3-642-13739-6_13⟩. ⟨hal-01056688⟩



Record views


Files downloads