Mining Likely Properties of Access Control Policies via Association Rule Mining

Abstract : Access control mechanisms are used to control which principals (such as users or processes) have access to which resources based on access control policies. To ensure the correctness of access control policies, policy authors conduct policy verification to check whether certain properties are satisfied by a policy. However, these properties are often not written in practice. To facilitate property verification, we present an approach that automatically mines likely properties from a policy via the technique of association rule mining. In our approach, mined likely properties may not be true for all the policy behaviors but are true for most of the policy behaviors. The policy behaviors that do not satisfy likely properties could be faulty. Therefore, our approach then conducts likely-property verification to produce counterexamples, which are used to help policy authors identify faulty rules in the policy. To show the effectiveness of our approach, we conduct evaluation on four XACML policies. Our evaluation results show that our approach achieves more than 30% higher fault-detection capability than that of an existing approach. Our approach includes additional techniques such as basic and prioritization techniques that help reduce a significant percentage of counterexamples for inspection compared to the existing approach.
Type de document :
Communication dans un congrès
Sara Foresti; Sushil Jajodia. 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. Springer, Lecture Notes in Computer Science, LNCS-6166, pp.193-208, 2010, Data and Applications Security and Privacy XXIV. 〈10.1007/978-3-642-13739-6_13〉
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01056688
Contributeur : Hal Ifip <>
Soumis le : mercredi 20 août 2014 - 13:25:37
Dernière modification le : vendredi 11 août 2017 - 17:32:35
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 11:48:24

Fichier

_53.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Jeehyun Hwang, Tao Xie, Vincent Hu, Mine Altunay. Mining Likely Properties of Access Control Policies via Association Rule Mining. Sara Foresti; Sushil Jajodia. 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. Springer, Lecture Notes in Computer Science, LNCS-6166, pp.193-208, 2010, Data and Applications Security and Privacy XXIV. 〈10.1007/978-3-642-13739-6_13〉. 〈hal-01056688〉

Partager

Métriques

Consultations de la notice

79

Téléchargements de fichiers

65