Lujo Bauer
Scott Garriss
Michael K. Reiter
Abstract
Access-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration, and, in the context of particular applications (e.g., health care), very severe consequences. In this article we apply association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users' intentions, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses. Instituting these changes requires the consent of the appropriate administrator, of course, and so a primary contribution of our work is how to automatically determine from whom to seek consent and how to minimize the costs of doing so. We show using data from a deployed access-control system that our methods can reduce the number of accesses that would have incurred costly time-of-access delays by 43%, and can correctly predict 58% of the intended policy. These gains are achieved without impacting the total amount of time users spend interacting with the system.
- Agrawal, R. and Srikant, R. 1994. Fast algorithms for mining association rules. In Proceedings of the 20th International Conference on Very Large Data Bases (VLDB). Google Scholar
Digital Library
- Al-Shaer, E. S. and Hamed, H. H. 2004. Discovery of policy anomalies in distributed firewalls. In Proceedings of the 23rd Annual Joint Conference of the IEEE Computer and Communications Societies.Google Scholar
- Appel, A. W. and Felten, E. W. 1999. Proof-carrying authentication. In Proceedings of the 6th ACM Conference on Computer and Communications Security. Google ScholarDigital Library
- Bartal, Y., Mayer, A. J., Nissim, K., and Wool, A. 1999. Firmato: A novel firewall management toolkit. In Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
- Bauer, L., Cranor, L. F., Reiter, M. K., and Vaniea, K. 2007a. Lessons learned from the deployment of a smartphone-based access-control system. In Proceedings of the 3rd Symposium on Usable Privacy and Security. Google ScholarDigital Library
- Bauer, L., Garriss, S., McCune, J. M., Reiter, M. K., Rouse, J., and Rutenbar, P. 2005. Device-enabled authorization in the Grey system. In Information Security: Proceedings of the 8th International Conference, Lecture Notes in Computer Science, vol. 3650. Springer, Berlin, Germany, 63--81. Google ScholarDigital Library
- Bauer, L., Garriss, S., and Reiter, M. K. 2007b. Efficient proving for practical distributed access-control systems. In Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS). Google ScholarDigital Library
- Becker, M. and Sewell, P. 2004. Cassandra: Flexible trust management, applied to electronic health records. In Proceedings of the 17th IEEE Computer Security Foundations Workshop. Google ScholarDigital Library
- Bhatti, R. and Grandison, T. 2007. Towards improved privacy policy coverage in healthcare using policy refinement. In Proceedings of the 4th VLDB Workshop on Secure Data Management. Google ScholarDigital Library
- Blaze, M., Feigenbaum, J., and Lacy, J. 1996. Decentralized trust management. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- El-Arini, K. and Killourhy, K. 2005. Bayesian detection of router configuration anomalies. In Proceedings of the ACM SIGCOMM Workshop on Mining Network Data. Google ScholarDigital Library
- Goffee, N. C., Kim, S. H., Smith, S., Taylor, P., Zhao, M., and Marchesini, J. 2004. Greenpass: Decentralized, PKI-based authorization for wireless LANs. In Proceedings of the 3rd Annual PKI Research and Development Workshop.Google Scholar
- Hazelhurst, S., Attar, A., and Sinnappan, R. 2000. Algorithms for improving the dependability of firewall and filter rule lists. In Proceedings of the International Conference on Dependable Systems and Networks. Google ScholarDigital Library
- Jaeger, T., Edwards, A., and Zhang, X. 2003. Policy management using access control spaces. ACM Trans. Inform. Syst. Sec. 6, 3, 327--364. Google ScholarDigital Library
- Jim, T. 2001. SD3: A trust management system with certified evaluation. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Keromytis, A. D., Ioannidis, S., Greenwald, M. B., and Smith, J. M. 2003. The STRONGMAN architecture. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition.Google Scholar
- Kuhlmann, M., Shohat, D., and Schimpf, G. 2003. Role mining—revealing business roles for security administration using data mining technology. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT). Google ScholarDigital Library
- Le, F., Lee, S., Wong, T., Kim, H. S., and Newcomb, D. 2006. Minerals: Using data mining to detect router misconfigurations. In Proceedings of the SIGCOMM Workshop on Mining Network Data (Mine Net). 293--298. Google ScholarDigital Library
- Li, N. and Mitchell, J. C. 2003. Rt: A role-based trust-management framework. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition.Google Scholar
- Mayer, A., Wool, A., and Ziskind, E. 2000. Fang: A firewall analysis engine. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., and Lobo, J. 2008. Mining roles with semantic meanings. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT). 21--30. Google ScholarDigital Library
- Molloy, I., Li, N., Li, T., Mao, Z., Wang, Q., and Lobo, J. 2009. Evaluating role mining algorithms. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT). 95--104. Google ScholarDigital Library
- Rivest, R. L. and Lampson, B. 1996. SDSI—a simple distributed security infrastructure. Presented at the International Cryptology Conference. Rump session.Google Scholar
- Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role-based access control models. IEEE Comp. 29, 2. Google ScholarDigital Library
- Schlegelmilch, J. and Steffens, U. 2005. Role mining with ORCA. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT). Google ScholarDigital Library
- Vaidya, J., Atluri, V., and Guo, Q. 2007. The role mining problem: Finding a minimal descriptive set of roles. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (SACMAT). Google ScholarDigital Library
- Winslett, M., Zhang, C. C., and Bonatti, P. A. 2005. PeerAccess: A logic for distributed authorization. In Proceedings of the 12th ACM Conference on Computer and Communications Security. Google ScholarDigital Library
- Wool, A. 2001. Architecting the Lumeta firewall analyzer. In Proceedings of the 10th USENIX Security Symposium. Google ScholarDigital Library
- Yuan, L., Mai, J., Su, Z., Chen, H., Chuah, C.-N., and Mohapatra, P. 2006. FIREMAN: A toolkit for FIREwall modeling and ANalysis. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Yuan, Y. and Huang, T. 2005. A matrix algorithm for mining association rules. In Proceedings of the International Conference on Intelligent Computing (ICIC). Lecture Notes in Computer Science, vol. 3644, Springer, Berlin, Germany. Google ScholarDigital Library
Index Terms
- Detecting and resolving policy misconfigurations in access-control systems
Recommendations
Detecting and resolving policy misconfigurations in access-control systems
SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologiesAccess-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration and, in the context of particular applications (e.g., health care), very severe consequences. In this paper we apply ...
A propositional policy algebra for access control
Security-sensitive environments protect their information resources against unauthorized use by enforcing access control mechanisms driven by access control policies. Due to the need to compare, contrast, and compose such protected information resources,...
Detecting and Resolving Misconfigurations in Role-Based Access Control (Short Paper)
ICISS '09: Proceedings of the 5th International Conference on Information Systems SecurityIn Role Based Access Control (RBAC) systems, formulating a correct set of roles, assigning appropriate privileges to roles, and assigning roles to users are the fundamental design tasks. Whether these tasks are performed by a human (e.g., system ...
Comments