Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science 1 Mining Likely Properties of Access Control Policies via Association Rule Mining JeeHyun Hwang 1, Tao Xie 1, Vincent Hu 2 and Mine Altunay.

Published byVirgil Whitehead Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science 1 Mining Likely Properties of Access Control Policies via Association Rule Mining JeeHyun Hwang 1, Tao Xie 1, Vincent Hu 2 and Mine Altunay."— Presentation transcript:

1 Computer Science 1 Mining Likely Properties of Access Control Policies via Association Rule Mining JeeHyun Hwang 1, Tao Xie 1, Vincent Hu 2 and Mine Altunay 3 North Carolina State University 1 National Institute of Standards and Technology 2 Fermi National Laboratory 3 (DBSec 2010)

2 Automated Software Engineering Research Group 2 Access Control Mechanism Access control mechanisms control which subjects (such as users or processes) have access to which resources. Policy Request Response (Permit, Deny, or Not-applicable)

3 Automated Software Engineering Research Group 3 Motivation Access control policies often include a large number of rules Misconfiguration and mistakes in access control policies lead to security problems Need to ensure the correct behaviours of policies – Property verification: check whether properties are satisfied by a policy Violations of a property expose policy faults Confidence on policy correctness is dependent on the quality of specified properties

4 Automated Software Engineering Research Group 4 Problem Properties are often not written in practice Writing properties is not trivial Our proposed solution: Mine likely properties automatically based on correlations of attribute values.

5 Automated Software Engineering Research Group 5 Solution: Mining Likely Properties Policy often has similar policy behaviors across attribute values (e.g., faculty and lecturer roles) Our approach mines likely properties via association rule mining Lecturer is permitted to conduct actions  Faculty member is likely to be permitted to conduct the same actions Violations of likely properties are deviations of normal policy behaviors Policy authors need to inspect violations

6 Automated Software Engineering Research Group 6 Outline Background and Motivation Likely-Property Templates Example Framework – Relation Table Generation – Association Rule Mining – Likely-Property Verification Evaluation Results Conclusion

7 Automated Software Engineering Research Group 7 Likely-Property Templates Implication relation: Likely properties correlate decision (Permit or Deny) dec1 for an attribute value v1 with decision dec2 for another attribute value v2 {Item (v1, dec1)} ) -> {Item (v2, dec2)} Implication relation types Subject attribute item sets {Item1 ({TA}, Permit)} ) -> {Item2 ({Faculty}, Permit)} Action attribute item sets {Item ({Assign}, Permit)}) -> {Item ({View}, Permit)} Subject-action attribute item sets {Item1 ({TA, Assign}, Permit)} ) -> {Item2 ({Faculty, Assign}, Permit)}

8 Automated Software Engineering Research Group 8 May 12, 2007 WWW 2007, Banff, Alberta, Canada 8 Example If role = Faculty and resource = (ExternalGrade or InternalGrade) and action = (View or Assign) then Permit If role = TA and resource = (InternalGrade) and action = (View or Assign) then Permit If role = Student and resource = (ExternalGrade) and action = (Receive) then Permit If role = Family and resource = (ExternalGrade) and action = (Receive) then Permit If role = Lecturer and resource = (ExternalGrade or InternalGrade)) and action = (Assign or View) then Permit Deny Receive is used instead = (View or Assign) then Permit Faulty Rule

9 Automated Software Engineering Research Group 9 May 12, 2007 WWW 2007, Banff, Alberta, Canada 9 Example - cont. Implication relations R1 with 100% confidence Implication relations R2 with at least 65% confidence

10 Automated Software Engineering Research Group 10 Framework

11 Automated Software Engineering Research Group 11 Relation Table Generation Find all possible request-response pairs in a policy Generate relation tables (including all request- response pairs) of interest Input for an association rule mining tool Example: Relation table for implication relations of action attribute: Row: Subject X Resource Column: Action

12 Automated Software Engineering Research Group 12 Association Rule Mining Given a relation table, find implication relations of attributes via association rule mining Find three types of implication relations Report implication relations with confidence values over a given threshold confidence (X  Y)= supp(X ∪ Y)/supp(X) supp (X) = D / T - T is #total rows - D is #rows that includes attribute-decision X

13 Automated Software Engineering Research Group 13 Likely Property Verification Verify a policy with given likely properties and find counterexamples Inspect to determine whether counterexamples expose a fault Rationale: counterexamples (which do not satisfy the likely properties) deviate from the policy’s normal behaviors and are special cases for inspection

14 Automated Software Engineering Research Group 14 Basic and Prioritization Techniques Basic technique: inspect counterexamples in no particular order Prioritization technique: inspect counterexamples by the order of their fault- detection likelihood Inspect duplicate counterexamples first Inspect counterexamples produced from likely properties with fewer counterexamples Prioritization technique designed to reduce inspection effort

15 Automated Software Engineering Research Group 15 Evaluation RQ1: How higher percentage of faults are detected by our approach compared to an existing related approach [Martin&Xie Policy 2006] ? RQ2: How lower percentage of distinct counterexamples are generated by our approach compared to the existing approach? RQ3: For cases where a fault in a faulty policy is detected by our approach, how high percentage of distinct counterexamples (for inspection) are reduced by our prioritization?

16 Automated Software Engineering Research Group 16 Metrics Fault-detection ratio (FR) Counterexample count (CC) Counterexample-reduction ratio (CRB) for our approach over the existing approach Counterexample-reduction ratio (CRP) for the prioritization technique over the basic technique

17 Automated Software Engineering Research Group 17 Evaluation Setup Seed a policy with faults for synthesizing faulty policies – One fault in each faulty policy for ease of evaluation – Four fault types Change-Rule Effect (CRE) Rule-Target True (RTT) Rule-Target False (RTF) Removal Rule (RMR) Compare results of our approach with those of the previous DT approach based on decision tree [Martin&Xie Policy 2006]

18 Automated Software Engineering Research Group 18 4 XACML Policy Subjects Real-life access control policies The number of rules ranges 12-306 rules

19 Automated Software Engineering Research Group 19 Evaluation Results (1/2) FR: Fault-detection ratioCC: Counterexample count CRB: Counterexample-reduction ratio for our approach over DT approach CRP: Counterexample-reduction ratio for the prioritization technique over the basic technique DT, Basic and Prioritization show averagely 25.9%, 62.3%, and 62.3% fault detection ratios, respectively Our approach (including Basic and Prioritization techniques) outperform DT in terms of fault- detection capability Our approach reduced the number of counterexamples by 55.5% over DT Our approach significantly reduced the number of counterexamples while our approach detected a higher percentage of faults (addressed in RQ1) Prioritization reduced averagely 38.5% of counterexamples (for inspection) (in Column “% CRP”) over Basic

20 Automated Software Engineering Research Group 20 Evaluation Results (2/2) Prioritization and Basic achieve the highest fault- detection capability for policies with RTT, RTF, or RMR faults Fault-detection ratios of faulty policies

21 Automated Software Engineering Research Group 21 Conclusion A new approach that mines likely properties characterizing correlations of policy behaviors w.r.t. attribute values – Verification of the policy against likely properties to inspect whether the policy includes a fault An evaluation on 4 real-world XACML policies – Our approach achieved >30% higher fault-detection capability than that of the previous related approach based on decision tree – Our approach helped reduce >50% counterexamples for inspection compared to the previous approach

22 Automated Software Engineering Research Group 22 Questions?

23 Automated Software Engineering Research Group 23 Related Work Assessing quality of policy properties in verification of access control policies [Martin et al. ACSAC 2008] Inferring access-control policy properties via machine learning [Martin&Xie Policy 2006] Detecting and resolving policy misconfigurations in access-control systems [Bauer et al. SACMAT 2008]

24 Automated Software Engineering Research Group 24 Discussion

Download ppt "Computer Science 1 Mining Likely Properties of Access Control Policies via Association Rule Mining JeeHyun Hwang 1, Tao Xie 1, Vincent Hu 2 and Mine Altunay."

Similar presentations

Configuration management

Configuration management
Correlation Search in Graph Databases Yiping Ke James Cheng Wilfred Ng Presented By Phani Yarlagadda.

Correlation Search in Graph Databases Yiping Ke James Cheng Wilfred Ng Presented By Phani Yarlagadda.
Margrave: XACML Verification and Change-Impact Analysis Kathi Fisler, WPI Shriram Krishnamurthi, Brown Leo Meyerovich, Brown Michael Carl Tschantz, Brown.

Margrave: XACML Verification and Change-Impact Analysis Kathi Fisler, WPI Shriram Krishnamurthi, Brown Leo Meyerovich, Brown Michael Carl Tschantz, Brown.
Kai Pan, Xintao Wu University of North Carolina at Charlotte Generating Program Inputs for Database Application Testing Tao Xie North Carolina State University.

Kai Pan, Xintao Wu University of North Carolina at Charlotte Generating Program Inputs for Database Application Testing Tao Xie North Carolina State University.
First Step Towards Automatic Correction of Firewall Policy Faults Fei Chen Alex X. Liu Computer Science and Engineering Michigan State University JeeHyun.

First Step Towards Automatic Correction of Firewall Policy Faults Fei Chen Alex X. Liu Computer Science and Engineering Michigan State University JeeHyun.
Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.

Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.

11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.
Stepan Potiyenko ISS Sr.SW Developer.

Stepan Potiyenko ISS Sr.SW Developer.
Software Quality Metrics

Software Quality Metrics
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
1 Application of Metamorphic Testing to Supervised Classifiers Xiaoyuan Xie, Tsong Yueh Chen Swinburne University of Technology Christian Murphy, Gail.

1 Application of Metamorphic Testing to Supervised Classifiers Xiaoyuan Xie, Tsong Yueh Chen Swinburne University of Technology Christian Murphy, Gail.
Software Testing Using Model Program DESIGN BY HONG NGUYEN & SHAH RAZA Dec 05, 2005.

Software Testing Using Model Program DESIGN BY HONG NGUYEN & SHAH RAZA Dec 05, 2005.
A GOAL-BASED FRAMEWORK FOR SOFTWARE MEASUREMENT

A GOAL-BASED FRAMEWORK FOR SOFTWARE MEASUREMENT
Empirically Assessing End User Software Engineering Techniques Gregg Rothermel Department of Computer Science and Engineering University of Nebraska --

Empirically Assessing End User Software Engineering Techniques Gregg Rothermel Department of Computer Science and Engineering University of Nebraska --
Privacy-Preserving Cross-Domain Network Reachability Quantification

Privacy-Preserving Cross-Domain Network Reachability Quantification
XEngine: A Fast and Scalable XACML Policy Evaluation Engine Fei Chen Dept. of Computer Science and Engineering Michigan State University Joint work with.

XEngine: A Fast and Scalable XACML Policy Evaluation Engine Fei Chen Dept. of Computer Science and Engineering Michigan State University Joint work with.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
SE 555 Software Requirements & Specification Requirements Validation.

SE 555 Software Requirements & Specification Requirements Validation.
Parameterizing Random Test Data According to Equivalence Classes Chris Murphy, Gail Kaiser, Marta Arias Columbia University.

Parameterizing Random Test Data According to Equivalence Classes Chris Murphy, Gail Kaiser, Marta Arias Columbia University.

Similar presentations

Ads by Google