Detecting incompleteness in access control policies using data classification schemes

Riaz Ahmed Shaikh; Kamel Adi; Luigi Logrippo; Serge Mankovski

doi:10.1109/ICDIM.2010.5664664

Detecting incompleteness in access control policies using data classification schemes

Riaz Ahmed Shaikh, Kamel Adi, Luigi Logrippo, Serge Mankovski

School of Computing Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

9 Citations (Scopus)

Abstract

In a set of access control policies, incompleteness is the existence of situations for which no policy applies. Some of these situations can be exploited by attackers, to obtain unintended access or to compromise integrity. Such cases can be difficult to foresee, since typical policy sets consist of thousands of rules. In this paper, we adopt data classification techniques widely used in the machine learning community for detecting incompleteness in sets of access of control policies. To the best of our knowledge, we are the first ones to use data classification algorithms to detect incompleteness in sets of access control policies. We show that our proposed solution is simple, efficient and practical.

Original language	English
Title of host publication	2010 5th International Conference on Digital Information Management, ICDIM 2010
Pages	417-422
Number of pages	6
DOIs	https://doi.org/10.1109/ICDIM.2010.5664664
Publication status	Published - 2010
Event	2010 5th International Conference on Digital Information Management, ICDIM 2010 - Thunder Bay, ON, Canada Duration: 5 Jul 2010 → 8 Jul 2010

Publication series

Name	2010 5th International Conference on Digital Information Management, ICDIM 2010

Conference

Conference	2010 5th International Conference on Digital Information Management, ICDIM 2010
Country/Territory	Canada
City	Thunder Bay, ON
Period	5/07/10 → 8/07/10

Keywords

Access control
Data classification
Incompleteness
Policy validation

Access to Document

10.1109/ICDIM.2010.5664664

Cite this

Shaikh, R. A., Adi, K., Logrippo, L., & Mankovski, S. (2010). Detecting incompleteness in access control policies using data classification schemes. In 2010 5th International Conference on Digital Information Management, ICDIM 2010 (pp. 417-422). Article 5664664 (2010 5th International Conference on Digital Information Management, ICDIM 2010). https://doi.org/10.1109/ICDIM.2010.5664664

@inproceedings{e4c8a206d08447718c6a46f2670c5a9f,

title = "Detecting incompleteness in access control policies using data classification schemes",

abstract = "In a set of access control policies, incompleteness is the existence of situations for which no policy applies. Some of these situations can be exploited by attackers, to obtain unintended access or to compromise integrity. Such cases can be difficult to foresee, since typical policy sets consist of thousands of rules. In this paper, we adopt data classification techniques widely used in the machine learning community for detecting incompleteness in sets of access of control policies. To the best of our knowledge, we are the first ones to use data classification algorithms to detect incompleteness in sets of access control policies. We show that our proposed solution is simple, efficient and practical.",

keywords = "Access control, Data classification, Incompleteness, Policy validation",

author = "Shaikh, {Riaz Ahmed} and Kamel Adi and Luigi Logrippo and Serge Mankovski",

year = "2010",

doi = "10.1109/ICDIM.2010.5664664",

language = "English",

isbn = "9781424475728",

series = "2010 5th International Conference on Digital Information Management, ICDIM 2010",

pages = "417--422",

booktitle = "2010 5th International Conference on Digital Information Management, ICDIM 2010",

note = "2010 5th International Conference on Digital Information Management, ICDIM 2010 ; Conference date: 05-07-2010 Through 08-07-2010",

}

Shaikh, RA, Adi, K, Logrippo, L & Mankovski, S 2010, Detecting incompleteness in access control policies using data classification schemes. in 2010 5th International Conference on Digital Information Management, ICDIM 2010., 5664664, 2010 5th International Conference on Digital Information Management, ICDIM 2010, pp. 417-422, 2010 5th International Conference on Digital Information Management, ICDIM 2010, Thunder Bay, ON, Canada, 5/07/10. https://doi.org/10.1109/ICDIM.2010.5664664

Detecting incompleteness in access control policies using data classification schemes. / Shaikh, Riaz Ahmed; Adi, Kamel; Logrippo, Luigi et al.
2010 5th International Conference on Digital Information Management, ICDIM 2010. 2010. p. 417-422 5664664 (2010 5th International Conference on Digital Information Management, ICDIM 2010).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Detecting incompleteness in access control policies using data classification schemes

AU - Shaikh, Riaz Ahmed

AU - Adi, Kamel

AU - Logrippo, Luigi

AU - Mankovski, Serge

PY - 2010

Y1 - 2010

N2 - In a set of access control policies, incompleteness is the existence of situations for which no policy applies. Some of these situations can be exploited by attackers, to obtain unintended access or to compromise integrity. Such cases can be difficult to foresee, since typical policy sets consist of thousands of rules. In this paper, we adopt data classification techniques widely used in the machine learning community for detecting incompleteness in sets of access of control policies. To the best of our knowledge, we are the first ones to use data classification algorithms to detect incompleteness in sets of access control policies. We show that our proposed solution is simple, efficient and practical.

AB - In a set of access control policies, incompleteness is the existence of situations for which no policy applies. Some of these situations can be exploited by attackers, to obtain unintended access or to compromise integrity. Such cases can be difficult to foresee, since typical policy sets consist of thousands of rules. In this paper, we adopt data classification techniques widely used in the machine learning community for detecting incompleteness in sets of access of control policies. To the best of our knowledge, we are the first ones to use data classification algorithms to detect incompleteness in sets of access control policies. We show that our proposed solution is simple, efficient and practical.

KW - Access control

KW - Data classification

KW - Incompleteness

KW - Policy validation

UR - http://www.scopus.com/inward/record.url?scp=78650944684&partnerID=8YFLogxK

U2 - 10.1109/ICDIM.2010.5664664

DO - 10.1109/ICDIM.2010.5664664

M3 - Conference contribution

AN - SCOPUS:78650944684

SN - 9781424475728

T3 - 2010 5th International Conference on Digital Information Management, ICDIM 2010

SP - 417

EP - 422

BT - 2010 5th International Conference on Digital Information Management, ICDIM 2010

T2 - 2010 5th International Conference on Digital Information Management, ICDIM 2010

Y2 - 5 July 2010 through 8 July 2010

ER -

Detecting incompleteness in access control policies using data classification schemes

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this