Detecting incompleteness in access control policies using data classification schemes

Riaz Ahmed Shaikh, Kamel Adi, Luigi Logrippo, Serge Mankovski

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

In a set of access control policies, incompleteness is the existence of situations for which no policy applies. Some of these situations can be exploited by attackers, to obtain unintended access or to compromise integrity. Such cases can be difficult to foresee, since typical policy sets consist of thousands of rules. In this paper, we adopt data classification techniques widely used in the machine learning community for detecting incompleteness in sets of access of control policies. To the best of our knowledge, we are the first ones to use data classification algorithms to detect incompleteness in sets of access control policies. We show that our proposed solution is simple, efficient and practical.

Original languageEnglish
Title of host publication2010 5th International Conference on Digital Information Management, ICDIM 2010
Pages417-422
Number of pages6
DOIs
Publication statusPublished - 2010
Event2010 5th International Conference on Digital Information Management, ICDIM 2010 - Thunder Bay, ON, Canada
Duration: 5 Jul 20108 Jul 2010

Publication series

Name2010 5th International Conference on Digital Information Management, ICDIM 2010

Conference

Conference2010 5th International Conference on Digital Information Management, ICDIM 2010
Country/TerritoryCanada
CityThunder Bay, ON
Period5/07/108/07/10

Keywords

  • Access control
  • Data classification
  • Incompleteness
  • Policy validation

Cite this