TY - GEN
T1 - Inconsistency detection method for access control policies
AU - Shaikh, Riaz Ahmed
AU - Adi, Kamel
AU - Logrippo, Luigi
AU - Mankovski, Serge
PY - 2010
Y1 - 2010
N2 - In enterprise environments, the task of assigning access control rights to subjects for resources is not trivial. Because of their complexity, distribution and size, access control policies can contain anomalies such as inconsistencies, which can result in security vulnerabilities. A set of access control policies is inconsistent when, for specific situations different incompatible policies can apply. Many researchers have tried to address the problem of inconsistency using methods based on formal logic. However, this approach is difficult to implement and inefficient for large policy sets. Therefore, in this paper, we propose a simple, efficient and practical solution for detecting inconsistencies in access control policies with the help of a modified C4.5 data classification algorithm.
AB - In enterprise environments, the task of assigning access control rights to subjects for resources is not trivial. Because of their complexity, distribution and size, access control policies can contain anomalies such as inconsistencies, which can result in security vulnerabilities. A set of access control policies is inconsistent when, for specific situations different incompatible policies can apply. Many researchers have tried to address the problem of inconsistency using methods based on formal logic. However, this approach is difficult to implement and inefficient for large policy sets. Therefore, in this paper, we propose a simple, efficient and practical solution for detecting inconsistencies in access control policies with the help of a modified C4.5 data classification algorithm.
KW - Access control
KW - Data classification
KW - Decision tree
KW - Inconsistency
KW - Policy validation
UR - http://www.scopus.com/inward/record.url?scp=78349239711&partnerID=8YFLogxK
U2 - 10.1109/ISIAS.2010.5604062
DO - 10.1109/ISIAS.2010.5604062
M3 - Conference contribution
AN - SCOPUS:78349239711
SN - 9781424474080
T3 - 2010 6th International Conference on Information Assurance and Security, IAS 2010
SP - 204
EP - 209
BT - 2010 6th International Conference on Information Assurance and Security, IAS 2010
T2 - 2010 6th International Conference on Information Assurance and Security, IAS 2010
Y2 - 23 August 2010 through 25 August 2010
ER -