Inconsistency detection method for access control policies

Riaz Ahmed Shaikh; Kamel Adi; Luigi Logrippo; Serge Mankovski

doi:10.1109/ISIAS.2010.5604062

Inconsistency detection method for access control policies

Riaz Ahmed Shaikh, Kamel Adi, Luigi Logrippo, Serge Mankovski

School of Computing Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

14 Citations (Scopus)

Abstract

In enterprise environments, the task of assigning access control rights to subjects for resources is not trivial. Because of their complexity, distribution and size, access control policies can contain anomalies such as inconsistencies, which can result in security vulnerabilities. A set of access control policies is inconsistent when, for specific situations different incompatible policies can apply. Many researchers have tried to address the problem of inconsistency using methods based on formal logic. However, this approach is difficult to implement and inefficient for large policy sets. Therefore, in this paper, we propose a simple, efficient and practical solution for detecting inconsistencies in access control policies with the help of a modified C4.5 data classification algorithm.

Original language	English
Title of host publication	2010 6th International Conference on Information Assurance and Security, IAS 2010
Pages	204-209
Number of pages	6
DOIs	https://doi.org/10.1109/ISIAS.2010.5604062
Publication status	Published - 2010
Event	2010 6th International Conference on Information Assurance and Security, IAS 2010 - Atlanta, GA, United States Duration: 23 Aug 2010 → 25 Aug 2010

Publication series

Name	2010 6th International Conference on Information Assurance and Security, IAS 2010

Conference

Conference	2010 6th International Conference on Information Assurance and Security, IAS 2010
Country/Territory	United States
City	Atlanta, GA
Period	23/08/10 → 25/08/10

Keywords

Access control
Data classification
Decision tree
Inconsistency
Policy validation

Access to Document

10.1109/ISIAS.2010.5604062

Cite this

@inproceedings{0c53ef8abad04d5d871abf625d4b7c57,

title = "Inconsistency detection method for access control policies",

abstract = "In enterprise environments, the task of assigning access control rights to subjects for resources is not trivial. Because of their complexity, distribution and size, access control policies can contain anomalies such as inconsistencies, which can result in security vulnerabilities. A set of access control policies is inconsistent when, for specific situations different incompatible policies can apply. Many researchers have tried to address the problem of inconsistency using methods based on formal logic. However, this approach is difficult to implement and inefficient for large policy sets. Therefore, in this paper, we propose a simple, efficient and practical solution for detecting inconsistencies in access control policies with the help of a modified C4.5 data classification algorithm.",

keywords = "Access control, Data classification, Decision tree, Inconsistency, Policy validation",

author = "Shaikh, {Riaz Ahmed} and Kamel Adi and Luigi Logrippo and Serge Mankovski",

year = "2010",

doi = "10.1109/ISIAS.2010.5604062",

language = "English",

isbn = "9781424474080",

series = "2010 6th International Conference on Information Assurance and Security, IAS 2010",

pages = "204--209",

booktitle = "2010 6th International Conference on Information Assurance and Security, IAS 2010",

note = "2010 6th International Conference on Information Assurance and Security, IAS 2010 ; Conference date: 23-08-2010 Through 25-08-2010",

}

Shaikh, RA, Adi, K, Logrippo, L & Mankovski, S 2010, Inconsistency detection method for access control policies. in 2010 6th International Conference on Information Assurance and Security, IAS 2010., 5604062, 2010 6th International Conference on Information Assurance and Security, IAS 2010, pp. 204-209, 2010 6th International Conference on Information Assurance and Security, IAS 2010, Atlanta, GA, United States, 23/08/10. https://doi.org/10.1109/ISIAS.2010.5604062

Inconsistency detection method for access control policies. / Shaikh, Riaz Ahmed; Adi, Kamel; Logrippo, Luigi et al.
2010 6th International Conference on Information Assurance and Security, IAS 2010. 2010. p. 204-209 5604062 (2010 6th International Conference on Information Assurance and Security, IAS 2010).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Inconsistency detection method for access control policies

AU - Shaikh, Riaz Ahmed

AU - Adi, Kamel

AU - Logrippo, Luigi

AU - Mankovski, Serge

PY - 2010

Y1 - 2010

N2 - In enterprise environments, the task of assigning access control rights to subjects for resources is not trivial. Because of their complexity, distribution and size, access control policies can contain anomalies such as inconsistencies, which can result in security vulnerabilities. A set of access control policies is inconsistent when, for specific situations different incompatible policies can apply. Many researchers have tried to address the problem of inconsistency using methods based on formal logic. However, this approach is difficult to implement and inefficient for large policy sets. Therefore, in this paper, we propose a simple, efficient and practical solution for detecting inconsistencies in access control policies with the help of a modified C4.5 data classification algorithm.

AB - In enterprise environments, the task of assigning access control rights to subjects for resources is not trivial. Because of their complexity, distribution and size, access control policies can contain anomalies such as inconsistencies, which can result in security vulnerabilities. A set of access control policies is inconsistent when, for specific situations different incompatible policies can apply. Many researchers have tried to address the problem of inconsistency using methods based on formal logic. However, this approach is difficult to implement and inefficient for large policy sets. Therefore, in this paper, we propose a simple, efficient and practical solution for detecting inconsistencies in access control policies with the help of a modified C4.5 data classification algorithm.

KW - Access control

KW - Data classification

KW - Decision tree

KW - Inconsistency

KW - Policy validation

UR - http://www.scopus.com/inward/record.url?scp=78349239711&partnerID=8YFLogxK

U2 - 10.1109/ISIAS.2010.5604062

DO - 10.1109/ISIAS.2010.5604062

M3 - Conference contribution

AN - SCOPUS:78349239711

SN - 9781424474080

T3 - 2010 6th International Conference on Information Assurance and Security, IAS 2010

SP - 204

EP - 209

BT - 2010 6th International Conference on Information Assurance and Security, IAS 2010

T2 - 2010 6th International Conference on Information Assurance and Security, IAS 2010

Y2 - 23 August 2010 through 25 August 2010

ER -

Inconsistency detection method for access control policies

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this