Detecting incompleteness in access control policies using data classification schemes

Author

Shaikh, Riaz Ahmed ; Adi, Kamel ; Logrippo, Luigi ; Mankovski, Serge

Author_Institution

Dept. of Comput. Sci. & Eng., Univ. du Quebec en Outaouais, Outaouais, QC, Canada

fYear

2010

Firstpage

417

Lastpage

422

Abstract

In a set of access control policies, incompleteness is the existence of situations for which no policy applies. Some of these situations can be exploited by attackers, to obtain unintended access or to compromise integrity. Such cases can be difficult to foresee, since typical policy sets consist of thousands of rules. In this paper, we adopt data classification techniques widely used in the machine learning community for detecting incompleteness in sets of access of control policies. To the best of our knowledge, we are the first ones to use data classification algorithms to detect incompleteness in sets of access control policies. We show that our proposed solution is simple, efficient and practical.

Keywords

authorisation; learning (artificial intelligence); pattern classification; access control policies; data classification scheme; incompleteness detection; machine learning community; Access control; Context; Data mining; Decision trees; Machine learning algorithms; Medical services; Access control; Data classification; Incompleteness; Policy validation;

fLanguage

English

Publisher

ieee

Conference_Titel

Digital Information Management (ICDIM), 2010 Fifth International Conference on

Conference_Location

Thunder Bay, ON

Print_ISBN

978-1-4244-7572-8

Type

conf

DOI

10.1109/ICDIM.2010.5664664

Filename

5664664