Title :
Detecting incompleteness in access control policies using data classification schemes
Author :
Shaikh, Riaz Ahmed ; Adi, Kamel ; Logrippo, Luigi ; Mankovski, Serge
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. du Quebec en Outaouais, Outaouais, QC, Canada
Abstract :
In a set of access control policies, incompleteness is the existence of situations for which no policy applies. Some of these situations can be exploited by attackers, to obtain unintended access or to compromise integrity. Such cases can be difficult to foresee, since typical policy sets consist of thousands of rules. In this paper, we adopt data classification techniques widely used in the machine learning community for detecting incompleteness in sets of access of control policies. To the best of our knowledge, we are the first ones to use data classification algorithms to detect incompleteness in sets of access control policies. We show that our proposed solution is simple, efficient and practical.
Keywords :
authorisation; learning (artificial intelligence); pattern classification; access control policies; data classification scheme; incompleteness detection; machine learning community; Access control; Context; Data mining; Decision trees; Machine learning algorithms; Medical services; Access control; Data classification; Incompleteness; Policy validation;
Conference_Titel :
Digital Information Management (ICDIM), 2010 Fifth International Conference on
Conference_Location :
Thunder Bay, ON
Print_ISBN :
978-1-4244-7572-8
DOI :
10.1109/ICDIM.2010.5664664
