Role-Based Access Control Models
Computer
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Algorithms for Improving the Dependability of Firewall and Filter Rule Lists
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Proceedings of the tenth ACM symposium on Access control models and technologies
Bayesian detection of router configuration anomalies
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Minerals: using data mining to detect router misconfigurations
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Lessons learned from the deployment of a smartphone-based access-control system
Proceedings of the 3rd symposium on Usable privacy and security
A matrix algorithm for mining association rules
ICIC'05 Proceedings of the 2005 international conference on Advances in Intelligent Computing - Volume Part I
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
Efficient proving for practical distributed access-control systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Consistency checking of role assignments in inter-organizational collaboration
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
A methodology to minimise excessively permissive security configurations
ACS'08 Proceedings of the 8th conference on Applied computer scince
Simplifying security policy descriptions for internet servers in secure operating systems
Proceedings of the 2009 ACM symposium on Applied Computing
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Detecting and Resolving Misconfigurations in Role-Based Access Control (Short Paper)
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
Mining likely properties of access control policies via association rule mining
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Baaz: a system for detecting access control misconfigurations
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
ICCSA'10 Proceedings of the 2010 international conference on Computational Science and Its Applications - Volume Part IV
Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management
Hi-index | 0.00 |
Access-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration and, in the context of particular applications (e.g., health care), very severe consequences. In this paper we apply association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users' intentions, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses. Instituting these changes requires consent of the appropriate administrator, of course, and so a primary contribution of our work is to automatically determine from whom to seek consent and to minimize the costs of doing so. We show using data from a deployed access-control system that our methods can reduce the number of accesses that would have incurred costly time-of-access delays by 44%, and can correctly predict 58% of the intended policy. These gains are achieved without increasing the total amount of time users spend interacting with the system.