Role-Based Access Control Models
Computer
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Algorithms for Improving the Dependability of Firewall and Filter Rule Lists
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Proceedings of the tenth ACM symposium on Access control models and technologies
Bayesian detection of router configuration anomalies
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Minerals: using data mining to detect router misconfigurations
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
Lessons learned from the deployment of a smartphone-based access-control system
Proceedings of the 3rd symposium on Usable privacy and security
Mining roles with semantic meanings
Proceedings of the 13th ACM symposium on Access control models and technologies
Evaluating role mining algorithms
Proceedings of the 14th ACM symposium on Access control models and technologies
Towards improved privacy policy coverage in healthcare using policy refinement
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
A matrix algorithm for mining association rules
ICIC'05 Proceedings of the 2005 international conference on Advances in Intelligent Computing - Volume Part I
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
Efficient proving for practical distributed access-control systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Annotations on access controls in wikis: a proposal
Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services
Discovering access-control misconfigurations: new approaches and evaluation methodologies
Proceedings of the second ACM conference on Data and Application Security and Privacy
What you want is not what you get: predicting sharing policies for text-based content on facebook
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Uncovering access control weaknesses and flaws with security-discordant software clones
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Access-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration, and, in the context of particular applications (e.g., health care), very severe consequences. In this article we apply association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users' intentions, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses. Instituting these changes requires the consent of the appropriate administrator, of course, and so a primary contribution of our work is how to automatically determine from whom to seek consent and how to minimize the costs of doing so. We show using data from a deployed access-control system that our methods can reduce the number of accesses that would have incurred costly time-of-access delays by 43%, and can correctly predict 58% of the intended policy. These gains are achieved without impacting the total amount of time users spend interacting with the system.