Change detection in hierarchically structured information
SIGMOD '96 Proceedings of the 1996 ACM SIGMOD international conference on Management of data
DocBook: The Definitive Guide with CD-ROM
DocBook: The Definitive Guide with CD-ROM
Policy formalization to combine separate systems into larger connected network of trust
net-Con '02 Proceedings of the IFIP TC6 / WG6.2 & WG6.7 Conference on Network Control and Engineering for QoS, Security and Mobility
Empirical Software Engineering
XML structural delta mining: issues and challenges
Data & Knowledge Engineering - Special issue: ER 2003
Why do internet services fail, and what can be done about it?
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Towards automated network management: network operations using dynamic views
Proceedings of the 2007 SIGCOMM workshop on Internet network management
Extracting Network-Wide Correlated Changes from Longitudinal Configuration Data
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
On exploiting the power of time in data mining
ACM SIGKDD Explorations Newsletter
Meme-tracking and the dynamics of the news cycle
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Unraveling the complexity of network management
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Dynamic security policy learning
Proceedings of the first ACM workshop on Information security governance
The effects of introspection on creating privacy policy
Proceedings of the 8th ACM workshop on Privacy in the electronic society
The Linux kernel as a case study in software evolution
Journal of Systems and Software
Computational techniques for increasing PKI policy comprehension by human analysts
Proceedings of the 9th Symposium on Identity and Trust on the Internet
A systematic approach for evolving VLAN designs
INFOCOM'10 Proceedings of the 29th conference on Information communications
An analysis of network configuration artifacts
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Learning Autonomic Security Reconfiguration Policies
CIT '10 Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology
A computational framework for certificate policy operations
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
An innovative policy-based cross certification methodology for public key infrastructures
EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
Survey: An overview on XML similarity: Background, current trends and future directions
Computer Science Review
Toward a cyber-physical topology language: applications to NERC CIP audit
Proceedings of the first ACM workshop on Smart energy grid security
| Hi-index | 0.00 |
Managing the security of complex cloud and networked computing environments requires crafting security policy--ranging from natural-language text to highly-structured configuration rules, sometimes multi-layered--specifying correct system behavior in an adversarial environment. Since environments change and evolve, managing security requires managing evolution of policies, which adds another layer, the change log. However, evolution increases complexity, and the more complex a policy, the harder it is to manage and update, and the more prone it is to be incorrect. This paper proposes hierarchical change mining, drawing upon the tools of software engineering and data mining, to help practitioners introduce fewer errors when they update policy. We discuss our approach and initial findings based on two longitudinal real-world datasets: low-level router configurations from Dartmouth College and high-level Public Key Infrastructure (PKI) certificate policies from the International Grid Trust Federation (IGTF).