Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Bayesian detection of router configuration anomalies
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Minerals: using data mining to detect router misconfigurations
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Finding association rules that trade support optimally against confidence
Intelligent Data Analysis
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
Mining roles with semantic meanings
Proceedings of the 13th ACM symposium on Access control models and technologies
Detecting network-wide and router-specific misconfigurations through data mining
IEEE/ACM Transactions on Networking (TON)
Evaluating role mining algorithms
Proceedings of the 14th ACM symposium on Access control models and technologies
Computer-supported access control
ACM Transactions on Computer-Human Interaction (TOCHI)
Analysis of firewall policy rules using traffic mining techniques
International Journal of Internet Protocol Technology
Baaz: a system for detecting access control misconfigurations
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Detecting and resolving policy misconfigurations in access-control systems
ACM Transactions on Information and System Security (TISSEC)
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
Property-testing real-world authorization systems
Proceedings of the 18th ACM symposium on Access control models and technologies
Uncovering access control weaknesses and flaws with security-discordant software clones
Proceedings of the 29th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Accesses that are not permitted by implemented policy but that share similarities with accesses that have been allowed, may be indicative of access-control policy misconfigurations. Identifying such misconfigurations allows administrators to resolve them before they interfere with the use of the system. We improve upon prior work in identifying such misconfigurations in two main ways. First, we develop a new methodology for evaluating misconfiguration prediction algorithms and applying them to real systems. We show that previous evaluations can substantially overestimate the benefits of using such algorithms in practice, owing to their tendency to reward predictions that can be deduced to be redundant. We also show, however, that these and other deductions can be harnessed to substantially recover the benefits of prediction. Second, we propose an approach that significantly simplifies the use of misconfiguration prediction algorithms. We remove the need to hand-tune (and empirically determine the effects of) various parameters, and instead replace them with a single, intuitive tuning parameter. We show empirically that this approach is generally competitive in terms of benefit and accuracy with algorithms that require hand-tuned parameters.