Detecting and resolving policy misconfigurations in Access-control systems

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Volumn , Issue , 2008, Pages 185-194

  Bauer, Lujo ^a   Garriss, Scott ^a   Reiter, Michael K ^b  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b UNIVERSITY OF NORTH CAROLINA   (United States)

Author keywords

Human factors; Performance; Security

Indexed keywords

ACCESS DELAYS; ASSOCIATION RULE MININGS; CONTROL POLICIES; HUMAN FACTORS; MISCONFIGURATIONS; PERFORMANCE; PRIMARY CONTRIBUTIONS; SECURITY; TOTAL AMOUNTS;

ACCESS CONTROL; ASSOCIATIVE PROCESSING; HEALTH CARE; HUMAN ENGINEERING; SECURITY SYSTEMS;

CONTROL SYSTEMS;

EID: 57349099221     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1377836.1377866     Document Type: Conference Paper

References (27)

1. R. Agrawal and R. Srikant. Fast algorithms for mining association rules. In Proceedings 20th International Conference on Very Large Data Bases, VLDB, 1994.
2. E. S. Al-Shaer and H. H. Hamed. Discovery of policy anomalies in distributed firewalls. In Proceedings of the 23rd INFOCOM, March 2004.
3. A. W. Appel and E. W. Felten. Proof-carrying authentication. In Proceedings of the 6th ACM Conference on Computer and Communications Security, 1999.
4. Y. Bartal, A. J. Mayer, K. Nissim, and A. Wool. Firmato: A novel firewall management toolkit. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999.
5. L. Bauer, L. F. Cranor, M. K. Reiter, and K. Vaniea. Lessons learned from the depkyyment of a smartphone-based access-control system. In Proceedings of the 3rd Symposium on Usable Privacy and Security, July 2007.
6. L. Bauer, S. Garriss, J. M. McCune, M. K. Reiter, J. Rouse, and P. Rutenbar. Device-enabled authorization in the Grey system. In Information Security: 8th International Conference, ISC 2005 (Lecture Notes in Computer Science 3650), pages 63-81, 2005.
7. L. Bauer, S. Garriss, and M. K. Reiter. Efficient proving for practical distributed access-control systems. In Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS), 2007.
8. M. Becker and P. Sewell. Cassandra: Flexible trust management, applied to electronic health records. In Proceedings of the 17th IEEE Computer Security Foundations Workshop, 2004.
9. E. Bertino, E. Ferrari, and A. C. Squicciarini. Trust-X: A peer to peer framework for trust establishment. IEEE Transactions on Knowledge and Data Engineering, 16(7):827-842, 2004.
10. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proceedings of the 1996 IEEE Symposium on Security & Privacy, 1996.
11. K. El-Arini and K. Killourhy. Bayesian detection of router configuration anomalies. In Proceedings of the 2005 ACM SIGCOMM Workshop on Mining Network Data, August 2005.
12. N. C. Goffee, S. H. Kim, S. Smith, P. Taylor, M. Zhao, and J. Marchesini. Greenpass: Decentralized, PKI-based authorization for wireless LANs. In Proceedings of the 3rd Annual PKI Research and Development Workshop, 2004.
13. S. Hazelhurst, A. Attar, and R. Sinnappan. Algorithms for improving the dependability of firewall and filter rule lists. In Proceedings of the 2000 International Conference on Dependable Systems and Networks, June 2000.
14. T. Jaeger, A. Edwards, and X. Zhang. Policy management using access control spaces. ACM Transaction on Information and System Security, 6(3):327-364, 2003.
15. T. Jim. SD3: A trust management system with certified evaluation. In Proceedings of the 2001 IEEE Symposium on Security & Privacy, 2001.
16. A. D. Keromytis, S. Ioannidis, M. B. Greenwald, and J. M. Smith. The STRONGMAN architecture. In Third DARPA Information Survivability Conference and Exposition, 2003.
17. M. Kuhlmann, D. Shohat, and G. Schimpf. Role mining-revealing business roles for security administration using data mining technology. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT), June 2003.
18. F. Le, S. Lee, T. Wong, H. S. Kim, and D. Newcomb. Minerals: Using data mining to detect router misconfigurations. In MineNet '06: Proceedings of the 2006 SIGCOMM Workshop on Mining Network Data, pages 293-298, 2006.
19. N. Li and J. C. Mitchell. Rt: A role-based trust-management framework. In Proceedings of The Third DARPA Information Survivability Conference and Exposition, 2003.
20. A. Mayer, A. Wool, and E. Ziskind. Fang: A firewall analysis engine. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, May 2000.
21. R. L. Rivest and B. Lampson. SDSI-A simple distributed security Infrastructure. Presented at CRYPTO'96 Rumpsession, April 1996.
22. R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE Computer, 29(2), 1996.
23. J. Schlegelmilch and U. Steffens. Role mining with ORCA. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT), June 2005.
24. M. Winslett, C. C. Zhang, and P. A. Bonatti. PeerAccess: A logic for distributed authorization. In Proceedings of the 12th ACM Conference on Computer and Communications Security, 2005.
25. A. Wool. Architecting the Lumeta firewall analyzer. In Proceedings of the 10th USENIX Security Symposium, 2001.
26. L. Yuan, J. Mai, Z. Su, H. Chen, C.-N. Chuah, and P. Mohapatra. FIREMAN: A toolkit for FIREwall modeling and ANalysis. In Proceedings of the 2006 IEEE Symposium on Security & Privacy, 2006.
27. Y. Yuan and T. Huang. A matrix algorithm for mining association rules. In International Conference on Intelligent Computing (ICIC), 2005.