Detecting incompleteness in access control policies using data classification schemes

Shaikh, Riaz Ahmed, Adi, Kamel, Logrippo, Luigi and Mankovski, Serge (2010) Detecting incompleteness in access control policies using data classification schemes. In: 2010 5th International Conference on Digital Information Management, ICDIM 2010. 2010 5th International Conference on Digital Information Management, ICDIM 2010 . UNSPECIFIED, CAN, pp. 417-422. ISBN 9781424475728

Full text not available from this repository. (Request a copy)

Abstract

In a set of access control policies, incompleteness is the existence of situations for which no policy applies. Some of these situations can be exploited by attackers, to obtain unintended access or to compromise integrity. Such cases can be difficult to foresee, since typical policy sets consist of thousands of rules. In this paper, we adopt data classification techniques widely used in the machine learning community for detecting incompleteness in sets of access of control policies. To the best of our knowledge, we are the first ones to use data classification algorithms to detect incompleteness in sets of access control policies. We show that our proposed solution is simple, efficient and practical.

Item Type: Book Section
Uncontrolled Keywords: access control,data classification,incompleteness,policy validation,information systems ,/dk/atira/pure/subjectarea/asjc/1700/1710
Faculty \ School: Faculty of Science > School of Computing Sciences
Related URLs:
Depositing User: LivePure Connector
Date Deposited: 16 Aug 2022 15:30
Last Modified: 22 Oct 2022 23:58
URI: https://ueaeprints.uea.ac.uk/id/eprint/87303
DOI: 10.1109/ICDIM.2010.5664664

Actions (login required)

View Item View Item