Title :
Inconsistency detection method for access control policies
Author :
Shaikh, Riaz Ahmed ; Adi, Kamel ; Logrippo, Luigi ; Mankovski, Serge
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. du Quebec en Outaouais, Gatineau, QC, Canada
Abstract :
In enterprise environments, the task of assigning access control rights to subjects for resources is not trivial. Because of their complexity, distribution and size, access control policies can contain anomalies such as inconsistencies, which can result in security vulnerabilities. A set of access control policies is inconsistent when, for specific situations different incompatible policies can apply. Many researchers have tried to address the problem of inconsistency using methods based on formal logic. However, this approach is difficult to implement and inefficient for large policy sets. Therefore, in this paper, we propose a simple, efficient and practical solution for detecting inconsistencies in access control policies with the help of a modified C4.5 data classification algorithm.
Keywords :
authorisation; commerce; data analysis; decision trees; access control policy; data classification algorithm; enterprise environment; inconsistency detection method; Access control; Data mining; Data structures; Decision trees; Medical services; Metals; Access control; Data classification; Decision tree; Inconsistency; Policy validation;
Conference_Titel :
Information Assurance and Security (IAS), 2010 Sixth International Conference on
Conference_Location :
Atlanta, GA
Print_ISBN :
978-1-4244-7407-3
DOI :
10.1109/ISIAS.2010.5604062
