Skip to main content

Discovering Access-Control Misconfigurations: New Approaches and Evaluation Methodologies

Publication ,  Conference
Bauer, L; Liang, Y; Reiter, MK; Spensky, C
Published in: CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy
January 1, 2012

Accesses that are not permitted by implemented policy but that share similarities with accesses that have been allowed, may be indicative of access-control policy misconfigurations. Identifying such misconfigurations allows administrators to resolve them before they interfere with the use of the system. We improve upon prior work in identifying such misconfigurations in two main ways. First, we develop a new methodology for evaluating misconfiguration prediction algorithms and applying them to real systems. We show that previous evaluations can substantially overestimate the benefits of using such algorithms in practice, owing to their tendency to reward predictions that can be deduced to be redundant. We also show, however, that these and other deductions can be harnessed to substantially recover the benefits of prediction. Second, we propose an approach that significantly simplifies the use of misconfiguration prediction algorithms. We remove the need to hand-tune (and empirically determine the effects of) various parameters, and instead replace them with a single, intuitive tuning parameter. We show empirically that this approach is generally competitive in terms of benefit and accuracy with algorithms that require hand-tuned parameters.

Duke Scholars

Published In

CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy

DOI

Publication Date

January 1, 2012

Start / End Page

95 / 104
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Bauer, L., Liang, Y., Reiter, M. K., & Spensky, C. (2012). Discovering Access-Control Misconfigurations: New Approaches and Evaluation Methodologies. In CODASPY’12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (pp. 95–104). https://doi.org/10.1145/2133601.2133613
Bauer, L., Y. Liang, M. K. Reiter, and C. Spensky. “Discovering Access-Control Misconfigurations: New Approaches and Evaluation Methodologies.” In CODASPY’12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, 95–104, 2012. https://doi.org/10.1145/2133601.2133613.
Bauer L, Liang Y, Reiter MK, Spensky C. Discovering Access-Control Misconfigurations: New Approaches and Evaluation Methodologies. In: CODASPY’12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy. 2012. p. 95–104.
Bauer, L., et al. “Discovering Access-Control Misconfigurations: New Approaches and Evaluation Methodologies.” CODASPY’12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, 2012, pp. 95–104. Scopus, doi:10.1145/2133601.2133613.
Bauer L, Liang Y, Reiter MK, Spensky C. Discovering Access-Control Misconfigurations: New Approaches and Evaluation Methodologies. CODASPY’12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy. 2012. p. 95–104.

Published In

CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy

DOI

Publication Date

January 1, 2012

Start / End Page

95 / 104