Skip to main content

Detecting and resolving policy misconfigurations in access-control systems

Publication ,  Conference
Bauer, L; Garriss, S; Reiter, MK
Published in: ACM Transactions on Information and System Security
May 1, 2011

Access-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration, and, in the context of particular applications (e.g., health care), very severe consequences. In this article we apply association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users' intentions, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses. Instituting these changes requires the consent of the appropriate administrator, of course, and so a primary contribution of our work is how to automatically determine from whom to seek consent and how to minimize the costs of doing so. We show using data from a deployed access-control system that our methods can reduce the number of accesses that would have incurred costly time-of-access delays by 43%, and can correctly predict 58% of the intended policy. These gains are achieved without impacting the total amount of time users spend interacting with the system. © 2011.

Duke Scholars

Altmetric Attention Stats
Dimensions Citation Stats

Published In

ACM Transactions on Information and System Security

DOI

EISSN

1557-7406

ISSN

1094-9224

Publication Date

May 1, 2011

Volume

14

Issue

1

Related Subject Headings

  • Strategic, Defence & Security Studies
  • 4609 Information systems
  • 4604 Cybersecurity and privacy
  • 0806 Information Systems
  • 0804 Data Format
  • 0803 Computer Software
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Bauer, L., Garriss, S., & Reiter, M. K. (2011). Detecting and resolving policy misconfigurations in access-control systems. In ACM Transactions on Information and System Security (Vol. 14). https://doi.org/10.1145/1952982.1952984
Bauer, L., S. Garriss, and M. K. Reiter. “Detecting and resolving policy misconfigurations in access-control systems.” In ACM Transactions on Information and System Security, Vol. 14, 2011. https://doi.org/10.1145/1952982.1952984.
Bauer L, Garriss S, Reiter MK. Detecting and resolving policy misconfigurations in access-control systems. In: ACM Transactions on Information and System Security. 2011.
Bauer, L., et al. “Detecting and resolving policy misconfigurations in access-control systems.” ACM Transactions on Information and System Security, vol. 14, no. 1, 2011. Scopus, doi:10.1145/1952982.1952984.
Bauer L, Garriss S, Reiter MK. Detecting and resolving policy misconfigurations in access-control systems. ACM Transactions on Information and System Security. 2011.

Published In

ACM Transactions on Information and System Security

DOI

EISSN

1557-7406

ISSN

1094-9224

Publication Date

May 1, 2011

Volume

14

Issue

1

Related Subject Headings

  • Strategic, Defence & Security Studies
  • 4609 Information systems
  • 4604 Cybersecurity and privacy
  • 0806 Information Systems
  • 0804 Data Format
  • 0803 Computer Software