By Topic

Inferring access-control policy properties via machine learning

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
E. Martin ; Dept. of Comput. Sci., North Carolina State Univ., Raleigh, NC, USA ; Tao Xie

To ease the burden of implementing and maintaining access-control aspects in a system, a growing trend among developers is to write access-control policies in a specification language such as XACML and integrate the policies with applications through the use of a policy decision point (PDP). To assure that the specified polices reflect the expected ones, recent research has developed policy verification tools; however, their applications in practice are still limited, being constrained by the limited set of supported policy language features and the unavailability of policy properties. This paper presents a data-mining approach to the problem of verifying that expressed access-control policies reflect the true desires of the policy author. We developed a tool to investigate this approach by automatically generating requests, evaluating those requests to get responses, and applying machine learning on the request-response pairs to infer policy properties. These inferred properties facilitate the inspection of the policy behavior. We applied our tool on an access-control policy of a central grades repository system for a university. Our results show that machine learning algorithms can provide valuable insight into basic policy properties and help identify specific bug-exposing requests

Published in:

Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)

Date of Conference:

5-7 June 2006