TY - GEN
T1 - Policy mining
T2 - 9th International Conference on Information Systems Security, ICISS 2013
AU - Hachana, Safaà
AU - Cuppens, Frédéric
AU - Cuppens-Boulahia, Nora
AU - Atluri, Vijay
AU - Morucci, Stephane
PY - 2013
Y1 - 2013
N2 - Todays enterprises rely entirely on their information systems, usually connected to the internet. Network access control, mainly ensured by firewalls, has become a paramount necessity. Still, the management of manually configured firewall rules is complex, error prone, and costly for large networks. The use of high abstract models such as role based access control RBAC has proved to be very efficient in the definition and management of access control policies. The recent interest in role mining which is the bottom-up approach for automatic RBAC configuration from the already deployed authorizations is likely to further promote the development of this model. Recently, an extension of RBAC adapted to the specificities of network access control, which we refer to as NS-RBAC model, has been proposed. However, no effort has been made to extend the bottom-up approach to configure this model. In this paper, we propose an extension of role mining techniques to facilitate the adoption of a model based framework in the management of network access control. We present policy mining, a bottom-up approach that extracts instances of the NS-RBAC model from the deployed rules on a firewall. We provide a generic algorithm that could adapt most of the existing role mining solutions to the NS-RBAC model. We illustrate the feasibility of our solution by experimentations on real and synthetic data.
AB - Todays enterprises rely entirely on their information systems, usually connected to the internet. Network access control, mainly ensured by firewalls, has become a paramount necessity. Still, the management of manually configured firewall rules is complex, error prone, and costly for large networks. The use of high abstract models such as role based access control RBAC has proved to be very efficient in the definition and management of access control policies. The recent interest in role mining which is the bottom-up approach for automatic RBAC configuration from the already deployed authorizations is likely to further promote the development of this model. Recently, an extension of RBAC adapted to the specificities of network access control, which we refer to as NS-RBAC model, has been proposed. However, no effort has been made to extend the bottom-up approach to configure this model. In this paper, we propose an extension of role mining techniques to facilitate the adoption of a model based framework in the management of network access control. We present policy mining, a bottom-up approach that extracts instances of the NS-RBAC model from the deployed rules on a firewall. We provide a generic algorithm that could adapt most of the existing role mining solutions to the NS-RBAC model. We illustrate the feasibility of our solution by experimentations on real and synthetic data.
KW - Access Control
KW - Firewall
KW - IT Security
KW - Network Security
KW - RBAC
KW - Role Mining
UR - http://www.scopus.com/inward/record.url?scp=84893125655&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84893125655&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-45204-8_10
DO - 10.1007/978-3-642-45204-8_10
M3 - Conference contribution
AN - SCOPUS:84893125655
SN - 9783642452031
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 133
EP - 147
BT - Information Systems Security - 9th International Conference, ICISS 2013, Proceedings
Y2 - 16 December 2013 through 20 December 2013
ER -