Discovery of Multi-Level Security Policies
- Christina Yip ChungAffiliated withDepartment of Computer Science, University of California
- , Michael GertzAffiliated withDepartment of Computer Science, University of California
- , Karl LevittAffiliated withDepartment of Computer Science, University of California
With the increasing complexity and dynamics of database systems, it becomes more and more difficult for administrative personnel to identify, specify and enforce security policies that govern against the misuse of data. Often security policies are not known, too imprecise or simply have been disabled because of changing requirements.
Recently several proposals have been made to use data mining techniques to discover profiles and anomalous user behavior from audit logs. These approaches, however, are often too fine-grained in that they compute too many rules to be useful for an administrator in implementing appropriate security enforcing mechanisms.
In this paper we present a novel approach to discover security policies from audit logs. The approach is based on using multiple concept hierarchies that specify properties of objects and data at different levels of abstraction and thus can embed useful domain knowledge. A profiler, attached to the information system’s auditing component, utilizes such concept hierarchies to compute profiles at different levels of granularity, guided by the administrator through the specification of an interestingness measure. The computed profiles can be translated into security policies and existing policies can be verified against the profiles.
- Discovery of Multi-Level Security Policies
- Book Title
- Data and Application Security
- Book Subtitle
- Developments and Directions
- pp 173-184
- Print ISBN
- Online ISBN
- Series Title
- IFIP International Federation for Information Processing
- Series Volume
- Series ISSN
- Springer US
- Copyright Holder
- Kluwer Academic Publishers
- Additional Links
- Industry Sectors
- eBook Packages
- Editor Affiliations
- 1. The MITRE Corporation
- 2. Vrije Universiteit
- 3. Universität Zürich
- 4. RMIT University
- Author Affiliations
- 5. Department of Computer Science, University of California, Davis, CA, 95616, USA
To view the rest of this content please follow the download PDF link above.