Data and Application Security pp 173-184

Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 73)

Discovery of Multi-Level Security Policies

  • Christina Yip Chung
  • Michael Gertz
  • Karl Levitt

Abstract

With the increasing complexity and dynamics of database systems, it becomes more and more difficult for administrative personnel to identify, specify and enforce security policies that govern against the misuse of data. Often security policies are not known, too imprecise or simply have been disabled because of changing requirements.

Recently several proposals have been made to use data mining techniques to discover profiles and anomalous user behavior from audit logs. These approaches, however, are often too fine-grained in that they compute too many rules to be useful for an administrator in implementing appropriate security enforcing mechanisms.

In this paper we present a novel approach to discover security policies from audit logs. The approach is based on using multiple concept hierarchies that specify properties of objects and data at different levels of abstraction and thus can embed useful domain knowledge. A profiler, attached to the information system’s auditing component, utilizes such concept hierarchies to compute profiles at different levels of granularity, guided by the administrator through the specification of an interestingness measure. The computed profiles can be translated into security policies and existing policies can be verified against the profiles.

Copyright information

© Kluwer Academic Publishers 2002

Authors and Affiliations

  • Christina Yip Chung
    • 1
  • Michael Gertz
    • 1
  • Karl Levitt
    • 1
  1. 1.Department of Computer ScienceUniversity of CaliforniaDavisUSA

Personalised recommendations