Towards Adaptive Access Control

  • Luciano Argento
  • Andrea MargheriEmail author
  • Federica Paci
  • Vladimiro Sassone
  • Nicola Zannone
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10980)


Access control systems are nowadays the first line of defence of modern IT systems. However, their effectiveness is often compromised by policy miscofigurations that can be exploited by insider threats. In this paper, we present an approach based on machine learning to refine attribute-based access control policies in order to reduce the risks of users abusing their privileges. Our approach exploits behavioral patterns representing how users typically access resources to narrow the permissions granted to users when anomalous behaviors are detected. The proposed solution has been implemented and its effectiveness has been experimentally evaluated using a synthetic dataset.


Access control Machine learning Policy adaptation Insider threat Runtime monitoring 


  1. 1.
    Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. IEEE Comput. 48(2), 85–88 (2015)CrossRefGoogle Scholar
  2. 2.
    Silowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T., Flynn, L.: Common sense guide to mitigating insider threats. Technical report (2012)Google Scholar
  3. 3.
    Hwang, J.H., Xie, T., Hu, V., Altunay, M.: Mining likely properties of access control policies via association rule mining. In: Foresti, S., Jajodia, S. (eds.) DBSec 2010. LNCS, vol. 6166, pp. 193–208. Springer, Heidelberg (2010). Scholar
  4. 4.
    Bauer, L., Garriss, S., Reiter, M.K.: Detecting and resolving policy misconfigurations in access-control systems. ACM Trans. Inf. Syst. Secur. 14(1), 2:1–2:28 (2011)CrossRefGoogle Scholar
  5. 5.
    Park, J.S., Giordano, J.: Role-based profile analysis for scalable and accurate insider-anomaly detection. In: Proceedings of International Conference on Performance, Computing, and Communications. IEEE (2006). 7 pGoogle Scholar
  6. 6.
    Maloof, M.A., Stephens, G.D.: elicit: a system for detecting insiders who violate need-to-know. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 146–166. Springer, Heidelberg (2007). Scholar
  7. 7.
    Legg, P.A., Buckley, O., Goldsmith, M., Creese, S.: Caught in the act of an insider attack: detection and assessment of insider threat. In: Proceedings of International Symposium on Technologies for Homeland Security, pp. 1–6. IEEE (2015)Google Scholar
  8. 8.
    Alizadeh, M., Peters, S., Etalle, S., Zannone, N.: Behavior analysis in the medical sector: theory and practice. In: Proceedings of Symposium on Applied Computing. ACM (2018)Google Scholar
  9. 9.
    Hu, N., Bradford, P.G., Liu, J.: Applying role based access control and genetic algorithms to insider threat detection. In: Proceedings of the Annual Southeast Regional Conference, pp. 790–791. ACM (2006)Google Scholar
  10. 10.
    Costante, E., Fauri, D., Etalle, S., den Hartog, J., Zannone, N.: A hybrid framework for data loss prevention and detection. In: Proceedings of IEEE Security and Privacy Workshops, pp. 324–333. IEEE (2016)Google Scholar
  11. 11.
    Frias-Martinez, V., Sherrick, J., Stolfo, S.J., Keromytis, A.D.: A network access control mechanism based on behavior profiles. In: Proceedings of Annual Computer Security Applications Conference, pp. 3–12. IEEE (2009)Google Scholar
  12. 12.
    Hummer, M., Kunz, M., Netter, M., Fuchs, L., Pernul, G.: Adaptive identity and access management contextual data based policies. EURASIP J. Inf. Secur. 2016(1), 19 (2016)CrossRefGoogle Scholar
  13. 13.
    Margheri, A., Masi, M., Pugliese, R., Tiezzi, F.: A rigorous framework for specification, analysis and enforcement of access control policies. IEEE Trans. Softw. Eng. (2017).
  14. 14.
    Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)CrossRefGoogle Scholar
  15. 15.
    Tax, D.M.J.: One-class classification: concept-learning in the absence of counter-examples. Ph.D. thesis, University of Delft (2001)Google Scholar
  16. 16.
    Quinlan, J.R.: Generating production rules from decision trees. In: Proceedings of International Joint Conference on Artificial Intelligence, pp. 304–307. Morgan Kaufmann Publishers Inc. (1987)Google Scholar
  17. 17.
    Andrzejak, A., Langner, F., Zabala, S.: Interpretable models from distributed data via merging of decision trees. In: Proceedings of Symposium on Computational Intelligence and Data Mining, pp. 1–9. IEEE (2013)Google Scholar
  18. 18.
    Spinosa, E.J., de Leon, F., Ponce, A., Gama, J.: Novelty detection with application to data streams. Intell. Data Anal. 13(3), 405–422 (2009)Google Scholar
  19. 19.
    Nellikar, S., Nicol, D.M., Choi, J.J.: Role-based differentiation for insider detection algorithms. In: Proceedings of Workshop on Insider Threats, pp. 55–62. ACM (2010)Google Scholar
  20. 20.
    Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I., Tygar, J.: Adversarial machine learning. In: Proceedings of Workshop on Security and Artificial Intelligence, pp. 43–58. ACM (2011)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  1. 1.University of CalabriaRendeItaly
  2. 2.University of SouthamptonSouthamptonUK
  3. 3.Eindhoven University of TechnologyEindhovenNetherlands

Personalised recommendations