Skip to main content
SpringerLink
Log in
Book cover

Guide to Vulnerability Analysis for Computer Networks and Systems pp 159–182Cite as

Automated Planning of Administrative Tasks Using Historic Events: A File System Case Study

  • Chapter
  • First Online:

  • 1579 Accesses

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

Understanding how to implement file system access control rules within a system is heavily reliant on expert knowledge, both that intrinsic to how a system can be configured as well as how a current configuration is structured. Maintaining the required level of expertise in fast-changing environments, where frequent configuration changes are implemented, can be challenging. Another set of complexities lies in gaining structural understanding of large volumes of permission information. The accuracy of a new addition within a file system access control is essential, as inadvertently assigning rights that result in a higher than necessary level of access can generate unintended vulnerabilities. To address these issues, a novel mechanism is devised to automatically process a system’s event history to determine how previous access control configuration actions have been implemented and then utilise the model for suggesting how to implement new access control rules. Throughout this paper, we focus on Microsoft’s New Technology File System permissions (NTFS) access control through processing operating system generated log data. We demonstrate how the novel technique can be utilised to plan for the administrator when assigning new permissions. The plans are then evaluated in terms of their validity as well as the reduction in required expert knowledge.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   59.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Attack graph is a directed graph consisting of fact nodes and action nodes, that represent knowledge and malicious actions that can be performed by the attacker [26].

  2. 2.

    Permission change events have the log ID 4670; however, logging must be enabled in the group policy editor first.

  3. 3.

    Microsoft’s SDDL language allows an access control list to be represented as a single string of unique characters https://msdn.microsoft.com/en-us/library/windows/desktop/aa379567(v=vs.85).aspx.

  4. 4.

    Log ID 4731 logs details of a newly created group, 4732 when a new membership is added, 4733 when a membership is removed, and 4734 when a group is deleted.

  5. 5.

    Due to the large number of objects and predicates within the domain model, it is necessary to increase LPG’s MAX_RELEVANT_FACTS limit to 40000 to process all objects and MAX_TYPE_INTERSECTIONS to 10000 for reducing plan generation time.

References

  1. Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE Infocom. Ieee, pp 1–9

    Google Scholar 

  2. Burgess M (2003) On the theory of system administration. Sci Comput Program 49(1):1–46

    Article  MathSciNet  Google Scholar 

  3. Wang H, Guo X, Fan Y, Bi J (2014) Extended access control and recommendation methods for enterprise knowledge management system. IERI Procedia 10:224–230

    Article  Google Scholar 

  4. Stiawan D, Idris M, Abdullah AH et al (2015) Penetration testing and network auditing: Linux. J Inf Process Syst 11(1)

    Google Scholar 

  5. Ghallab M, Nau DS, Traverso P (2004) Automated planning: theory and practice. Elsevier/Morgan Kaufmann, London, Amsterdam

    MATH  Google Scholar 

  6. Tourani R, Misra S, Mick T, Panwar G (2017) Security, privacy, and access control in information-centric networking: a survey. In: IEEE communications surveys & tutorials

    Google Scholar 

  7. Demchenko Y, Ngo C, De Laat C (2011) Access control infrastructure for on-demand provisioned virtualised infrastructure services. In: 2011 international conference on collaboration technologies and systems (CTS). IEEE, pp. 466–475

    Google Scholar 

  8. Kalam AAE, Baida RE, Balbiani P, Benferhat S, Cuppens F, Deswarte Y, Miege A, Saurel C, Trouessin G (2003) Organization based access control. In: IEEE 4th international workshop on policies for distributed systems and networks, 2003. Proceedings. POLICY 2003. IEEE, pp 120–131

    Google Scholar 

  9. Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47

    Article  Google Scholar 

  10. Hu VC, Kuhn DR, Ferraiolo DF (2015) Attribute-based access control. Computer 48(2):85–88

    Article  Google Scholar 

  11. Deng J-B, Hong F (2003) Task-based access control model [j]. J Softw 1:011

    Google Scholar 

  12. Purser S (2002) Why access control is difficult. Comput Secur 21(4):303–309

    Article  Google Scholar 

  13. Cárdenas AA, Amin S, Sastry S (2008) Research challenges for the security of control systems. In: HotSec

    Google Scholar 

  14. Bauer L, Cranor LF, Reeder RW, Reiter MK, Vaniea K (2009) Real life challenges in access-control management. In: Proceedings of the SIGCHI conference on human factors in computing systems. ACM, pp 899–908

    Google Scholar 

  15. Martin E, Xie T (2006) Inferring access-control policy properties via machine learning. In: Seventh ieee international workshop on policies for distributed systems and networks, 2006. Policy 2006. IEEE, p 4

    Google Scholar 

  16. Al-Shaer E, Ou X, Xie G (2013) Automated security management. Springer, Berlin

    Book  Google Scholar 

  17. Parkinson S, Khan S (2018) Identifying irregularities in security event logs through an object-based chi-squared test of independence. J Inf Secur Appl 40:52–62

    Google Scholar 

  18. Parkinson S, Crampton A (2016) Identification of irregularities and allocation suggestion of relative file system permissions. In: Journal of information security and applications

    Google Scholar 

  19. Parkinson S, Hardcastle D (2014) Automated planning for file system interaction. In: 32nd workshop of the UK planning and scheduling special interest group. http://eprints.hud.ac.uk/22897/

  20. Boddy MS, Gohde J, Haigh T, Harp SA (2005) Course of action generation for cyber security using classical planning. In: ICAPS, pp 12–21

    Google Scholar 

  21. Steinmetz M (2016) Critical constrained planning and an application to network penetration testing. In: The 26th international conference on automated planning and scheduling, p 141

    Google Scholar 

  22. Khan S, Parkinson S (2017) Towards automated vulnerability assessment

    Google Scholar 

  23. Riabov A, Sohrabi S, Udrea O, Hassanzadeh O (2016) Efficient high quality plan exploration for network security. In: International scheduling and planning applications woRKshop (SPARK)

    Google Scholar 

  24. Sohrabi S, Riabov A, Udrea O, Hassanzadeh O (2016) Finding diverse high-quality plans for hypothesis generation. In: Proceedings of the 22nd European conference on artificial intelligence (ECAI)

    Google Scholar 

  25. Ghosh N, Ghosh SK (2012) A planner-based approach to generate and analyze minimal attack graph. Appl Intell 36(2):369–390

    Article  Google Scholar 

  26. Durkota K, Lisỳ V (2014) Computing optimal policies for attack graphs with action failures and costs. In: STAIRS, pp 101–110

    Google Scholar 

  27. Hewett R, Kijsanayothin P, Bak S, Galbrei M (2016) Cybersecurity policy verification with declarative programming. Appl Intell 45(1):83–95

    Article  Google Scholar 

  28. Hoffmann J (2015) Simulated penetration testing: from “dijkstra” to “turing test++”. In: ICAPS, pp 364–372

    Google Scholar 

  29. Shmaryahu D (2016) Constructing plan trees for simulated penetration testing. In: The 26th international conference on automated planning and scheduling

    Google Scholar 

  30. Sarraute C, Buffet O, Hoffmann J et al (2012) Pomdps make better hackers: accounting for uncertainty in penetration testing. In: AAAI

    Google Scholar 

  31. Backes M, Hoffmann J, Künnemann R, Speicher P, Steinmetz M (2017) Simulated penetration testing and mitigation analysis. arXiv:1705.05088

  32. Sarraute C, Richarte G, Lucángeli Obes J (2011) An algorithm to find optimal attack paths in nondeterministic scenarios. In: Proceedings of the 4th ACM workshop on security and artificial intelligence. ACM, pp 71–80

    Google Scholar 

  33. Parkinson S, Longstaff AP, Fletcher S, Vallati M, Chrpa L (2017) On the exploitation of automated planning for reducing machine tools energy consumption between manufacturing operations. In: Association for the advancement of artificial intelligence AAAI

    Google Scholar 

  34. Cenamor I, Chrpa L, Jimoh F, McCluskey TL, Vallati M (2014) Planning & scheduling applications in urban traffic management. In: Proceedings of the UK planning & scheduling special interest group

    Google Scholar 

  35. Do MB, Ruml W, Zhou R (2008) On-line planning and scheduling: an application to controlling modular printers. In: AAAI, pp 1519–1523

    Google Scholar 

  36. Herry H, Anderson P, Wickler G (2011) Automated planning for configuration changes

    Google Scholar 

  37. Herry H, Anderson P (2012) Planning with global constraints for computing infrastructure reconfiguration. In: Proceedings of the 2012 AAAI workshop on problem solving using classical planners. AAAI Press

    Google Scholar 

  38. Georgievski I, Aiello M (2016) Automated planning for ubiquitous computing. ACM Comput Surv (CSUR) 49(4):63

    Article  Google Scholar 

  39. Oberlin J, Tellex S (2018) Autonomously acquiring instance-based object models from experience. In: Robotics research. Springer, pp 73–90

    Google Scholar 

  40. Shah M, Chrpa L, Jimoh F, Kitchin D, McCluskey T, Parkinson S, Vallati M (2013) Knowledge engineering tools in planning: state-of-the-art and future challenges. In: Knowledge engineering for planning and scheduling, vol 53

    Google Scholar 

  41. Khan S, Parkinson S (2017) Causal connections mining within security event logs. In: Proceedings of the 9th international conference on knowledge capture. ACM. https://doi.org/10.1145/3148011.3154476. http://eprints.hud.ac.uk/id/eprint/33841/

  42. McDermott D, Ghallab M, Howe A, Knoblock C, Ram A, Veloso M, Weld D, Wilkins D (1998) Pddl-the planning domain definition language

    Google Scholar 

  43. Edelkamp S, Hoffmann J (2004) PDDL2.2: the language for the classical part of the 4th international planning competition. Technical Report 195, Albert-Ludwigs-Universitat Freiburg, Institut fur Informatik

    Google Scholar 

  44. Gerevini A, Saetti A, Serina I (2003) Planning through stochastic local search and temporal action graphs in lpg. J Artif Intell Res 20:239–290

    Article  Google Scholar 

  45. Roberts M, Howe A (2009) Learning from planner performance. Artif Intell 173(5):536–561

    Article  MathSciNet  Google Scholar 

  46. Alford R, Kuter U, Nau DS (2009) Translating htns to pddl: a small amount of domain knowledge can go a long way. In: IJCAI, pp 1629–1634

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Huddersfield, Huddersfield, UK

    Saad Khan & Simon Parkinson

Authors
  1. Saad Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Simon Parkinson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saad Khan .

Editor information

Editors and Affiliations

  1. Department of Computer Science, School of Computing and Engineering, University of Huddersfield, Huddersfield, UK

    Simon Parkinson

  2. Department of Computer Science, School of Computing and Engineering, University of Huddersfield, Huddersfield, UK

    Andrew Crampton

  3. Department of Computer Science, School of Computing and Engineering, University of Huddersfield, Huddersfield, UK

    Richard Hill

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Khan, S., Parkinson, S. (2018). Automated Planning of Administrative Tasks Using Historic Events: A File System Case Study. In: Parkinson, S., Crampton, A., Hill, R. (eds) Guide to Vulnerability Analysis for Computer Networks and Systems. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-92624-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-92624-7_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-92623-0

  • Online ISBN: 978-3-319-92624-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation