Abstract
Understanding how to implement file system access control rules within a system is heavily reliant on expert knowledge, both that intrinsic to how a system can be configured as well as how a current configuration is structured. Maintaining the required level of expertise in fast-changing environments, where frequent configuration changes are implemented, can be challenging. Another set of complexities lies in gaining structural understanding of large volumes of permission information. The accuracy of a new addition within a file system access control is essential, as inadvertently assigning rights that result in a higher than necessary level of access can generate unintended vulnerabilities. To address these issues, a novel mechanism is devised to automatically process a system’s event history to determine how previous access control configuration actions have been implemented and then utilise the model for suggesting how to implement new access control rules. Throughout this paper, we focus on Microsoft’s New Technology File System permissions (NTFS) access control through processing operating system generated log data. We demonstrate how the novel technique can be utilised to plan for the administrator when assigning new permissions. The plans are then evaluated in terms of their validity as well as the reduction in required expert knowledge.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Attack graph is a directed graph consisting of fact nodes and action nodes, that represent knowledge and malicious actions that can be performed by the attacker [26].
- 2.
Permission change events have the log ID 4670; however, logging must be enabled in the group policy editor first.
- 3.
Microsoft’s SDDL language allows an access control list to be represented as a single string of unique characters https://msdn.microsoft.com/en-us/library/windows/desktop/aa379567(v=vs.85).aspx.
- 4.
Log ID 4731 logs details of a newly created group, 4732 when a new membership is added, 4733 when a membership is removed, and 4734 when a group is deleted.
- 5.
Due to the large number of objects and predicates within the domain model, it is necessary to increase LPG’s MAX_RELEVANT_FACTS limit to 40000 to process all objects and MAX_TYPE_INTERSECTIONS to 10000 for reducing plan generation time.
References
Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE Infocom. Ieee, pp 1–9
Burgess M (2003) On the theory of system administration. Sci Comput Program 49(1):1–46
Wang H, Guo X, Fan Y, Bi J (2014) Extended access control and recommendation methods for enterprise knowledge management system. IERI Procedia 10:224–230
Stiawan D, Idris M, Abdullah AH et al (2015) Penetration testing and network auditing: Linux. J Inf Process Syst 11(1)
Ghallab M, Nau DS, Traverso P (2004) Automated planning: theory and practice. Elsevier/Morgan Kaufmann, London, Amsterdam
Tourani R, Misra S, Mick T, Panwar G (2017) Security, privacy, and access control in information-centric networking: a survey. In: IEEE communications surveys & tutorials
Demchenko Y, Ngo C, De Laat C (2011) Access control infrastructure for on-demand provisioned virtualised infrastructure services. In: 2011 international conference on collaboration technologies and systems (CTS). IEEE, pp. 466–475
Kalam AAE, Baida RE, Balbiani P, Benferhat S, Cuppens F, Deswarte Y, Miege A, Saurel C, Trouessin G (2003) Organization based access control. In: IEEE 4th international workshop on policies for distributed systems and networks, 2003. Proceedings. POLICY 2003. IEEE, pp 120–131
Sandhu RS, Coyne EJ, Feinstein HL, Youman CE (1996) Role-based access control models. Computer 29(2):38–47
Hu VC, Kuhn DR, Ferraiolo DF (2015) Attribute-based access control. Computer 48(2):85–88
Deng J-B, Hong F (2003) Task-based access control model [j]. J Softw 1:011
Purser S (2002) Why access control is difficult. Comput Secur 21(4):303–309
Cárdenas AA, Amin S, Sastry S (2008) Research challenges for the security of control systems. In: HotSec
Bauer L, Cranor LF, Reeder RW, Reiter MK, Vaniea K (2009) Real life challenges in access-control management. In: Proceedings of the SIGCHI conference on human factors in computing systems. ACM, pp 899–908
Martin E, Xie T (2006) Inferring access-control policy properties via machine learning. In: Seventh ieee international workshop on policies for distributed systems and networks, 2006. Policy 2006. IEEE, p 4
Al-Shaer E, Ou X, Xie G (2013) Automated security management. Springer, Berlin
Parkinson S, Khan S (2018) Identifying irregularities in security event logs through an object-based chi-squared test of independence. J Inf Secur Appl 40:52–62
Parkinson S, Crampton A (2016) Identification of irregularities and allocation suggestion of relative file system permissions. In: Journal of information security and applications
Parkinson S, Hardcastle D (2014) Automated planning for file system interaction. In: 32nd workshop of the UK planning and scheduling special interest group. http://eprints.hud.ac.uk/22897/
Boddy MS, Gohde J, Haigh T, Harp SA (2005) Course of action generation for cyber security using classical planning. In: ICAPS, pp 12–21
Steinmetz M (2016) Critical constrained planning and an application to network penetration testing. In: The 26th international conference on automated planning and scheduling, p 141
Khan S, Parkinson S (2017) Towards automated vulnerability assessment
Riabov A, Sohrabi S, Udrea O, Hassanzadeh O (2016) Efficient high quality plan exploration for network security. In: International scheduling and planning applications woRKshop (SPARK)
Sohrabi S, Riabov A, Udrea O, Hassanzadeh O (2016) Finding diverse high-quality plans for hypothesis generation. In: Proceedings of the 22nd European conference on artificial intelligence (ECAI)
Ghosh N, Ghosh SK (2012) A planner-based approach to generate and analyze minimal attack graph. Appl Intell 36(2):369–390
Durkota K, Lisỳ V (2014) Computing optimal policies for attack graphs with action failures and costs. In: STAIRS, pp 101–110
Hewett R, Kijsanayothin P, Bak S, Galbrei M (2016) Cybersecurity policy verification with declarative programming. Appl Intell 45(1):83–95
Hoffmann J (2015) Simulated penetration testing: from “dijkstra” to “turing test++”. In: ICAPS, pp 364–372
Shmaryahu D (2016) Constructing plan trees for simulated penetration testing. In: The 26th international conference on automated planning and scheduling
Sarraute C, Buffet O, Hoffmann J et al (2012) Pomdps make better hackers: accounting for uncertainty in penetration testing. In: AAAI
Backes M, Hoffmann J, Künnemann R, Speicher P, Steinmetz M (2017) Simulated penetration testing and mitigation analysis. arXiv:1705.05088
Sarraute C, Richarte G, Lucángeli Obes J (2011) An algorithm to find optimal attack paths in nondeterministic scenarios. In: Proceedings of the 4th ACM workshop on security and artificial intelligence. ACM, pp 71–80
Parkinson S, Longstaff AP, Fletcher S, Vallati M, Chrpa L (2017) On the exploitation of automated planning for reducing machine tools energy consumption between manufacturing operations. In: Association for the advancement of artificial intelligence AAAI
Cenamor I, Chrpa L, Jimoh F, McCluskey TL, Vallati M (2014) Planning & scheduling applications in urban traffic management. In: Proceedings of the UK planning & scheduling special interest group
Do MB, Ruml W, Zhou R (2008) On-line planning and scheduling: an application to controlling modular printers. In: AAAI, pp 1519–1523
Herry H, Anderson P, Wickler G (2011) Automated planning for configuration changes
Herry H, Anderson P (2012) Planning with global constraints for computing infrastructure reconfiguration. In: Proceedings of the 2012 AAAI workshop on problem solving using classical planners. AAAI Press
Georgievski I, Aiello M (2016) Automated planning for ubiquitous computing. ACM Comput Surv (CSUR) 49(4):63
Oberlin J, Tellex S (2018) Autonomously acquiring instance-based object models from experience. In: Robotics research. Springer, pp 73–90
Shah M, Chrpa L, Jimoh F, Kitchin D, McCluskey T, Parkinson S, Vallati M (2013) Knowledge engineering tools in planning: state-of-the-art and future challenges. In: Knowledge engineering for planning and scheduling, vol 53
Khan S, Parkinson S (2017) Causal connections mining within security event logs. In: Proceedings of the 9th international conference on knowledge capture. ACM. https://doi.org/10.1145/3148011.3154476. http://eprints.hud.ac.uk/id/eprint/33841/
McDermott D, Ghallab M, Howe A, Knoblock C, Ram A, Veloso M, Weld D, Wilkins D (1998) Pddl-the planning domain definition language
Edelkamp S, Hoffmann J (2004) PDDL2.2: the language for the classical part of the 4th international planning competition. Technical Report 195, Albert-Ludwigs-Universitat Freiburg, Institut fur Informatik
Gerevini A, Saetti A, Serina I (2003) Planning through stochastic local search and temporal action graphs in lpg. J Artif Intell Res 20:239–290
Roberts M, Howe A (2009) Learning from planner performance. Artif Intell 173(5):536–561
Alford R, Kuter U, Nau DS (2009) Translating htns to pddl: a small amount of domain knowledge can go a long way. In: IJCAI, pp 1629–1634
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Khan, S., Parkinson, S. (2018). Automated Planning of Administrative Tasks Using Historic Events: A File System Case Study. In: Parkinson, S., Crampton, A., Hill, R. (eds) Guide to Vulnerability Analysis for Computer Networks and Systems. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-92624-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-92624-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-92623-0
Online ISBN: 978-3-319-92624-7
eBook Packages: Computer ScienceComputer Science (R0)