Access control mechanisms are widely used in multi-user IT systems where it is necessary to restrict access to computing resources.This is certainly true of file systems whereby information needs to be protected again...Access control mechanisms are widely used in multi-user IT systems where it is necessary to restrict access to computing resources.This is certainly true of file systems whereby information needs to be protected against unintended access.User permissions often evolve over time,and changes are often made in an ad hoc manner and do not follow any rigorous process.This is largely due to the fact that the structure of the implemented permissions are often determined by experts during initial system configuration and documentation is rarely created.Furthermore,permissions are often not audited due to the volume of information,the requirement of expert knowledge,and the time required to perform manual analysis.This paper presents a novel,unsupervised technique whereby a statistical analysis technique is developed and applied to detect instances of permission creep.The system(herein refereed to as Creeper)has initially been developed for Microsoft systems;however,it is easily extensible and can be applied to other access control systems.Experimental analysis has demonstrated good performance and applicability on synthetic file system permissions with an average accuracy of 96%.Empirical analysis is subsequently performed on five real-world systems where an average accuracy of 98%is established.展开更多
Analysing access control policies is an essential process for ensuring over-prescribed permissions are identified and removed. This is a time-consuming and knowledge-intensive process, largely because there is a wealt...Analysing access control policies is an essential process for ensuring over-prescribed permissions are identified and removed. This is a time-consuming and knowledge-intensive process, largely because there is a wealth of policy information that needs to be manually examined. Furthermore, there is no standard definition of what constitutes an over-entitled permission within an organisation’s access control policy, making it not possible to develop automated rule-based approaches. It is often the case that over-entitled permissions are subjective to an organisation’s role-based structure, where access is be divided and managed based on different employee needs. In this context, an irregular permission could be one where an employee has frequently changed roles, thus accumulating a wide-ranging set of permissions. There is no one size fits all approach to identifying permissions where an employee is receiving more permission than is necessary, and it is necessary to examine them in the context of the organisation to establish their individual risk. Risk is not a binary measure and, in this work, an approach is built using Fuzzy Logic to determine an overall risk rating, which can then be used to make a more informed decision as to whether a user is over-entitled and presenting risk to the organisation. This requires the exploratory use of establishing resource sensitivity and user trust as measures to determine a risk rating. The paper presents a generic solution, which has been implemented to perform experimental analysis on Microsoft’s New Technology File System to show how this works in practice. A simulation using expert knowledge for comparison is then performed to demonstrate how effective it is at helping the user identify potential irregular permissions.展开更多
Access control mechanisms are widely used in multi-user IT systems where it is necessary to restrict access to computing resources.This is certainly true of file systems whereby information needs to be protected again...Access control mechanisms are widely used in multi-user IT systems where it is necessary to restrict access to computing resources.This is certainly true of file systems whereby information needs to be protected against unintended access.User permissions often evolve over time,and changes are often made in an ad hoc manner and do not follow any rigorous process.This is largely due to the fact that the structure of the implemented permissions are often determined by experts during initial system configuration and documentation is rarely created.Furthermore,permissions are often not audited due to the volume of information,the requirement of expert knowledge,and the time required to perform manual analysis.This paper presents a novel,unsupervised technique whereby a statistical analysis technique is developed and applied to detect instances of permission creep.The system(herein refereed to as Creeper)has initially been developed for Microsoft systems;however,it is easily extensible and can be applied to other access control systems.Experimental analysis has demonstrated good performance and applicability on synthetic file system permissions with an average accuracy of 96%.Empirical analysis is subsequently performed on five real-world systems where an average accuracy of 98% is established.展开更多
基金This work was undertaken during a project funded by the UK’s Digital Catapult Researcher in Residency Fellowship programme(Grant Ref:EP/M029263/1).The funding supported the research,development,and empirical testing presented in this paper.
文摘Access control mechanisms are widely used in multi-user IT systems where it is necessary to restrict access to computing resources.This is certainly true of file systems whereby information needs to be protected against unintended access.User permissions often evolve over time,and changes are often made in an ad hoc manner and do not follow any rigorous process.This is largely due to the fact that the structure of the implemented permissions are often determined by experts during initial system configuration and documentation is rarely created.Furthermore,permissions are often not audited due to the volume of information,the requirement of expert knowledge,and the time required to perform manual analysis.This paper presents a novel,unsupervised technique whereby a statistical analysis technique is developed and applied to detect instances of permission creep.The system(herein refereed to as Creeper)has initially been developed for Microsoft systems;however,it is easily extensible and can be applied to other access control systems.Experimental analysis has demonstrated good performance and applicability on synthetic file system permissions with an average accuracy of 96%.Empirical analysis is subsequently performed on five real-world systems where an average accuracy of 98%is established.
基金This work was undertaken during a project funded by the UK’s Digital Catapult Researcher in Residency Fellowship programme (Grant Ref: EP/M029263/1)The funding supported the research, development, and empirical testing presented in this paper.
文摘Analysing access control policies is an essential process for ensuring over-prescribed permissions are identified and removed. This is a time-consuming and knowledge-intensive process, largely because there is a wealth of policy information that needs to be manually examined. Furthermore, there is no standard definition of what constitutes an over-entitled permission within an organisation’s access control policy, making it not possible to develop automated rule-based approaches. It is often the case that over-entitled permissions are subjective to an organisation’s role-based structure, where access is be divided and managed based on different employee needs. In this context, an irregular permission could be one where an employee has frequently changed roles, thus accumulating a wide-ranging set of permissions. There is no one size fits all approach to identifying permissions where an employee is receiving more permission than is necessary, and it is necessary to examine them in the context of the organisation to establish their individual risk. Risk is not a binary measure and, in this work, an approach is built using Fuzzy Logic to determine an overall risk rating, which can then be used to make a more informed decision as to whether a user is over-entitled and presenting risk to the organisation. This requires the exploratory use of establishing resource sensitivity and user trust as measures to determine a risk rating. The paper presents a generic solution, which has been implemented to perform experimental analysis on Microsoft’s New Technology File System to show how this works in practice. A simulation using expert knowledge for comparison is then performed to demonstrate how effective it is at helping the user identify potential irregular permissions.
基金undertaken during a project funded by the UK’s Digital Catapult Researcher in Residency Fellowship programme(Grant Ref:EP/M029263/1).
文摘Access control mechanisms are widely used in multi-user IT systems where it is necessary to restrict access to computing resources.This is certainly true of file systems whereby information needs to be protected against unintended access.User permissions often evolve over time,and changes are often made in an ad hoc manner and do not follow any rigorous process.This is largely due to the fact that the structure of the implemented permissions are often determined by experts during initial system configuration and documentation is rarely created.Furthermore,permissions are often not audited due to the volume of information,the requirement of expert knowledge,and the time required to perform manual analysis.This paper presents a novel,unsupervised technique whereby a statistical analysis technique is developed and applied to detect instances of permission creep.The system(herein refereed to as Creeper)has initially been developed for Microsoft systems;however,it is easily extensible and can be applied to other access control systems.Experimental analysis has demonstrated good performance and applicability on synthetic file system permissions with an average accuracy of 96%.Empirical analysis is subsequently performed on five real-world systems where an average accuracy of 98% is established.
