摘要: To ease the burden of implementing and maintaining access-control aspects in a system, growing trend among developers is to write policies specification language such as XACML integrate with applications through use policy decision point (PDP). assure that specified polices reflect expected ones, recent research has developed verification tools; however, their practice are still limited, being constrained by limited set supported features unavailability properties. This paper presents data-mining approach problem verifying expressed true desires author. We tool investigate this automatically generating requests, evaluating those requests get responses, applying machine learning on request-response pairs infer These inferred properties facilitate inspection behavior. applied our an central grades repository system for university. Our results show algorithms can provide valuable insight into basic help identify specific bug-exposing requests.
ieeecomputersociety.org
acm.org参考文章(8)
Graham Hughes, Tevfik Bultan, Automated Verification of Access Control Policies ,(2004)
Mark A. Hall, Ian H. Witten, Eibe Frank, Data Mining: Practical Machine Learning Tools and Techniques ,(1999)
Nan Zhang, Mark Ryan, Dimitar P. Guelev, Evaluating access control policies through model checking international conference on information security. ,vol. 3650, pp. 446- 460 ,(2005) , 10.1007/11556992_32
Jadzia Cendrowska, PRISM: An algorithm for inducing modular rules International Journal of Human-computer Studies \/ International Journal of Man-machine Studies. ,vol. 27, pp. 349- 370 ,(1987) , 10.1016/S0020-7373(87)80003-2
Mark Burgess, Probabilistic anomaly detection in distributed computer networks Science of Computer Programming. ,vol. 60, pp. 1- 26 ,(2006) , 10.1016/J.SCICO.2005.06.001
Nan Zhang, Mark Ryan, Dimitar P. Guelev, Synthesising verified access control systems in XACML formal methods in security engineering. pp. 56- 65 ,(2004) , 10.1145/1029133.1029141
Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, Michael Carl Tschantz, Verification and change-impact analysis of access-control policies international conference on software engineering. pp. 196- 205 ,(2005) , 10.1145/1062455.1062502
Daniel Jackson, Ilya Shlyakhter, Manu Sridharan, A micromodularity mechanism Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering - ESEC/FSE-9. ,vol. 26, pp. 62- 73 ,(2001) , 10.1145/503209.503219