Reverse engineering RBAC policies using ILP
Speaker: Kishor Datar
Start: Tuesday, December 02, 2008, 10:30AM
End: Tuesday, December 02, 2008, 12:00PM
Location: ITE 325
Abstract: RBAC (Role Based Access Control ) is a predominant model used for
advanced access control. A variety of IT vendors have provided RBAC
implementations in their systems. RBAC provides great flexibility and
breadth of application. System administrators can control access at
a level of abstraction that is natural to the way that enterprises
typically conduct business. These features of RBAC make it suitable
for deployment over a variety of web applications like social
networks, academic suits etc.
As use of RBAC on the web is increasing, it becomes important for an
attacker to know the details of RBAC policies like role hierarchy,
constraints in place to effectively attack the system. The question
is: can we infer the RBAC details given the access attempts by users
of the system?
In Inductive Logic Programming (ILP), background knowledge and
negative and positive examples are specified in a logic language.
The ILP system generates a hypothesis in logic language that best
represents the given set of examples and background knowledge.
If access attempts by the users of RBAC system are stated as facts,
and with some background knowledge about the organization's structure,
ILP systems should be able to tell the underlying RBAC characteristics
of the system. In this talk I will introduce a possible approach
towards identifying RBAC policies using ILP systems like Progol .
Web Site: http://ebiquity.umbc.edu/