UMBC ebiquity

Reverse Engineering of RBAC Policy using Access Logs

Speaker: Kishor Datar

Start: Monday, June 15, 2009, 02:00PM

End: Monday, June 15, 2009, 03:30PM

Location: 325b ITE

Abstract: MS Thesis Defense
Role Based Access Control (RBAC) is a flexible and powerful approach to access control which is widely used. We present approaches to finding the functional role hierarchy using access logs. We discuss a method to reconstruct the functional role hierarchy with knowledge of all access rights of all users. New methods of test data generation are introduced. We then present heuristics that work with partial logs to predict an approximate role hierarchy. A method to efficiently use background knowledge is also discussed. We show with empirical evidence that to reconstruct even half the hierarchy correctly with the heuristics; we need significant amount of access logs. We compare the two heuristics in terms of false positives, false negatives and number of correct predictions. The two heuristics are compared to parent-child relations as well as ancestor-descendant relations. Committee:

  • Dr. Anupam Joshi (chair)
  • Dr. Tim Finin
  • Dr. Yelena Yesha

Tags: security, policy

Host: Anupam Joshi