Reverse Engineering of RBAC Policy using Access Logs


Monday, June 15, 2009, 14:00pm - Monday, June 15, 2009, 15:30pm

325b ITE

policy, security

MS Thesis Defense
Role Based Access Control (RBAC) is a flexible and powerful approach to access control which is widely used. We present approaches to finding the functional role hierarchy using access logs. We discuss a method to reconstruct the functional role hierarchy with knowledge of all access rights of all users. New methods of test data generation are introduced. We then present heuristics that work with partial logs to predict an approximate role hierarchy. A method to efficiently use background knowledge is also discussed. We show with empirical evidence that to reconstruct even half the hierarchy correctly with the heuristics; we need significant amount of access logs. We compare the two heuristics in terms of false positives, false negatives and number of correct predictions. The two heuristics are compared to parent-child relations as well as ancestor-descendant relations. Committee:
  • Dr. Anupam Joshi (chair)
  • Dr. Tim Finin
  • Dr. Yelena Yesha

Anupam Joshi

OWL Tweet

UMBC ebiquity