Anomaly Detection and Visualization in Generative RBAC Models

Anomaly Detection and Visualization in Generative RBAC Models

Abstract

With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this paper, we aim at detecting and identifying anomalies that originate from insiders such as the infringement of rights or irregular activities. To do that, we compare prescriptive (original) RBAC models (i.e. how the RBAC model is expected to work) with generative (current-state) RBAC models (i.e. the actual accesses represented by an RBAC model obtained with mining techniques). For this we present different similarity measures for RBAC models and their entities. We also provide techniques for visualizing anomalies within RBAC models based on difference graphs. This can be used for the alignment of RBAC models such as for policy updates or reconciliation. The effectiveness of the approach is evaluated based on a prototypical implementation and an experiment.

Grafik Top
Authors
  • Leitner, Maria
  • Rinderle-Ma, Stefanie
Grafik Top
Projects
Grafik Top
Shortfacts
Category
Paper in Conference Proceedings or in Workshop Proceedings (Full Paper in Proceedings)
Event Title
19th ACM Symposium on Access Control Models and Technologies (SACMAT '14)
Divisions
Workflow Systems and Technology
Event Location
London, ON, Canada
Event Type
Conference
Event Dates
25-27 June 2014
Page Range
pp. 41-52
Date
June 2014
Export
Grafik Top