TY - GEN
T1 - Anomaly detection and visualization in generative RBAC models
AU - Leitner, Maria
AU - Rinderle-Ma, Stefanie
PY - 2014
Y1 - 2014
N2 - With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this paper, we aim at detecting and identifying anomalies that originate from insiders such as the infringement of rights or irregular activities. To do that, we compare prescriptive (original) RBAC models (i.e. how the RBAC model is expected to work) with generative (currentstate) RBAC models (i.e. the actual accesses represented by an RBAC model obtained with mining techniques). For this we present different similarity measures for RBAC models and their entities. We also provide techniques for visualizing anomalies within RBAC models based on difference graphs. This can be used for the alignment of RBAC models such as for policy updates or reconciliation. The effectiveness of the approach is evaluated based on a prototypical implementation and an experiment.
AB - With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this paper, we aim at detecting and identifying anomalies that originate from insiders such as the infringement of rights or irregular activities. To do that, we compare prescriptive (original) RBAC models (i.e. how the RBAC model is expected to work) with generative (currentstate) RBAC models (i.e. the actual accesses represented by an RBAC model obtained with mining techniques). For this we present different similarity measures for RBAC models and their entities. We also provide techniques for visualizing anomalies within RBAC models based on difference graphs. This can be used for the alignment of RBAC models such as for policy updates or reconciliation. The effectiveness of the approach is evaluated based on a prototypical implementation and an experiment.
KW - Access Control
KW - Anomaly detection
KW - Audit
KW - Graph edit distance
KW - Inexact graph matching
KW - RBAC
KW - Similarity
UR - http://www.scopus.com/inward/record.url?scp=84904500697&partnerID=8YFLogxK
U2 - 10.1145/2613087.2613105
DO - 10.1145/2613087.2613105
M3 - Conference contribution
AN - SCOPUS:84904500697
SN - 9781450329392
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 41
EP - 52
BT - SACMAT 2014 - Proceedings of the 19th ACM Symposium on Access Control Models and Technologies
PB - Association for Computing Machinery
T2 - 19th ACM Symposium on Access Control Models and Technologies, SACMAT 2014
Y2 - 25 June 2014 through 27 June 2014
ER -