Validation and Correction of Large Security Policies: A Clustering and Access Log Based Approach
Title | Validation and Correction of Large Security Policies: A Clustering and Access Log Based Approach |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Hadj, M. A. El, Erradi, M., Khoumsi, A., Benkaouz, Y. |
Conference Name | 2018 IEEE International Conference on Big Data (Big Data) |
ISBN Number | 978-1-5386-5035-6 |
Keywords | ABAC Policy, Access Control, Access Log, access log based approach, anomaly detection, Anomaly Detection and Resolution, Big Data, big data environments, clustering, clustering technique, composability, Conferences, edge detection, Image edge detection, Metrics, nonallowed accesses, obtained clusters, pattern clustering, Policy Validation and Correction., potential security breaches, pubcrawl, Redundancy, resilience, Resiliency, Scalability, security, security of data, security policies, verifying security policies |
Abstract | In big data environments with big number of users and high volume of data, we need to manage the corresponding huge number of security policies. Due to the distributed management of these policies, they may contain several anomalies, such as conflicts and redundancies, which may lead to both safety and availability problems. The distributed systems guided by such security policies produce a huge number of access logs. Due to potential security breaches, the access logs may show the presence of non-allowed accesses. This may also be a consequence of conflicting rules in the security policies. In this paper, we present an ongoing work on developing an environment for verifying and correcting security policies. To make the approach efficient, an access log is used as input to determine suspicious parts of the policy that should be considered. The approach is also made efficient by clustering the policy and the access log and considering separately the obtained clusters. The clustering technique and the use of access log significantly reduces the complexity of the suggested approach, making it scalable for large amounts of data. |
URL | https://ieeexplore.ieee.org/document/8622610 |
DOI | 10.1109/BigData.2018.8622610 |
Citation Key | hadj_validation_2018 |
- Metrics
- verifying security policies
- security policies
- security of data
- security
- Scalability
- Resiliency
- resilience
- Redundancy
- pubcrawl
- potential security breaches
- Policy Validation and Correction.
- pattern clustering
- obtained clusters
- nonallowed accesses
- ABAC Policy
- Image edge detection
- edge detection
- Conferences
- composability
- clustering technique
- clustering
- big data environments
- Big Data
- Anomaly Detection and Resolution
- Anomaly Detection
- access log based approach
- Access Log
- Access Control