Computer Science

Computer Science ›› 2020, Vol. 47 ›› Issue (5): 313-318.doi: 10.11896/jsjkx.190800051

• Information Security • Previous Articles    

Role Dynamic Adjustment Algorithm for Resisting Insider Threat

PAN Heng1, LI Jing feng2, MA Jun hu3   

  1. 1 Research Institute of Advanced Information Technology,Zhongyuan University of Technology,Zhengzhou 450007,China
    2 PLA Information Engineering University,Zhengzhou 450001,China
    3 PLA Air Force 93010 Unit,Shenyang 110016,China
  • Received:2019-08-12 Online:2020-05-15 Published:2020-05-19
  • About author:PAN Heng,born in 1977,Ph.D,associa-te professor,is a member of China Computer Federation.Her main research interests include Security risk assessment of information System,Network security situation awareness and blockchain technology.
    LI Jing-feng,born in 1977,Ph.D,asso-ciate professor.His main research interests include information system security technologies and information security guarantee.
  • Supported by:
    This work was supported by the Foundation of Priority Fundamental Research Project of Institutions of Higher Education of Henan Province,China (19A520047) and Foundation of Independent Innovation Application Research of Zhongyuan University of Technology,China(K2018YY017).

PDF (PC)

650

Abstract: Due to derivations in current role definition from the changes of the bossiness process and information infrastructure,organizations are vulnerable to internal threat.A role dynamic adjustment algorithm is proposed based on the defensive idea of changing the set of roles within the organization regularly and reasonably.The algorithm defines an objective function with adjusting parameters to balance the two elements,which are the user privilege actual use data and the system administrator expert knowledge.Based on heuristic search strategy and sub-set pairing technique,a group of candidate roles are obtained.From these roles,a set of adjusting roles which can achieve a predefined score are obtained,by using a certain heuristic function.Finally,in order to reduce role redundancy,the users of the organization are reassign the roles from the adjusting roles,so getting a new Role-Based Access Control(RBAC) configuration.By using the audit logs from a hospital management system,the performance of the RDA is analyzed.The experimental results show that the proposed algorithm can efficiently adjust the RBAC configuration for the special organization,so it can provide concrete base for resisting the insider threats.

Key words: Dynamic adjustment, Heuristic search strategy, Insider threats, One class support vector machine, Role based access control

CLC Number: 

  • TP191
[1]WANG G F,LIU C Y,PAN H Z,et al.Survey on InsiderThreats to Cloud Computing [J].Chinese Journal of Compu-ters,2017,40(2):296-316.
[2]POVEY D.Optimistic security:A new access control paradigm[C]//Proceedings of the 1999 Workshop on New Security Paradigms.New York:ACM,1999:40-45.
[3]COYNE E J.Role engineering [C]//Proceedings of the First ACM Work Shop on Role Based Access Control.New York:ACM,1996.
[4]ZHOU C,REN Z Y,WU W C.Semantic Roles Mining Algorithms Based on Formal Concept Analysis [J].Computer Science,2018,45(12):117-122,129.
[5]ZHANG L,ZHANG H L,HAN D J,et al.The Theory and Algorithm for Roles Minimization Problem in RBAC Based on Concept Lattice [J].Acta Electronica Sinica,2014,42(12):2371-2378.
[6]ZHAI Z G,WANG J D,CAO Z N,et al.Hybrid Role Mining Methods with Minimal Perturbation [J].Journal of Computer Research and Development,2013,50(5):951-960.
[7]SANDHU R S,COYNEE J,FEINSTEINH L,et al.Role-based Access Control models [J].Computer,1999,29(2):38-47.
[8]ZHANG D,EBRINGER T,RAMAMOHANARAO K.Role Engineering Using Graph Optimization[C]//Proceedings of The 10th ACM Symposium on Access Control Models and Technologies.New York:ACM,2017:139-144.
[9]HAVELIWALA T H,GIONIS A,KLEIN D D,et al.Evaluating Strategies for Similarity Search on the Web[C]//Proceedings of the 11th International Conference on the World Wide Web.New York:ACM,2002:432-442.
[10]SCHAAD A,MOFFETT J,JACOB J.The Role-based Access Control System of a European Bank:a Case Study and Discussion [C]//Proceedings of the 6th ACM Symposium on Access Control Models and Technologies.New York: ACM,2001:3-9.
[11]GAREY M R,DAVID S J.Computers and Intractability:AGuide to the Theory of NP-Completeness [M].New York:W.H.Freeman and Company,1990:320-334.
[12]SANDHU R S.Lattice-based Access Control Models [J].IEEE Computer,1993,26(11):9-19.
[13]CLAESEN M,DE SMET F,SUYKENS J A K,et al.EnsembleSVM:A Library for Ensemble Learning Using Support Vector Machines[J].Journal of Machine Learning Research,2014,15(1):141-145.
[14]MOLLOY I,PARK Y,CHARI S.Generative Models for Access Control Policies:Applications to Role Mining Over Logs with Attribution[C]//Proceedings of the 17th ACM SACMAT.New York:ACM,2012:45-56.
[1] HAN Dao-jun. Acquiring Minimal Role Set Algorithm in Role Engineering [J]. Computer Science, 2017, 44(8): 115-123.
[2] ZHAO Bo, ZHAO Rong-cai, XU Jin-long and GAO Wei. Method of Progressive Intelligent Backtracking Vector Code Adjustment and Optimization [J]. Computer Science, 2015, 42(1): 50-53.
[3] WANG Cong-jiao,WANG Xi-huai and XIAO Jian-mei. Improved Differential Evolution Algorithm Based on Dynamic Adaptive Strategies [J]. Computer Science, 2013, 40(11): 265-270.
[4] . Field-sensitive Memory Model for Memory Safety of Heap-manipulating Programs [J]. Computer Science, 2012, 39(9): 109-114.
[5] LI Han,GUO He,WANG Yu-xin,LU Guo-ji,YANG Yuan-sheng. Using RBAC-based Approach to Integrate Access Control Policies in Legacy Systems [J]. Computer Science, 2011, 38(7): 126-129.
[6] JI Wen-qian,LI Zhou-jun,CHAO Wen-han,CHEN Xiao-ming. Automatic Abstracting System Based on Improved LexRank Algorithm [J]. Computer Science, 2010, 37(5): 151-154.
[7] . [J]. Computer Science, 2007, 34(3): 283-285.
[8] LEI Xiang-Dong ZHAO Yue-Long CHEN Song-Qiao YUAN Xiao-Li (College of Information Science and Engineering, Central South University, Changsha 410083). [J]. Computer Science, 2007, 34(12): 100-103.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.