检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:Simon Parkinson Saad Khan James Bray Daiyaan Shreef
出 处:《Cybersecurity》2019年第1期239-252,共14页网络空间安全科学与技术(英文)
基 金:This work was undertaken during a project funded by the UK’s Digital Catapult Researcher in Residency Fellowship programme(Grant Ref:EP/M029263/1).The funding supported the research,development,and empirical testing presented in this paper.
摘 要:Access control mechanisms are widely used in multi-user IT systems where it is necessary to restrict access to computing resources.This is certainly true of file systems whereby information needs to be protected against unintended access.User permissions often evolve over time,and changes are often made in an ad hoc manner and do not follow any rigorous process.This is largely due to the fact that the structure of the implemented permissions are often determined by experts during initial system configuration and documentation is rarely created.Furthermore,permissions are often not audited due to the volume of information,the requirement of expert knowledge,and the time required to perform manual analysis.This paper presents a novel,unsupervised technique whereby a statistical analysis technique is developed and applied to detect instances of permission creep.The system(herein refereed to as Creeper)has initially been developed for Microsoft systems;however,it is easily extensible and can be applied to other access control systems.Experimental analysis has demonstrated good performance and applicability on synthetic file system permissions with an average accuracy of 96%.Empirical analysis is subsequently performed on five real-world systems where an average accuracy of 98%is established.
关 键 词:Permission creep Access control AUDITING χ^2 statistics
分 类 号:TP3[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7
