skip to main content
research-article

Genetic Algorithms for Solving Problems of Access Control Design and Reconfiguration in Computer Networks

Authors Info & Claims
Published:06 March 2018Publication History
Skip Abstract Section

Abstract

To create solutions for providing the required access control in computer networks it is not sufficient to have only tools and protocols in the network that are needed for it. It is necessary to create corresponding configuration, or scheme, of such tools, which will allow us to satisfy the existing security requirements. At the same time, the problems of creating an access control scheme, as a rule, are NP-complete and require heuristic models for their solving. In this article, we propose a unified approach to creation of control access schemes, based on usage of genetic algorithms. The approach is applied not only to original schemes configuration but to reconfiguration as well. Successful testing of the suggested approach on RBAC, VLAN, and VPN schemes allows us to suppose that it may be applied to other types of access control schemes as well. Experimental testing of suggested genetic algorithms, performed on a specially designed test bed, showed their sufficiently high efficiency.

References

  1. A. Altın, E. Amaldi, P. Belotti, and M. C. Pınar. 2004. Virtual private network design under traffic uncertainty. Electron. Notes Discrete Math. 17, 20 (October 2004) 19--22.Google ScholarGoogle ScholarCross RefCross Ref
  2. Carlo Blundo and Stelvio Cimato. 2010. A simple role mining algorithm. In Proceedings of the 2010 ACM Symposium on Applied Computing (SAC’10). ACM Press, New York, NY, 1958--1962. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Carlo Blundo and Stelvio Cimato. 2012. Constrained role mining. In Security and Trust Management. Proceedings of the 8th International Workshop (STM’12), Lecture Notes in Computer Science, Vol. 7783. Springer-Verlag, Berlin, Germany, 289--304.Google ScholarGoogle Scholar
  4. Ervina Cergani and Pauli Miettinen. 2013. Discovering relations using matrix factorization methods. In Proceedings of the 22nd ACM International Conference on Information 8 Knowledge Management (CIKM’13). ACM Press, New York, NY, 1549--1552. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Alessandro Colantonio, Roberto Di Pietro, and Alberto Ocello. 2008. A cost-driven approach to role engineering. In Proceedings of the 2008 ACM Symposium on Applied Computing (SAC’08). ACM Press, New York, NY, 2129--2136. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello, and Nino Vincenzo Verde. 2009. A probabilistic bound on the basic role mining problem and its applications. In Proceedings of the 24th IFIP TC 11 International Information Security Conference on Emerging Challenges for Security, Privacy and Trust (SEC’09). Dimitris Gritzalis and Javier Lopez (Eds.). IFIP Advances in Information and Communication Technology, Vol. 297, Springer-Verlag, Berlin, Germany, 376--386.Google ScholarGoogle ScholarCross RefCross Ref
  7. N. G. Duffield, Pawan Goyal, Albert Greenberg, Partho Mishra, K. K. Ramakrishnan, and Jacobus E. van der Merive. 1999. A flexible model for resource management in virtual private networks. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM’99). ACM Press, New York, NY, 95--108. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Mario Frank, Joachim M. Buhmann, and David Basin. 2010. On the definition of role mining. In Proceedings of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT'10). ACM, New York, NY, 35--44. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Mario Frank, Andreas P. Streich, David Basin, and Joachim M. Buhmann. 2012. Multi-assignment clustering for boolean data. J. Mach. Learn. Res. 13, 1 (January 2012) 459--489. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Mario Frank, Joachim M. Buhmann, and David Basin. 2013. Role mining with probabilistic models. ACM Trans. Info. Syst. Secur. 15, 4. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. David E. Goldberg. 1989. Genetic Algorithms in Search, Optimization, and Machine Learning (1st. ed.). Addison Wesley Longman Publishing Co., Inc. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Ning Hu, Phillip G. Bradford, and Jun Liu. 2006. Applying role based access control and genetic algorithms to insider threat detection. In Proceedings of the 44th ACM Annual Southeast Regional Conference (ACMSE’06), 790--791. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. C. A. J. Hurkens, J. C. M. Keijsper, and L. Stougie. 2004. Virtual private network design: A proof of the tree routing conjecture on ring networks. SIAM J. Discrete Math, 21, 2 (2004) 482--503. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Giuseppe F. Italiano, Rajeev Rastogi, and Rajeev Yener. 2002. Restoration algorithms for virtual private networks in the hose model. In Proceedings of the 21st Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM’02). IEEE Xplore.Google ScholarGoogle ScholarCross RefCross Ref
  15. Igor Kotenko and Igor Saenko. 2015. The genetic approach for design of virtual private networks. In Proceedings of the 2015 IEEE 18th International Conference on Computational Science and Engineering (CSE’15). 168--175. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Martin Kuhlmann, Dalia Shohat, and Gerhard Schimpf. 2003. Role mining -- revealing business roles for security administration using data mining technology. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT’03). ACM Press, New York, NY, 179--186. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Usama Mehboob, Junaid Qadir, Salman Ali, and Athanasios Vasilakos. 2014. Genetic algorithms in wireless networking: Techniques, applications, and issues. Retrieved from http://www.pitt.edu/∼dtipper/Apaper2002_1.pdf.Google ScholarGoogle Scholar
  18. Zbigniew Michalewicz. 1996. Genetic Algorithms + Data Structures = Evolution Programs (3rd ed.). Springer-Verlag, London. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Pauli Miettinen and Jilles Vreeken. 2011. Model order selection for boolean matrix factorization. In Proceedings of the 17th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD’11). ACM Press, New York, NY, 51--59. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Melanie Mitchell. 1998. An Introduction to Genetic Algorithms, MIT Press, Cambridge, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Neha Rai and Khushbu Rai. Genetic Algorithm Based Intrusion Detection System. 2014. Int. J. Comput. Sci. Info. Technol. 5, 4 (2014) 4952--4957.Google ScholarGoogle Scholar
  22. Igor Saenko and Igor Kotenko. 2010. Optimization of access control schemes in virtual local area networks. In Computer Network Security. Lecture Notes in Computer Science, Vol. 6258, Springer-Verlag, Berlin, 209--216. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Igor Saenko and Igor Kotenko. 2011. Genetic algorithms for role mining problem. In Proceedings of the 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP’11). IEEE Computer Society, Washington, DC, 646--650. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Igor Saenko and Igor Kotenko. 2012. Design and performance evaluation of improved genetic algorithm for role mining problem. In Proceedings of the 20th International Euromicro Conference on Parallel, Distributed and Network-based Processing. IEEE Computer Society, Washington, DC, 269--274. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Igor Saenko and Igor Kotenko. 2015a. A genetic approach for virtual computer network design. In Proceedings of the 8th International Symposium on Intelligent Distributed Computing (IDC’14). Intelligent Distributed Computing VIII. Studies in Computational Intelligence, 570, Springer-Verlag, Berlin, Germany, 95--105.Google ScholarGoogle ScholarCross RefCross Ref
  26. Igor Saenko and Igor Kotenko. 2015b. Reconfiguration of access schemes in virtual networks of the internet of things by genetic algorithms. In Studies in Computational Intelligence, 616, Springer International Publishing, 155--165.Google ScholarGoogle Scholar
  27. Igor Saenko and Igor Kotenko. 2016. Using genetic algorithms for design and reconfiguration of RBAC schemes. In Proceedings of the 1st International Workshop on AI for Privacy and Security (PrAISe'16). ACM Press, New York, NY. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Igor Saenko and Igor Kotenko. 2017. Reconfiguration of RBAC schemes by genetic algorithms. In Studies in Computational Intelligence, 678, Springer International Publishing, 89--98.Google ScholarGoogle Scholar
  29. Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. 1996. Role-based access control models. Computer 29, 2 (1996) 38--47. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Nabila Semmanche and Sadika Selka. 2008. Access control of web services using genetic algorithms. In Proceedings of the 2008 High Performance Computing 8 Simulation Conference (HPCS’08). ECMS, Nicosia, Cyprus, 249--254.Google ScholarGoogle Scholar
  31. Vaclav Snasel, Jan Platos, and Pavel Kromer. 2008. On genetic algorithms for boolean matrix factorization. In Proceedings of the 8th International Conference on Intelligent Systems Design and Applications (ISDA’08), 2, IEEE Press, New York, 170--175. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Anotai Srikitja and David Tipper. 2002. QoS-based virtual private network design for an MPLS network. Retrieved from http://www.pitt.edu/∼dtipper/Apaper2002_1.pdf.Google ScholarGoogle Scholar
  33. Cheng-Feng Tai, Tzu-Chiang Chiang, and Ting-Wei Hou. 2011. A virtual subnet scheme on clustering algorithms for mobile ad hoc networks. Expert Syst. Appl. 38, 3 (2011) 2099--2109. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Jaideep Vaidya, Vijayalakshmi Atluri, and Janice Warner. 2006. RoleMiner: Mining roles using subset enumeration. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06). ACM Press, New York, NY, 144--153. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Jaideep Vaidya, Vijayalakshmi Atluri, and Qi Guo. 2007. The role mining problem: Finding a minimal descriptive set of roles. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (SACMAT’07). ACM Press, New York, NY, 175--184. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Hyo-Sik Yang, Martin Maier, Martin Reisslein, and W. Matthew Carlyle. 2003. A genetic algorithm-based methodology for optimizing multi-service convergence in a metro WDM network. J. Lightw. Technol. 21, 5 (2003) 1114--1146.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Genetic Algorithms for Solving Problems of Access Control Design and Reconfiguration in Computer Networks

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Internet Technology
        ACM Transactions on Internet Technology  Volume 18, Issue 3
        Special Issue on Artificial Intelligence for Secruity and Privacy and Regular Papers
        August 2018
        314 pages
        ISSN:1533-5399
        EISSN:1557-6051
        DOI:10.1145/3185332
        • Editor:
        • Munindar P. Singh
        Issue’s Table of Contents

        Copyright © 2018 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 6 March 2018
        • Accepted: 1 April 2017
        • Revised: 1 March 2017
        • Received: 1 October 2010
        Published in toit Volume 18, Issue 3

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Research
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!