Abstract
To create solutions for providing the required access control in computer networks it is not sufficient to have only tools and protocols in the network that are needed for it. It is necessary to create corresponding configuration, or scheme, of such tools, which will allow us to satisfy the existing security requirements. At the same time, the problems of creating an access control scheme, as a rule, are NP-complete and require heuristic models for their solving. In this article, we propose a unified approach to creation of control access schemes, based on usage of genetic algorithms. The approach is applied not only to original schemes configuration but to reconfiguration as well. Successful testing of the suggested approach on RBAC, VLAN, and VPN schemes allows us to suppose that it may be applied to other types of access control schemes as well. Experimental testing of suggested genetic algorithms, performed on a specially designed test bed, showed their sufficiently high efficiency.
- A. Altın, E. Amaldi, P. Belotti, and M. C. Pınar. 2004. Virtual private network design under traffic uncertainty. Electron. Notes Discrete Math. 17, 20 (October 2004) 19--22.Google Scholar
Cross Ref
- Carlo Blundo and Stelvio Cimato. 2010. A simple role mining algorithm. In Proceedings of the 2010 ACM Symposium on Applied Computing (SAC’10). ACM Press, New York, NY, 1958--1962. Google Scholar
Digital Library
- Carlo Blundo and Stelvio Cimato. 2012. Constrained role mining. In Security and Trust Management. Proceedings of the 8th International Workshop (STM’12), Lecture Notes in Computer Science, Vol. 7783. Springer-Verlag, Berlin, Germany, 289--304.Google Scholar
- Ervina Cergani and Pauli Miettinen. 2013. Discovering relations using matrix factorization methods. In Proceedings of the 22nd ACM International Conference on Information 8 Knowledge Management (CIKM’13). ACM Press, New York, NY, 1549--1552. Google Scholar
Digital Library
- Alessandro Colantonio, Roberto Di Pietro, and Alberto Ocello. 2008. A cost-driven approach to role engineering. In Proceedings of the 2008 ACM Symposium on Applied Computing (SAC’08). ACM Press, New York, NY, 2129--2136. Google Scholar
Digital Library
- Alessandro Colantonio, Roberto Di Pietro, Alberto Ocello, and Nino Vincenzo Verde. 2009. A probabilistic bound on the basic role mining problem and its applications. In Proceedings of the 24th IFIP TC 11 International Information Security Conference on Emerging Challenges for Security, Privacy and Trust (SEC’09). Dimitris Gritzalis and Javier Lopez (Eds.). IFIP Advances in Information and Communication Technology, Vol. 297, Springer-Verlag, Berlin, Germany, 376--386.Google Scholar
Cross Ref
- N. G. Duffield, Pawan Goyal, Albert Greenberg, Partho Mishra, K. K. Ramakrishnan, and Jacobus E. van der Merive. 1999. A flexible model for resource management in virtual private networks. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM’99). ACM Press, New York, NY, 95--108. Google Scholar
Digital Library
- Mario Frank, Joachim M. Buhmann, and David Basin. 2010. On the definition of role mining. In Proceedings of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT'10). ACM, New York, NY, 35--44. Google Scholar
Digital Library
- Mario Frank, Andreas P. Streich, David Basin, and Joachim M. Buhmann. 2012. Multi-assignment clustering for boolean data. J. Mach. Learn. Res. 13, 1 (January 2012) 459--489. Google Scholar
Digital Library
- Mario Frank, Joachim M. Buhmann, and David Basin. 2013. Role mining with probabilistic models. ACM Trans. Info. Syst. Secur. 15, 4. Google Scholar
Digital Library
- David E. Goldberg. 1989. Genetic Algorithms in Search, Optimization, and Machine Learning (1st. ed.). Addison Wesley Longman Publishing Co., Inc. Google Scholar
Digital Library
- Ning Hu, Phillip G. Bradford, and Jun Liu. 2006. Applying role based access control and genetic algorithms to insider threat detection. In Proceedings of the 44th ACM Annual Southeast Regional Conference (ACMSE’06), 790--791. Google Scholar
Digital Library
- C. A. J. Hurkens, J. C. M. Keijsper, and L. Stougie. 2004. Virtual private network design: A proof of the tree routing conjecture on ring networks. SIAM J. Discrete Math, 21, 2 (2004) 482--503. Google Scholar
Digital Library
- Giuseppe F. Italiano, Rajeev Rastogi, and Rajeev Yener. 2002. Restoration algorithms for virtual private networks in the hose model. In Proceedings of the 21st Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM’02). IEEE Xplore.Google Scholar
Cross Ref
- Igor Kotenko and Igor Saenko. 2015. The genetic approach for design of virtual private networks. In Proceedings of the 2015 IEEE 18th International Conference on Computational Science and Engineering (CSE’15). 168--175. Google Scholar
Digital Library
- Martin Kuhlmann, Dalia Shohat, and Gerhard Schimpf. 2003. Role mining -- revealing business roles for security administration using data mining technology. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT’03). ACM Press, New York, NY, 179--186. Google Scholar
Digital Library
- Usama Mehboob, Junaid Qadir, Salman Ali, and Athanasios Vasilakos. 2014. Genetic algorithms in wireless networking: Techniques, applications, and issues. Retrieved from http://www.pitt.edu/∼dtipper/Apaper2002_1.pdf.Google Scholar
- Zbigniew Michalewicz. 1996. Genetic Algorithms + Data Structures = Evolution Programs (3rd ed.). Springer-Verlag, London. Google Scholar
Digital Library
- Pauli Miettinen and Jilles Vreeken. 2011. Model order selection for boolean matrix factorization. In Proceedings of the 17th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD’11). ACM Press, New York, NY, 51--59. Google Scholar
Digital Library
- Melanie Mitchell. 1998. An Introduction to Genetic Algorithms, MIT Press, Cambridge, MA. Google Scholar
Digital Library
- Neha Rai and Khushbu Rai. Genetic Algorithm Based Intrusion Detection System. 2014. Int. J. Comput. Sci. Info. Technol. 5, 4 (2014) 4952--4957.Google Scholar
- Igor Saenko and Igor Kotenko. 2010. Optimization of access control schemes in virtual local area networks. In Computer Network Security. Lecture Notes in Computer Science, Vol. 6258, Springer-Verlag, Berlin, 209--216. Google Scholar
Digital Library
- Igor Saenko and Igor Kotenko. 2011. Genetic algorithms for role mining problem. In Proceedings of the 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP’11). IEEE Computer Society, Washington, DC, 646--650. Google Scholar
Digital Library
- Igor Saenko and Igor Kotenko. 2012. Design and performance evaluation of improved genetic algorithm for role mining problem. In Proceedings of the 20th International Euromicro Conference on Parallel, Distributed and Network-based Processing. IEEE Computer Society, Washington, DC, 269--274. Google Scholar
Digital Library
- Igor Saenko and Igor Kotenko. 2015a. A genetic approach for virtual computer network design. In Proceedings of the 8th International Symposium on Intelligent Distributed Computing (IDC’14). Intelligent Distributed Computing VIII. Studies in Computational Intelligence, 570, Springer-Verlag, Berlin, Germany, 95--105.Google Scholar
Cross Ref
- Igor Saenko and Igor Kotenko. 2015b. Reconfiguration of access schemes in virtual networks of the internet of things by genetic algorithms. In Studies in Computational Intelligence, 616, Springer International Publishing, 155--165.Google Scholar
- Igor Saenko and Igor Kotenko. 2016. Using genetic algorithms for design and reconfiguration of RBAC schemes. In Proceedings of the 1st International Workshop on AI for Privacy and Security (PrAISe'16). ACM Press, New York, NY. Google Scholar
Digital Library
- Igor Saenko and Igor Kotenko. 2017. Reconfiguration of RBAC schemes by genetic algorithms. In Studies in Computational Intelligence, 678, Springer International Publishing, 89--98.Google Scholar
- Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. 1996. Role-based access control models. Computer 29, 2 (1996) 38--47. Google Scholar
Digital Library
- Nabila Semmanche and Sadika Selka. 2008. Access control of web services using genetic algorithms. In Proceedings of the 2008 High Performance Computing 8 Simulation Conference (HPCS’08). ECMS, Nicosia, Cyprus, 249--254.Google Scholar
- Vaclav Snasel, Jan Platos, and Pavel Kromer. 2008. On genetic algorithms for boolean matrix factorization. In Proceedings of the 8th International Conference on Intelligent Systems Design and Applications (ISDA’08), 2, IEEE Press, New York, 170--175. Google Scholar
Digital Library
- Anotai Srikitja and David Tipper. 2002. QoS-based virtual private network design for an MPLS network. Retrieved from http://www.pitt.edu/∼dtipper/Apaper2002_1.pdf.Google Scholar
- Cheng-Feng Tai, Tzu-Chiang Chiang, and Ting-Wei Hou. 2011. A virtual subnet scheme on clustering algorithms for mobile ad hoc networks. Expert Syst. Appl. 38, 3 (2011) 2099--2109. Google Scholar
Digital Library
- Jaideep Vaidya, Vijayalakshmi Atluri, and Janice Warner. 2006. RoleMiner: Mining roles using subset enumeration. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06). ACM Press, New York, NY, 144--153. Google Scholar
Digital Library
- Jaideep Vaidya, Vijayalakshmi Atluri, and Qi Guo. 2007. The role mining problem: Finding a minimal descriptive set of roles. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (SACMAT’07). ACM Press, New York, NY, 175--184. Google Scholar
Digital Library
- Hyo-Sik Yang, Martin Maier, Martin Reisslein, and W. Matthew Carlyle. 2003. A genetic algorithm-based methodology for optimizing multi-service convergence in a metro WDM network. J. Lightw. Technol. 21, 5 (2003) 1114--1146.Google Scholar
Cross Ref
Index Terms
Genetic Algorithms for Solving Problems of Access Control Design and Reconfiguration in Computer Networks
Recommendations
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Delegation in role-based access control
User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Trusted Administration of Large-Scale Cryptographic Role-Based Access Control Systems
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and CommunicationsThere has been an increasing trend towards outsourcing data to the cloud to cope with the massive increase in the amount of data. Hence trusted enforcement of access control policies on outsourced data in the cloud has become a significant issue. In ...






Comments