• Login
    View Item 
    •   Home
    • Theses & Dissertations
    • 2019 - Mines Theses & Dissertations
    • View Item
    •   Home
    • Theses & Dissertations
    • 2019 - Mines Theses & Dissertations
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Browse

    All of Mines RepositoryCommunitiesPublication DateAuthorsTitlesSubjectsThis CollectionPublication DateAuthorsTitlesSubjects

    My Account

    Login

    Mines Links

    Arthur Lakes LibraryColorado School of Mines

    Statistics

    Display Statistics

    Automated methods for generating least privilege access control policies

    • CSV
    • RefMan
    • EndNote
    • BibTex
    • RefWorks
    Thumbnail
    Name:
    Sanders_mines_0052E_11700.pdf
    Size:
    1.654Mb
    Format:
    PDF
    Download
    Author
    Sanders, Matthew W.
    Advisor
    Yue, Chuan
    Date issued
    2019
    Keywords
    cloud computing
    least privilege
    information security
    access control
    
    Metadata
    Show full item record
    URI
    https://hdl.handle.net/11124/173028
    Abstract
    Access controls are the processes and mechanisms that allow only authorized users to perform operations upon the resources of a system. Using access controls, administrators attempt to implement the Principle of Least Privilege, a design principle where privileged entities operate using the minimal set of privileges necessary to complete their job. This protects the system against threats and vulnerabilities by reducing exposure to unauthorized activities. Although access control can be considered only one area of security research, it is a pervasive and omnipresent aspect of information security. But achieving the Principle of Least Privilege is a difficult task. It requires the administrators of the access control policies to have an understanding of the overall system, each user's job function, the operations and resources necessary to those job functions, and how to express these using the access control model and language of the system. In almost all production systems today, this process of defining access control policies is performed manually. It is error prone and done without quantitative metrics to help administrators and auditors determine if the Principle of Least Privilege has been achieved for the system. In this dissertation, we explore the use of automated methods to create least privilege access control policies. Specifically, we (1) develop a framework for policy generation algorithms, derive metrics for determining adherence to the Principle of Least Privilege, and apply these to evaluate a real world dataset, (2) develop two machine learning based algorithms for generating role based policies and compare their performance to naive methods, and (3) develop a rule mining based algorithm to create attribute based policies and evaluate its effectiveness to role based methods. By quantifying the performance of access control policies, developing methods to create least privilege policies, and evaluating their performance using real world data, the projects presented in this dissertation advance the state of access control research and address a problem of great significance to security professionals.
    Rights
    Copyright of the original work is retained by the author.
    Collections
    2019 - Mines Theses & Dissertations

    entitlement

     
    DSpace software (copyright © 2002 - 2023)  DuraSpace
    Quick Guide | Contact Us
    Open Repository is a service operated by 
    Atmire NV
     

    Export search results

    The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

    By default, clicking on the export buttons will result in a download of the allowed maximum amount of items.

    To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

    After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.