Show simple item record

dc.contributor.advisorYue, Chuan
dc.contributor.authorSanders, Matthew W.
dc.date.accessioned2019-05-29T13:25:59Z
dc.date.accessioned2022-02-03T13:15:45Z
dc.date.available2019-05-29T13:25:59Z
dc.date.available2022-02-03T13:15:45Z
dc.date.issued2019
dc.identifierSanders_mines_0052E_11700.pdf
dc.identifierT 8692
dc.identifier.urihttps://hdl.handle.net/11124/173028
dc.descriptionIncludes bibliographical references.
dc.description2019 Spring.
dc.description.abstractAccess controls are the processes and mechanisms that allow only authorized users to perform operations upon the resources of a system. Using access controls, administrators attempt to implement the Principle of Least Privilege, a design principle where privileged entities operate using the minimal set of privileges necessary to complete their job. This protects the system against threats and vulnerabilities by reducing exposure to unauthorized activities. Although access control can be considered only one area of security research, it is a pervasive and omnipresent aspect of information security. But achieving the Principle of Least Privilege is a difficult task. It requires the administrators of the access control policies to have an understanding of the overall system, each user's job function, the operations and resources necessary to those job functions, and how to express these using the access control model and language of the system. In almost all production systems today, this process of defining access control policies is performed manually. It is error prone and done without quantitative metrics to help administrators and auditors determine if the Principle of Least Privilege has been achieved for the system. In this dissertation, we explore the use of automated methods to create least privilege access control policies. Specifically, we (1) develop a framework for policy generation algorithms, derive metrics for determining adherence to the Principle of Least Privilege, and apply these to evaluate a real world dataset, (2) develop two machine learning based algorithms for generating role based policies and compare their performance to naive methods, and (3) develop a rule mining based algorithm to create attribute based policies and evaluate its effectiveness to role based methods. By quantifying the performance of access control policies, developing methods to create least privilege policies, and evaluating their performance using real world data, the projects presented in this dissertation advance the state of access control research and address a problem of great significance to security professionals.
dc.format.mediumborn digital
dc.format.mediumdoctoral dissertations
dc.languageEnglish
dc.language.isoeng
dc.publisherColorado School of Mines. Arthur Lakes Library
dc.rightsCopyright of the original work is retained by the author.
dc.subjectcloud computing
dc.subjectleast privilege
dc.subjectinformation security
dc.subjectaccess control
dc.titleAutomated methods for generating least privilege access control policies
dc.typeText
dc.contributor.committeememberCamp, Tracy
dc.contributor.committeememberTilton, Nils
dc.contributor.committeememberWu, Bo
dc.contributor.committeememberYang, Dejun
thesis.degree.nameDoctor of Philosophy (Ph.D.)
thesis.degree.levelDoctoral
thesis.degree.disciplineComputer Science
thesis.degree.grantorColorado School of Mines


Files in this item

Thumbnail
Name:
Sanders_mines_0052E_11700.pdf
Size:
1.654Mb
Format:
PDF

This item appears in the following Collection(s)

Show simple item record