Computer Security: Chapter 9 - Role-Based Access Control (RBAC) Role Classification Algorithm

Computer Security: Chapter 9 - Role-Based Access Control (RBAC) Role Classification Algorithm includes about Algorithm (Algorithm Preliminaries, Algorithm - Training Phase, Algorithm - Classification Phase, Classification Algorithm Pseudocode), Experiments.

9 Role-Based Access Control (RBAC)

Role Classification Algorithm

Prof. Bharat Bhargava Center for Education and Research in Information Assurance and Security (CERIAS)

and Department of Computer Sciences

Purdue University http://www.cs.purdue.edu/people/bb bb@cs.purdue.edu

Collaborators in the RAID Lab (http://raidlab.cs.purdue.edu):

Ms. E. Terzi (former Graduate Student)

Dr. Yuhui Zhong (former Ph.D Student) Prof Sanjay Madria (U Missouri-Rolla)

This research is supported by CERIAS and NSF grants from IIS and ANIR.

RBAC Role Classification Algorithm

- Outline

1) Introduction

2) Algorithm

2.1) Algorithm Preliminaries

2.2) Algorithm - Training Phase

2.3) Algorithm - Classification Phase

3) Experiments

3.1) Experiment 1: Classification Accuracy

1) Introduction

 Goals for RBAC Role Classification Algorithm

 Detect intruders (malicious users) that enter the system

 Build user role profiles using a supervised clustering algorithm

 Incorporate the method in RBAC Server Architecture

 Context

 Role server architecture that dynamically assigns roles to users based

on trust and credential information

 Role classification algorithm phases

 Training phase

selected training set of normal audit log records

 Classification phase

according to the profile of the role they are holding

[E Terzi, Y Zhong, B Bhargava et al., 2002]

2) Algorithm 2.1) Algorithm Preliminaries

 Data format

Audit log record

where:

 X 1 , X 2 ,…,X n - n attributes of the audit log

 R i : role held by user who created the log record

assumption:

Every user can hold only one role

No records of the form:  [X 1 , X 2 ,…,X n , R i ]  [X 1 , X 2 ,…,X n , R j]

2.2) Algorithm - Training Phase

 Training Phase – Building the Cluster

selected audit data attributes of all the users that belong to the specific role

 a) For each training data record (Rec cur ), calculate its Euclidean

distance from each one of existing clusters

b) Find the closest cluster C cur to Rec cur

c) If role represented by C cur = role of Rec cur then cluster Rec cur to C cur else create a new cluster C new containing Rec cur

C new centroid: Rec cur

C new role: Role of Rec cur

2.3) Algorithm - Classification Phase

 Classification Phase

of a user U and each existing cluster

 a) Find cluster C min closer to Rec new

b) Find cluster C cur closest to Rec new

c) if role represented by C cur = role of Rec new

then U is a normal user else U is an intruder and an alarm is raised

for every cluster C i in cluster list

    calculate the distance between Rec and C i

find   the closest cluster C min

if C min .role = Rec.role

then return else raise alarm

Input: Training audit log record [X1, X2 ,…,Xn, R], 

where X1,,…,Xn are attribute values, and R is the 

user’s role

Output: A list of centroid representations of clusters  

[M1, M2 ,…, Mn, pNum, R]

Step 1: for every role R i , create one cluster C i

C i .role = R i         for 

every attribute M k:

i

i r role R R

role

r k k

i M r X

2.4) Classification Algorithm Pseudocode

Step 2: for every training record Rec i calculate its Euclidean distance from existing clusters

find the closest cluster C min

if C min .role = Rec i .role

then reevaluate the attribute values

else  create new cluster C j

         C j .role = Rec i .role

         for every attribute M k:   C j .M  k  = Rec i .M k

 Training Phase – Build Clusters

 Classification Phase – Detect Malicious Users

3) Experiments 3.1) Experiment 1: Classification Accuracy

2000 records

Substi-tute 0% - 90% of

records from the

training set with

new records

Role Classification Experiments

0 50 100 150

0 10 20 30 40 50 60 70 80 90

% of misbehaved profiles

2 roless

4 roles

6 roless

 Experiment results

3.2) Experiment 2: Detection & Diagnosis

 Test the ability of the algorithm to point out misbehaviors and specify the type of misbehavior

2000 records

the role attribute

of 0%-90% of

the 2000 records

from the training

set

Role Classification Experiments

0 50 100 150

0 10 20 30 40 50 60 70 80 90

% of misbehaved profiles

2 roless

4 roles

6 roless

 Experiment results

3.3) Experiment Summary

 Accuracy of detection of malicious users by the classification algorithm ranges from 60% to 90%

 90% of misbehaviors identified in a friendly environment

malicious

 60% of misbehaviors identified in an unfriendly environment

malicious)

Our Research at Purdue

NSF, Cisco, Motorola, DARPA

Trust", in Proc of Data Warehouse and Knowledge Management Conference (DaWaK), Sept 2002

 E Terzi, Y Zhong, B Bhargava, Pankaj, and S Madria, "An

Algorithm for Building User-Role Profiles in a Trust Environment", in Proc of DaWaK, Sept 2002

Communication for Medical Care,” in Proc of 6th Intl Workshop on Mobility in Databases and Distributed Systems (MDDS), Prague, Czechia, Sept 2003

Detection", in Proc of DaWaK, Prague, Czech Republic, Sept 2003

THE END