Digital flight plans for server access control: Restricting anomalous activity with path-based declarations of intentions
| Autor: | Ronald P. Loui, Lucinda Caughey |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
File system
business.industry Computer science Byte Access control 02 engineering and technology Data loss Encryption Computer security computer.software_genre 020204 information systems Server 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Anomaly detection business computer PATH (variable) |
| Zdroj: | ICCST |
| DOI: | 10.1109/ccst.2016.7815705 |
| Popis: | In response to increasing threats of malicious activity and data loss on servers, we propose a different and practical strategy for access control modeled after flight plans for pilots, which mixes existing role-based, object-based, and intention-based access models; it supports much finer grained, real-time, sequence-oriented anomaly detection. Users are required to declare their intended “flight path” in advance, a sketch of resource use: this may vary in detail, but could include database tables, file system directories, byte and bandwidth limits, use of encryption and archive creation, command sets, connection time, number and origin of connections, and ports. Sequence information provides especially strong constraint, even if it incomplete. We find an important place for active, on-line human sampling of flight plans, as well as pre-authorization for non-standard paths, and alerts for deviation from path. We also find a place for improved user profiling and a paradigm shift from ex-post log-based reconstruction of user activity to ex-ante declaration. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|