access control with trust and machine learning
TRANSCRIPT
![Page 1: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/1.jpg)
NISNet PhD student workshop, Bergen, Norway01-03 September 2010
Access Control with Trust and Machine Learning
Sergiy Gladysh
NTNU, ITEM
![Page 2: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/2.jpg)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
2Access Control: General Model
Requests
Access Control Policy
(PDP – Policy Decision Point)
O11
Audit Log
Information Security Boundary
O12 O13
Objects
O21 O22 O23
B
A
C
Reference Monitor
(PEP – Policy Enforcement Point)
![Page 3: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/3.jpg)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
3Discretionary Access Control (DAC)
O11
D
O12
O13
O14
C
A
B
...
Users
Authorization
Reference Monitor
Access Matrix
ACL1:A: r, wB: rC: r:
O1 O2 O3 ...A: r,w r -B: r r rwC: r: r r
O21
O22
O23
O24
ACL2:A: rB: r, wC: r, w
ObjectsInformation Security Boundary
![Page 4: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/4.jpg)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
4Mandatory Access Control (MAC)
O11
D
O12
O13
O14
Users
O21
O22
O23
O24
Objects
Information Security Boundary
Confidentiality Label 2
Access Level 1
Access Level 2
Access Level 3
Access Level 4
C
B
A
Confidentiality Label 2
Top Secret
Secret
Confidential
Unclassified
Reference Monitor
![Page 5: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/5.jpg)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
5
Role-Based Access Control (RBAC)
P11
D
P12
P13
C
A
B
Role1
...
Users
Permissions
User-Role Assignment
Role2
Roles
O11
O12
O13
O14
Objects
P21
P22
P23
Permissions
O21
O22
O23
O24
Objects
Se
ssio
ns
Se
ssio
ns
Role Activation
(UA) (RA)
![Page 6: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/6.jpg)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
6
Context-Aware RBAC, Dynamic Constraints, ABAC
P11
D
P12
P13
C
A
B
Role1...
Users RA Constraints: - Location;- Temporal
PermissionsUser-Role Assignment
Role2
Roles
O11
O12
O13
O14
Objects
P21
P22
P23
Permissions
O21
O22
O23
O24
Objects
Se
ssio
ns
Ses
sio
ns
Role Activation
(UA) (RA)
UA Constraints: - Separation of Duties (SoD);- Attributes (ABAC, XACML)
![Page 7: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/7.jpg)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
7Problems in Open Environments
Requests
Access Control Policy
(PDP – Policy Decision Point)
O11
Audit Log
Information Security Boundary
O12 O13
Objects
O21 O22 O23
B
A
C
Reference Monitor(PEP – Policy
Enforcement Point)
X... ZW
?
![Page 8: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/8.jpg)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
8
Trust Network Analysis + Machine Learning
ωEA
ωEB
ωEC
X
E
C
B
A
Trust Metrics - Beta Probability Density Funtions
Problem in Open Environment: New/Unknown User
Trust Network
?
![Page 9: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/9.jpg)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
9
Trust Network Analysis + Machine Learning
ωEA
ωEB
ωEC
ωCX
X
E
C
B
A
Trust Metrics - Beta Probability Density Funtions
Lookup: Graph Query >> Indirect Trust Edge
Trust Network
?
![Page 10: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/10.jpg)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
10
Trust Network Analysis + Machine Learning
ωEA
ωEB
ωEC
ωCX
ωEC ωC
X
X
E
C
B
A
Trust Metrics - Beta Probability Density Funtions
Subjective Logic >> Probabilistic Inferrence of Metric for Indirect Trust
Trust Network
?
![Page 11: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/11.jpg)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
11
Trust Network Analysis + Machine Learning
ωEA
ωEB
ωEC
ωCXωE
C ωCX
X
E
C
B
A
Trust Metrics - Beta Probability Density Funtions
Subjective Logic >> Inferred Metric for Indirect Trust
Trust Network
:) !
![Page 12: Access Control with Trust and Machine Learning](https://reader031.vdocuments.mx/reader031/viewer/2022022415/5a64ad107f8b9a2c568b702b/html5/thumbnails/12.jpg)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
12
RBAC Dynamic Constraints + Trust Network
P11
D
P12
P13
C
A
B
Role1
...
Users RA Constraints: - Location;- Temporal
PermissionsUser-Role Assignment
Role2
Roles
O11
O12
O13
O14
Objects
P21
P22
P23
Permissions
O21
O22
O23
O24
ObjectsS
ess
ion
sS
ess
ions
Role Activation
(UA) (RA)
UA Constraints: - SoD; - ABAC; - Trust / Reputation
Trust Network
ωEA
ωEB
ωEC
ωCX
ωEC ωC
X
X
E
C
B
A