Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 --- 6/16/2015 9:20:53 PM 9. Role-Based Access Control (RBAC) Role Classification Algorithm Prof. Bharat Bhargava Center for Education and Research in.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 --- 6/16/2015 9:20:53 PM 9. Role-Based Access Control (RBAC) Role Classification Algorithm Prof. Bharat Bhargava Center for Education and Research in."— Presentation transcript:

1 1 --- 6/16/2015 9:20:53 PM 9. Role-Based Access Control (RBAC) Role Classification Algorithm Prof. Bharat Bhargava Center for Education and Research in Information Assurance and Security (CERIAS) and Department of Computer Sciences Purdue University http://www.cs.purdue.edu/people/bbbb@cs.purdue.edu Collaborators in the RAID Lab (http://raidlab.cs.purdue.edu): Ms. E. Terzi (former Graduate Student) Dr. Yuhui Zhong (former Ph.D. Student) Prof. Sanjay Madria (U. Missouri-Rolla) This research is supported by CERIAS and NSF grants from IIS and ANIR.

2 2 --- 6/16/2015 9:20:53 PM RBAC Role Classification Algorithm - Outline 1) Introduction 2) Algorithm 2.1) Algorithm Preliminaries 2.2) Algorithm - Training Phase 2.3) Algorithm - Classification Phase 2.4) Classification Algorithm Pseudocode 3) Experiments 3.1) Experiment 1: Classification Accuracy 3.2)Experiment 2: Detection and Diagnosis 3.3) Experiment Summary

3 3 --- 6/16/2015 9:20:53 PM 1) Introduction Goals for RBAC Role Classification Algorithm Detect intruders (malicious users) that enter the system Build user role profiles using a supervised clustering algorithm Incorporate the method in RBAC Server Architecture  RBAC = Role Based Access Control Context Role server architecture that dynamically assigns roles to users based on trust and credential information Role classification algorithm phases Training phase  Build clusters that correspond to the role profiles based on the previously selected training set of normal audit log records Classification phase  Process on the run users audit records and specify whether they behave according to the profile of the role they are holding [E. Terzi, Y. Zhong, B. Bhargava et al., 2002]

4 4 --- 6/16/2015 9:20:53 PM 2) Algorithm 2.1) Algorithm Preliminaries Data format Audit log record [X 1, X 2,…,X n, R i ] where : X 1, X 2,…,X n - n attributes of the audit log R i : role held by user who created the log record assumption: Every user can hold only one role No records of the form: [X 1, X 2,…,X n, R i ] [X 1, X 2,…,X n, R j ] with R i  R j

5 5 --- 6/16/2015 9:20:53 PM 2.2) Algorithm - Training Phase Training Phase – Building the Cluster Create d dummy clusters, where d - nr of all discrete system roles  Centroid - the mean vector, containing the average values of the selected audit data attributes of all the users that belong to the specific role a) For each training data record (Rec cur ), calculate its Euclidean distance from each one of existing clusters b) Find the closest cluster C cur to Rec cur c) If role represented by C cur = role of Rec cur then cluster Rec cur to C cur else create a new cluster C new containing Rec cur C new centroid:  Rec cur C new role:  Role of Rec cur

6 6 --- 6/16/2015 9:20:53 PM 2.3) Algorithm - Classification Phase Classification Phase Calculate distance between the newly produced audit record Rec new of a user U and each existing cluster a) Find cluster C min closer to Rec new b) Find cluster C cur closest to Rec new c) if role represented by C cur = role of Rec new then U is a normal user else U is an intruder and an alarm is raised

7 7 --- 6/16/2015 9:20:53 PM Input: cluster list, audit log record Rec for every cluster C i in cluster list calculate the distance between Rec and C i find the closest cluster C min if C min.role = Rec.role then return else raise alarm Input: Training audit log record [X1, X2,…,Xn, R], where X1,,…,Xn are attribute values, and R is the user’s role Output: A list of centroid representations of clusters [M1, M2,…, Mn, pNum, R] Step 1: for every role R i, create one cluster C i C i.role = R i for every attribute M k : 2.4) Classification Algorithm Pseudocode Step 2: for every training record Rec i calculate its Euclidean distance from existing clusters find the closest cluster C min if C min.role = Rec i.role then reevaluate the attribute values else create new cluster C j C j.role = Rec i.role for every attribute M k : C j.M k = Rec i.M k  Training Phase – Build Clusters  Classification Phase – Detect Malicious Users

8 8 --- 6/16/2015 9:20:53 PM 3) Experiments 3.1) Experiment 1: Classification Accuracy Goal Test classification accuracy of the method Data Training Set: 2000 records Test Set: Substi- tute 0% - 90% of records from the training set with new records  Experiment results

9 9 --- 6/16/2015 9:20:53 PM 3.2) Experiment 2: Detection & Diagnosis Goal Test the ability of the algorithm to point out misbehaviors and specify the type of misbehavior Data Training Set: 2000 records Test Set: Modify the role attribute of 0%-90% of the 2000 records from the training set  Experiment results

10 10 --- 6/16/2015 9:20:53 PM 3.3) Experiment Summary  Accuracy of detection of malicious users by the classification algorithm ranges from 60% to 90%  90% of misbehaviors identified in a friendly environment  Friendly environment - fewer than 20% of behaviors are malicious  60% of misbehaviors identified in an unfriendly environment  Unfriendly environment - at least 90% of behaviors are malicious)

11 11 --- 6/16/2015 9:20:53 PM Our Research at Purdue  Web Site: http/www.cs.purdue.edu/homes/bb  Over one million dollars in current support from: NSF, Cisco, Motorola, DARPA  Selected Publications  B. Bhargava and Y. Zhong, "Authorization Based on Evidence and Trust", in Proc. of Data Warehouse and Knowledge Management Conference (DaWaK), Sept. 2002.  E. Terzi, Y. Zhong, B. Bhargava, Pankaj, and S. Madria, "An Algorithm for Building User-Role Profiles in a Trust Environment", in Proc. of DaWaK, Sept. 2002.  A. Bhargava and M. Zoltowski, “Sensors and Wireless Communication for Medical Care,” in Proc. of 6 th Intl. Workshop on Mobility in Databases and Distributed Systems (MDDS), Prague, Czechia, Sept. 2003.  B. Bhargava, Y. Zhong, and Y. Lu, "Fraud Formalization and Detection", in Proc. of DaWaK, Prague, Czech Republic, Sept. 2003.

12 12 --- 6/16/2015 9:20:53 PM THE END

Download ppt "1 --- 6/16/2015 9:20:53 PM 9. Role-Based Access Control (RBAC) Role Classification Algorithm Prof. Bharat Bhargava Center for Education and Research in."

Similar presentations

Answering Approximate Queries over Autonomous Web Databases Xiangfu Meng, Z. M. Ma, and Li Yan College of Information Science and Engineering, Northeastern.

Answering Approximate Queries over Autonomous Web Databases Xiangfu Meng, Z. M. Ma, and Li Yan College of Information Science and Engineering, Northeastern.
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
Clustering k-mean clustering Genome 559: Introduction to Statistical and Computational Genomics Elhanan Borenstein.

Clustering k-mean clustering Genome 559: Introduction to Statistical and Computational Genomics Elhanan Borenstein.
1 Trust-based Privacy Preservation for Peer-to-peer Data Sharing Y. Lu, W. Wang, D. Xu, and B. Bhargava yilu, wangwc, dxu, cs.purdue.edu Department.

1 Trust-based Privacy Preservation for Peer-to-peer Data Sharing Y. Lu, W. Wang, D. Xu, and B. Bhargava yilu, wangwc, dxu, cs.purdue.edu Department.
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
Face Recognition Face Recognition Using Eigenfaces K.RAMNATH BITS - PILANI.

Face Recognition Face Recognition Using Eigenfaces K.RAMNATH BITS - PILANI.
1 --- 5/7/2015 8:01:19 PM 7. Using Trust for Role-Based Access Control (RBAC) Prof. Bharat Bhargava Center for Education and Research in Information Assurance.

/7/2015 8:01:19 PM 7. Using Trust for Role-Based Access Control (RBAC) Prof. Bharat Bhargava Center for Education and Research in Information Assurance.
IUCRC New Site Planning Grant Purdue University Net-Centric Software and Systems Research Center Joining Existing NSFcenters at Univ. of North Texas, Arizona.

IUCRC New Site Planning Grant Purdue University Net-Centric Software and Systems Research Center Joining Existing NSFcenters at Univ. of North Texas, Arizona.
Dynamics of Learning VQ and Neural Gas Aree Witoelar, Michael Biehl Mathematics and Computing Science University of Groningen, Netherlands in collaboration.

Dynamics of Learning VQ and Neural Gas Aree Witoelar, Michael Biehl Mathematics and Computing Science University of Groningen, Netherlands in collaboration.
Information Security and Assurance Center 1 Address: 615 McCallie Avenue Phone: 423-425-4043 Chattanooga TN 37403

Information Security and Assurance Center 1 Address: 615 McCallie Avenue Phone: Chattanooga TN 37403
International Workshop on Semantic Based GIS Ontology assisted decision making a case study in trip planning for tourism Eleni Tomai, Maria Spanaki, Poulicos.

International Workshop on Semantic Based GIS Ontology assisted decision making a case study in trip planning for tourism Eleni Tomai, Maria Spanaki, Poulicos.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Service Discrimination and Audit File Reduction for Effective Intrusion Detection by Fernando Godínez (ITESM) In collaboration with Dieter Hutter (DFKI)

Service Discrimination and Audit File Reduction for Effective Intrusion Detection by Fernando Godínez (ITESM) In collaboration with Dieter Hutter (DFKI)
K nearest neighbor and Rocchio algorithm

K nearest neighbor and Rocchio algorithm
HMM-BASED PATTERN DETECTION. Outline  Markov Process  Hidden Markov Models Elements Basic Problems Evaluation Optimization Training Implementation 2-D.

HMM-BASED PATTERN DETECTION. Outline  Markov Process  Hidden Markov Models Elements Basic Problems Evaluation Optimization Training Implementation 2-D.
1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.

1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.
CS292 Computational Vision and Language Pattern Recognition and Classification.

CS292 Computational Vision and Language Pattern Recognition and Classification.
Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.

Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.
Improving Image registration accuracy Narendhran Vijayakumar 02/29/2008.

Improving Image registration accuracy Narendhran Vijayakumar 02/29/2008.
Tracking a moving object with real-time obstacle avoidance Chung-Hao Chen, Chang Cheng, David Page, Andreas Koschan and Mongi Abidi Imaging, Robotics and.

Tracking a moving object with real-time obstacle avoidance Chung-Hao Chen, Chang Cheng, David Page, Andreas Koschan and Mongi Abidi Imaging, Robotics and.

Similar presentations

Ads by Google