A Self-Adaptive Bell-LaPadula Model Based on Model Training With Historical Access Logs

In currently popular access control models, the security policies and regulations never change in the running system process once they are identified, which makes it possible for attackers to find the vulnerabilities in a system, resulting in the lack of ability to perceive the system security statu...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on information forensics and security 2018-08, Vol.13 (8), p.2047-2061
Hauptverfasser: Tang, Zhuo, Ding, Xiaofei, Zhong, Ying, Yang, Li, Li, Keqin
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In currently popular access control models, the security policies and regulations never change in the running system process once they are identified, which makes it possible for attackers to find the vulnerabilities in a system, resulting in the lack of ability to perceive the system security status and risks in a dynamic manner and exposing the system to such risks. By introducing the maximum entropy (MaxENT) models into the rule optimization for the Bell-LaPadula (BLP) model, this paper proposes an improved BLP model with the self-learning function: MaxENT-BLP. This model first formalizes the security properties, system states, transformational rules, and a constraint model based on the states transition of the MaxENT. After handling the historical system access logs as the original data sets, this model extracts the user requests, current states, and decisions to act as the feature vectors. Second, we use k -fold cross validation to divide all vectors into a training set and a testing set. In this paper, the model training process is based on the Broyden-Fletcher-Goldfarb-Shanno algorithm. And this model contains a strategy update algorithm to adjust the access control rules dynamically according to the access and decision records in a system. Third, we prove that MaxENT-BLP is secure through theoretical analysis. By estimating the precision, recall, and F1-score, the experiments show the availability and accuracy of this model. Finally, this paper provides the process of model training based on deep learning and discussions regarding adversarial samples from the malware classifiers. We demonstrate that MaxENT-BLP is an appropriate choice and has the ability to help running information systems to avoid more risks and losses.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2018.2807793