Analysing Access Control Specifications

Christian W. Probst, René Rydhof Hansen

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

    619 Downloads (Pure)

    Abstract

    When prosecuting crimes, the main question to answer is often who had a motive and the possibility to commit the crime. When investigating cyber crimes, the question of possibility is often hard to answer, as in a networked system almost any location can be accessed from almost anywhere. The most common tool to answer this question, analysis of log files, faces the problem that the amount of logged data may be overwhelming. This problems gets even worse in the case of insider attacks, where the attacker’s actions usually will be logged as permissible, standard actions—if they are logged at all. Recent events have revealed intimate knowledge of surveillance and control systems on the side of the attacker, making it often impossible to deduce the identity of an inside attacker from logged data. In this work we present an approach that analyses the access control configuration to identify the set of credentials needed to reach a certain location in a system. This knowledge allows to identify a set of (inside) actors who have the possibility to commit an insider attack at that location. This has immediate applications in analysing log files, but also nontechnical applications such as identifying possible suspects, or, beyond cyber crimes, picking the “best” actor for a certain task. We also sketch an online analysis that identifies where an actor can be located based on observed actions.
    Original languageEnglish
    Title of host publicationProceedings of the Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering
    PublisherIEEE
    Publication date2009
    ISBN (Print)978-0-7695-3792-4
    DOIs
    Publication statusPublished - 2009
    Event2009 Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering - Berkeley, United States
    Duration: 21 May 200921 May 2009
    https://ieeexplore.ieee.org/xpl/conhome/5341543/proceeding

    Workshop

    Workshop2009 Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering
    Country/TerritoryUnited States
    CityBerkeley
    Period21/05/200921/05/2009
    Internet address

    Bibliographical note

    Copyright: 2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE

    Fingerprint

    Dive into the research topics of 'Analysing Access Control Specifications'. Together they form a unique fingerprint.

    Cite this