Towards Continuous Access Control Validation and Forensics

Xiang, Chengcheng; Wu, Yudong; Shen, Bingyu; Shen, Mingyao; Huang, Hao-Chen; Xu, Tianyin; Zhou, Yuanyuan; Moore, C. Ulysses; Jin, Xinxin; Sheng, Tianwei

doi:10.1145/3319535.3363191

Cited by 36 publications

(22 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, a few studies investigated automated techniques or engineering practices to enhance configuration checking code [16], diagnosability [104], interface [45], security [14], [105], [106], configuration data analysis [107], configuration libraries [108], [109], and correlations or coupling in configuration and code [110]- [112]. Our work corroborates and complements the aforementioned work from the perspective of software evolution.…”

Section: Related Worksupporting

confidence: 78%

An Evolutionary Study of Configuration Design and Implementation in Cloud Systems

Zhang¹,

He²,

Legunsen³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Many techniques were proposed for detecting software misconfigurations in cloud systems and for diagnosing unintended behavior caused by such misconfigurations. Detection and diagnosis are steps in the right direction: misconfigurations cause many costly failures and severe performance issues. But, we argue that continued focus on detection and diagnosis is symptomatic of a more serious problem: configuration design and implementation are not yet first-class software engineering endeavors in cloud systems. Little is known about how and why developers evolve configuration design and implementation, and the challenges that they face in doing so.This paper presents a source-code level study of the evolution of configuration design and implementation in cloud systems. Our goal is to understand the rationale and developer practices for revising initial configuration design/implementation decisions, especially in response to consequences of misconfigurations. To this end, we studied 1178 configuration-related commits from a 2.5 year version-control history of four large-scale, activelymaintained open-source cloud systems (HDFS, HBase, Spark, and Cassandra). We derive new insights into the software configuration engineering process. Our results motivate new techniques for proactively reducing misconfigurations by improving the configuration design and implementation process in cloud systems. We highlight a number of future research directions. This is a preprint of the work (with the same title) published at the 43rd International Conference on Software Engineering (ICSE'21). The content should be exactly the same as the conference proceeding version, except that the conference version does not have the replication package due to its page limit. The version is required by ICSE'21 because "accessibility become vital for such a big, distributed and virtual conference"-due to the global COVID-19 pandemic, ICSE'21 will be a virtual conference in zoomsphere.

show abstract

Section: Related Worksupporting

confidence: 78%

An Evolutionary Study of Configuration Design and Implementation in Cloud Systems

Zhang¹,

He²,

Legunsen³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Francisca, et al [9] reviewed applications of ML in object detection and classifi cation. Mohamed Alhoseni, et al [10] proposed a new IoT-enabled Optimal-Deep-Learning based Convolutional-Neural-Network (ODL-CNN) to assist in the process of suspect identifi cation. The Improved Elephant Herd Optimization (IEHO) algorithm was used to optimise the hyper parameters of the DL-CNN model.…”

Section: Literature Reviewmentioning

confidence: 99%

A survey of machine learning applications in digital forensics

Khan¹,

Hanif²,

Muhammad³

2021

Trends Comput Sci Inf Technol

View full text Add to dashboard Cite

“…The framework achieves good results in both real logs and synthetic logs. Xiang et al [7] propose time changing decision tree to process the existing access logs. The time changing decision tree records and continuously monitors the current access control constraints of the system.…”

Section: 2mentioning

confidence: 99%

“…Access control policies are the rules which are used to make an Allow or Deny decision for an access request [6]. Access control policies are mainly configured by experts or generated by policy mining [7,8]. In policy mining, logs are used as input of policy mining algorithm, to automatically mine access control policies.…”

Section: Introductionmentioning

confidence: 99%

An IoT Crossdomain Access Decision‐Making Method Based on Federated Learning

Hao

et al. 2021

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Crossdomain collaboration allows smart devices work together in different Internet of Things (IoT) domains. Trusted third party-based solutions require to fully understand the access information of the collaboration participants to implement crossdomain access control, which brings privacy risk. In this paper, we propose a federated learning-based crossdomain access decision-making method (FCAD), which builds a crossdomain access decision-making model without sharing privacy information of collaboration participants. Crossdomain access logs are extracted to construct a training dataset. Data enhancement method is used to address the uneven distribution of the dataset. Federated learning and gradient aggregation methods are used to prevent privacy leaks. The experiments on the public dataset show that FCAD obtains a prediction accuracy of 83.6% in the existing crossdomain access system.

show abstract

Towards Continuous Access Control Validation and Forensics

Cited by 36 publications

References 39 publications

An Evolutionary Study of Configuration Design and Implementation in Cloud Systems

An Evolutionary Study of Configuration Design and Implementation in Cloud Systems

A survey of machine learning applications in digital forensics

An IoT Crossdomain Access Decision‐Making Method Based on Federated Learning

Contact Info

Product

Resources

About