Learning to Customize Network Security Rules

Security is a major concern for organizations who wish to leverage cloud computing. In order to reduce security vulnerabilities, public cloud providers offer firewall functionalities. When properly configured, a firewall protects cloud networks from cyber-attacks. However, proper firewall configuration requires intimate knowledge of the protected system, high expertise and on-going maintenance. As a result, many organizations do not use firewalls effectively, leaving their cloud resources vulnerable. In this paper, we present a novel supervised learning method, and prototype, which compute recommendations for firewall rules. Recommendations are based on sampled network traffic meta-data (NetFlow) collected from a public cloud provider. Labels are extracted from firewall configurations deemed to be authored by experts. NetFlow is collected from network routers, avoiding expensive collection from cloud VMs, as well as relieving privacy concerns. The proposed method captures network routines and dependencies between resources and firewall configuration. The method predicts IPs to be allowed by the firewall. A grouping algorithm is subsequently used to generate a manageable number of IP ranges. Each range is a parameter for a firewall rule. We present results of experiments on real data, showing ROC AUC of 0.92, compared to 0.58 for an unsupervised baseline. The results prove the hypothesis that firewall rules can be automatically generated based on router data, and that an automated method can be effective in blocking a high percentage of malicious traffic.Comment: 5 pages, 5 figures, one tabl

Secure access control for health information sharing systems

The 2009 Health Information Technology for Economic and Clinical Health Act (HITECH) encourages healthcare providers to share information to improve healthcare quality at reduced cost. Such information sharing, however, raises security and privacy concerns that require appropriate access control mechanisms to ensure Health Insurance Portability and Accountability Act (HIPAA) compliance. Current approaches such as Role-Based Access Control (RBAC) and its variants, and newer approaches such as Attribute-Based Access Control (ABAC) are inadequate. RBAC provides simple administration of access control and user permission review, but demands complex initial role engineering and makes access control inflexible. ABAC, on the other hand, simplifies initial setup but increases the complexity of managing privileges and user permissions. These limitations have motivated research into the development of newer access control models that use attributes and policies while preserving RBAC\u27s strengths. The BiLayer Access Control (BLAC) model is a two-step method being proposed to integrate attributes with roles: an access request is checked against pseudoroles, i.e., the list of subject attributes (first layer), and then against rules within the policies (second layer) associated with the requested object. This paper motivates the BLAC approach, outlines the BLAC model, and illustrates its usefulness to healthcare information sharing environments

Mismorphism: a Semiotic Model of Computer Security Circumvention (Extended Version)

In real world domains, from healthcare to power to finance, we deploy computer systems intended to streamline and improve the activities of human agents in the corresponding non-cyber worlds. However, talking to actual users (instead of just computer security experts) reveals endemic circumvention of the computer-embedded rules. Good-intentioned users, trying to get their jobs done, systematically work around security and other controls embedded in their IT systems. This paper reports on our work compiling a large corpus of such incidents and developing a model based on semiotic triads to examine security circumvention. This model suggests that mismorphisms---mappings that fail to preserve structure---lie at the heart of circumvention scenarios; differential perceptions and needs explain users\u27 actions. We support this claim with empirical data from the corpus

Quantifying Policy Administration Cost in an Active Learning Framework

This paper proposes a computational model for policy administration. As an organization evolves, new users and resources are gradually placed under the mediation of the access control model. Each time such new entities are added, the policy administrator must deliberate on how the access control policy shall be revised to reflect the new reality. A well-designed access control model must anticipate such changes so that the administration cost does not become prohibitive when the organization scales up. Unfortunately, past Access Control research does not offer a formal way to quantify the cost of policy administration. In this work, we propose to model ongoing policy administration in an active learning framework. Administration cost can be quantified in terms of query complexity. We demonstrate the utility of this approach by applying it to the evolution of protection domains. We also modelled different policy administration strategies in our framework. This allowed us to formally demonstrate that domain-based policies have a cost advantage over access control matrices because of the use of heuristic reasoning when the policy evolves. To the best of our knowledge, this is the first work to employ an active learning framework to study the cost of policy deliberation and demonstrate the cost advantage of heuristic policy administration

Toward Effective Access Control Using Attributes and Pseudoroles

Sharing of information is fundamental to modern computing environments across many application domains. Such information sharing, however, raises security and privacy concerns that require effective access control to prevent unauthorized access and ensure compliance with various laws and regulations. Current approaches such as Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC) and their variants are inadequate. Although it provides simple administration of access control and user revocation and permission review, RBAC demands complex initial role engineering and makes access control static. ABAC, on the other hand, simplifies initial security setup and enables flexible access control, but increases the complexity of managing privileges, user revocation and user permissions review. These limitations of RBAC and ABAC have thus motivated research into the development of newer models that use attributes and policies while preserving RBAC\u27s advantages. This dissertation explores the role of attributes---characteristics of entities in the system---in achieving effective access control. The first contribution of this dissertation is the design and development of a secure access system using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). The second contribution is the design and validation of a two-step access control approach, the BiLayer Access Control (BLAC) model. The first layer in BLAC checks whether subjects making access requests have the right BLAC pseudoroles---a pseudorole is a predefined subset of a subject\u27s static attributes. If requesting subjects hold the right pseudoroles, the second layer checks rule(s) within associated BLAC policies for further constraints on access. BLAC thus makes use of attributes effectively while preserving RBAC\u27s advantages. The dissertation\u27s third contribution is the design and definition of an evaluation framework for time complexity analysis, and uses this framework to compare BLAC model with RBAC and ABAC. The fourth contribution is the design and construction of a generic access control threat model, and applying it to assess the effectiveness of BLAC, RBAC and ABAC in mitigating insider threats