2,793 research outputs found
An Accurate and Scalable Role Mining Algorithm based on Graph Embedding and Unsupervised Feature Learning
Role-based access control (RBAC) is one of the most widely authorization models used by organizations. In RBAC, accesses are controlled based on the roles of users within the organization. The flexibility and usability of RBAC have encouraged organizations to migrate from traditional discretionary access control (DAC) models to RBAC. The most challenging step in this migration is role mining, which is the process of extracting meaningful roles from existing access control lists. Although various approaches have been proposed to address this NP-complete role mining problem in the literature, they either suffer from low scalability or present heuristics that suffer from low accuracy. In this paper, we propose an accurate and scalable approach to the role mining problem. To this aim, we represent user-permission assignments as a bipartite graph where nodes are users and permissions, and edges are user-permission assignments. Next, we introduce an efficient deep learning algorithm based on random walk sampling to learn low-dimensional representations of the graph, such that permissions that are assigned to similar users are closer in this new space. Then, we use k-means and GMM clustering techniques to cluster permission nodes into roles. We show the effectiveness of our proposed approach by testing it on different datasets. Experimental results show that our approach performs accurate role mining, even for large datasets
Developing and Deploying Security Applications for In-Vehicle Networks
Radiological material transportation is primarily facilitated by heavy-duty
on-road vehicles. Modern vehicles have dozens of electronic control units or
ECUs, which are small, embedded computers that communicate with sensors and
each other for vehicle functionality. ECUs use a standardized network
architecture--Controller Area Network or CAN--which presents grave security
concerns that have been exploited by researchers and hackers alike. For
instance, ECUs can be impersonated by adversaries who have infiltrated an
automotive CAN and disable or invoke unintended vehicle functions such as
brakes, acceleration, or safety mechanisms. Further, the quality of security
approaches varies wildly between manufacturers. Thus, research and development
of after-market security solutions have grown remarkably in recent years. Many
researchers are exploring deployable intrusion detection and prevention
mechanisms using machine learning and data science techniques. However, there
is a gap between developing security system algorithms and deploying prototype
security appliances in-vehicle. In this paper, we, a research team at Oak Ridge
National Laboratory working in this space, highlight challenges in the
development pipeline, and provide techniques to standardize methodology and
overcome technological hurdles.Comment: 10 pages, PATRAM 2
Best practice for caching of single-path code
Single-path code has some unique properties that make it interesting to explore different caching and prefetching alternatives for the stream of instructions. In this paper, we explore different cache organizations and how they perform with single-path code
SoK: Cryptographically Protected Database Search
Protected database search systems cryptographically isolate the roles of
reading from, writing to, and administering the database. This separation
limits unnecessary administrator access and protects data in the case of system
breaches. Since protected search was introduced in 2000, the area has grown
rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques.
Design of such systems is a balancing act between security, functionality,
performance, and usability. This challenge is made more difficult by ongoing
database specialization, as some users will want the functionality of SQL,
NoSQL, or NewSQL databases. This database evolution will continue, and the
protected search community should be able to quickly provide functionality
consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the
tradeoffs between different approaches. To address these challenges, we provide
the following contributions:
1) An identification of the important primitive operations across database
paradigms. We find there are a small number of base operations that can be used
and combined to support a large number of database paradigms.
2) An evaluation of the current state of protected search systems in
implementing these base operations. This evaluation describes the main
approaches and tradeoffs for each base operation. Furthermore, it puts
protected search in the context of unprotected search, identifying key gaps in
functionality.
3) An analysis of attacks against protected search for different base
queries.
4) A roadmap and tools for transforming a protected search system into a
protected database, including an open-source performance evaluation platform
and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac
- …