19 research outputs found
No NAT'd User left Behind: Fingerprinting Users behind NAT from NetFlow Records alone
It is generally recognized that the traffic generated by an individual
connected to a network acts as his biometric signature. Several tools exploit
this fact to fingerprint and monitor users. Often, though, these tools assume
to access the entire traffic, including IP addresses and payloads. This is not
feasible on the grounds that both performance and privacy would be negatively
affected. In reality, most ISPs convert user traffic into NetFlow records for a
concise representation that does not include, for instance, any payloads. More
importantly, large and distributed networks are usually NAT'd, thus a few IP
addresses may be associated to thousands of users. We devised a new
fingerprinting framework that overcomes these hurdles. Our system is able to
analyze a huge amount of network traffic represented as NetFlows, with the
intent to track people. It does so by accurately inferring when users are
connected to the network and which IP addresses they are using, even though
thousands of users are hidden behind NAT. Our prototype implementation was
deployed and tested within an existing large metropolitan WiFi network serving
about 200,000 users, with an average load of more than 1,000 users
simultaneously connected behind 2 NAT'd IP addresses only. Our solution turned
out to be very effective, with an accuracy greater than 90%. We also devised
new tools and refined existing ones that may be applied to other contexts
related to NetFlow analysis
STIXnet: A Novel and Modular Solution for Extracting All STIX Objects in CTI Reports
The automatic extraction of information from Cyber Threat Intelligence (CTI)
reports is crucial in risk management. The increased frequency of the
publications of these reports has led researchers to develop new systems for
automatically recovering different types of entities and relations from textual
data. Most state-of-the-art models leverage Natural Language Processing (NLP)
techniques, which perform greatly in extracting a few types of entities at a
time but cannot detect heterogeneous data or their relations. Furthermore,
several paradigms, such as STIX, have become de facto standards in the CTI
community and dictate a formal categorization of different entities and
relations to enable organizations to share data consistently. This paper
presents STIXnet, the first solution for the automated extraction of all STIX
entities and relationships in CTI reports. Through the use of NLP techniques
and an interactive Knowledge Base (KB) of entities, our approach obtains F1
scores comparable to state-of-the-art models for entity extraction (0.916) and
relation extraction (0.724) while considering significantly more types of
entities and relations. Moreover, STIXnet constitutes a modular and extensible
framework that manages and coordinates different modules to merge their
contributions uniquely and exhaustively. With our approach, researchers and
organizations can extend their Information Extraction (IE) capabilities by
integrating the efforts of several techniques without needing to develop new
tools from scratch.Comment: 11 pages, 3 figure
Evaluating the Risk of Adopting RBAC Roles
Abstract. We propose a framework to evaluate the risk incurred when managing users and permissions through RBAC. The risk analysis framework does not require roles to be defined, thus making it applicable before the role engineering phase. In particular, the proposed approach highlights users and permissions that markedly deviate from others, and that might consequently be prone to error when roles are operating. By focusing on such users and permissions during the role definition process, it is possible to mitigate the risk of unauthorized accesses and role misuse
A probabilistic bound on the basic role mining problem and its applications
Abstract The aim of this paper is to describe a new probabilistic approach to the role engineering process for RBAC. We address the issue of minimizing the number of roles, problem known in literature as the Basic Role Mining Problem (basicRMP). We leverage the equivalence of the above issue with the vertex coloring problem. Our main result is to prove that the minimum number of roles is sharply concentrated around its expected value. A further contribution is to show how this result can be applied as a stop condition when striving to find out an approximation for the basicRMP. The proposal can be also used to decide whether it is advisable to undertake the efforts to renew a RBAC state. Both these applications can result in a substantial saving of resources. A thorough analysis using advanced probabilistic tools supports our results. Finally, further relevant research directions are highlighted
Role mining over big and noisy data theory and some applications
RBAC (Role-Based Access Control [2]) is a widely adopted access control model.
According to this model, roles are created for various job functions within the
organization. The permissions required to perform certain operations are assigned
to specific roles. System users, in turn, are assigned to appropriate
roles based on their responsibilities and qualifications. Through role assignments
they acquire the permissions to perform particular system functions. By
deploying RBAC systems, organizations obtain several benefits such as simplified
access control administration, improved organizational productivity, and
security policy enforcement.
Companies that plan to use RBAC model are usually large or medium organizations
that are currently using other access control models and/or legacy
systems. Despite the benefits related to RBAC, it is sometimes hard for these
organizations to adopt such a model. Indeed, there is an important issue that
needs to be addressed: the model must be customized to capture the needs
and functions of the company. For this purpose, the role engineering discipline
[21] has been introduced. Various approaches to role engineering have
been proposed, which are usually classified as: top-down and bottom-up. The
former requires a deep analysis of business processes to identify which access
permissions are necessary to carry out specific tasks. The latter seeks to
identify de facto roles embedded in existing access control information. Since
bottom-up approaches usually resort to data mining techniques, the term role
mining is often used as a synonym for bottom-up.
This thesis is devoted to role mining techniques, and their applications
to large scale datasets. Several works prove that the role mining problem is
reducible to many other well-known NP-hard problems, such as binary matrices
factorization [56, 72] and tiling database [38] to cite a few. Therefore,
most of the existing theoretical approaches cannot be directly applied to large
datasets. Indeed, such algorithms have a complexity that is not linear com-
pared to the number of users or permissions to analyze [6, 29, 78]. In this
thesis, the main drawbacks of traditional role mining tasks that are based on
minimality measures are highlighted. Indeed, a minimal set of roles is generally
not useful to the system administrators. We point out that in order to
provide a good candidate role-set, role mining algorithms have to take into
account business information as well.
We address the problem of reducing the role mining complexity in RBAC
systems by making it practical and usable. The first approach that we propose
is to elicit stable candidate roles, by contextually simplifying the role selection
task. Furthermore, we introduce two methodologies that can be combined
together in order to elicit meaningful roles, while reducing the role mining
complexity. The first is a divide et impera strategy that is driven by one or
more business attributes. The second methodology, overcomes the main limitation
of the divide et impera approach by reducing the problem size without
sacrificing on utility and accuracy. The original access control dataset is compressed
and then analyzed in order to identify interesting portions, which are
then reconstructed. Any existing role mining algorithm can be used to analyze
the reconstructed portions—that are orders of magnitude smaller than
the original dataset.
We point out that to effectively elicit a deployable role-set, role engineers
have to handle the noise that is always present within access control datasets.
It is important to figure out if there are assignments that have been not granted,
but that, if they would be granted, they could help the management of the
role set. Also, it is important to figure out if there are permissions that have
been accidentally granted, but that could hinder the role management. We
introduce two algorithms that are able to find missing and abnormal userpermission
assignments. Furthermore, we introduce a fast update operation
that quickly re-evaluate the dataset when a modification occurs during the
normal life cycle of the roles.
Further, we introduce a new approach to the role mining, referred to as
visual role mining. It offers a graphical way to effectively navigate the result of
any existing role mining algorithm, showing at glance what it would take a lot
of data to expound. Moreover, we allow to visually identify meaningful roles
within access control data without resorting to traditional role mining tools.
Finally, some final remarks as well as future research directions are highlighted
Role mining over big and noisy data theory and some applications
RBAC (Role-Based Access Control [2]) is a widely adopted access control model.
According to this model, roles are created for various job functions within the
organization. The permissions required to perform certain operations are assigned
to specific roles. System users, in turn, are assigned to appropriate
roles based on their responsibilities and qualifications. Through role assignments
they acquire the permissions to perform particular system functions. By
deploying RBAC systems, organizations obtain several benefits such as simplified
access control administration, improved organizational productivity, and
security policy enforcement.
Companies that plan to use RBAC model are usually large or medium organizations
that are currently using other access control models and/or legacy
systems. Despite the benefits related to RBAC, it is sometimes hard for these
organizations to adopt such a model. Indeed, there is an important issue that
needs to be addressed: the model must be customized to capture the needs
and functions of the company. For this purpose, the role engineering discipline
[21] has been introduced. Various approaches to role engineering have
been proposed, which are usually classified as: top-down and bottom-up. The
former requires a deep analysis of business processes to identify which access
permissions are necessary to carry out specific tasks. The latter seeks to
identify de facto roles embedded in existing access control information. Since
bottom-up approaches usually resort to data mining techniques, the term role
mining is often used as a synonym for bottom-up.
This thesis is devoted to role mining techniques, and their applications
to large scale datasets. Several works prove that the role mining problem is
reducible to many other well-known NP-hard problems, such as binary matrices
factorization [56, 72] and tiling database [38] to cite a few. Therefore,
most of the existing theoretical approaches cannot be directly applied to large
datasets. Indeed, such algorithms have a complexity that is not linear com-
pared to the number of users or permissions to analyze [6, 29, 78]. In this
thesis, the main drawbacks of traditional role mining tasks that are based on
minimality measures are highlighted. Indeed, a minimal set of roles is generally
not useful to the system administrators. We point out that in order to
provide a good candidate role-set, role mining algorithms have to take into
account business information as well.
We address the problem of reducing the role mining complexity in RBAC
systems by making it practical and usable. The first approach that we propose
is to elicit stable candidate roles, by contextually simplifying the role selection
task. Furthermore, we introduce two methodologies that can be combined
together in order to elicit meaningful roles, while reducing the role mining
complexity. The first is a divide et impera strategy that is driven by one or
more business attributes. The second methodology, overcomes the main limitation
of the divide et impera approach by reducing the problem size without
sacrificing on utility and accuracy. The original access control dataset is compressed
and then analyzed in order to identify interesting portions, which are
then reconstructed. Any existing role mining algorithm can be used to analyze
the reconstructed portions—that are orders of magnitude smaller than
the original dataset.
We point out that to effectively elicit a deployable role-set, role engineers
have to handle the noise that is always present within access control datasets.
It is important to figure out if there are assignments that have been not granted,
but that, if they would be granted, they could help the management of the
role set. Also, it is important to figure out if there are permissions that have
been accidentally granted, but that could hinder the role management. We
introduce two algorithms that are able to find missing and abnormal userpermission
assignments. Furthermore, we introduce a fast update operation
that quickly re-evaluate the dataset when a modification occurs during the
normal life cycle of the roles.
Further, we introduce a new approach to the role mining, referred to as
visual role mining. It offers a graphical way to effectively navigate the result of
any existing role mining algorithm, showing at glance what it would take a lot
of data to expound. Moreover, we allow to visually identify meaningful roles
within access control data without resorting to traditional role mining tools.
Finally, some final remarks as well as future research directions are highlighted
Introducing epidemic models for data survivability in Unattended Wireless Sensor Networks
One of the most relevant issues pertaining UWSNis to guarantee a certain level of information survivability,even in presence of a powerful attacker. In this paper, weprovide a preliminary assessment of epidemic-domain inspiredapproaches to model the information survivability in UWSN.In particular, we show that epidemic models can be used to setup the parameters that allow the information to survive, onceestimated the maximal compromising power of the attacker.Further, we point out that the mere application of these modelsis not always the right choice. Indeed, it comes out that thesedeterministic models are not enough accurate, and ?unlikely?events can cause the loss of the datum. Finally, we providesome final comments, as well as promising research directions
Analyzing Android Encrypted Network Traffic to Identify User Actions
Mobile devices can be maliciously exploited to violate the privacy of people. In most attack scenarios, the adversary takes the local or remote control of the mobile device, by leveraging a vulnerability of the system, hence sending back the collected information to some remote web service. In this paper, we consider a different adversary, who does not interact actively with the mobile device, but he is able to eavesdrop the network traffic of the device from the network side (e.g., controlling a Wi-Fi access point). The fact that the network traffic is often encrypted makes the attack even more challenging. In this paper, we investigate to what extent such an external attacker can identify the specific actions that a user is performing on her mobile apps. We design a system that achieves this goal using advanced machine learning techniques. We built a complete implementation of this system, and we also run a thorough set of experiments, which show that our attack can achieve accuracy and precision higher than 95%, for most of the considered actions. We compared our solution with the three state-of-the-art algorithms, and confirming that our system outperforms all these direct competitors
Track me if you can: Transparent obfuscation for Location based Services
Although Location-based Services (LBSs) offer evident advantages to their users, many privacy concerns are sought when user tracking data are shared with the service provider. Existing privacy enhancing solutions (e.g. k-anonymity) usually degrade service precision, and also require the collaboration of the service provider-this latter one not always willing to lose control over the user's location data. In this paper, we propose a solution that is able to obfuscate the user's path to the service provider, while preserving (for the LBS) the capability to compute a few functions-useful for the user-over the obfuscated path. In particular, we provide several contributions: first, we formalize the concept of obfuscation function, and we propose a solution that provides user privacy while allowing users to continue leveraging the services offered by the service provider. Moreover, we formally prove the privacy preserving properties of our approach. Finally, an extensive experimental campaign supports the feasibility of our approach, showing that the proposed solution can be efficiently implemented over mobile device