微信服务号

微信订阅号

2025-4-3- 23
Home > Archive>Volume 22, Issue 5, 2011 >1020-1030. DOI:10.3724/SP.J.1001.2011.03823
PDF HTML XML Export Cite reminder
Optimal Mining on Security Labels in Multilevel Security System
Author:
Affiliation:

  • Article
    • | |
  • Metrics
    • |
  • Reference [19]
    • |
  • Related [20]
    • |
  • Cited by
    • | |
  • Comments
    Abstract:

    This paper presents a bottom-up approach to implement the automatic and scientific transform of access control policies in the migration. First, the problem of mining security labels optimally is described formally, and it is then proved to be NP-complete. Next, an approximate optimization algorithm based on hierarchical clustering and genetic algorithm is presented, which decomposes the problem into two parts: category partition and secret level assignation. Finally, experimental results show that the algorithm is effective in finding an optimal solution. The proposed approach can be applied to migration projects in hierarchy protection in information security.

    Reference
    [1] Bell D, LaPadual LJ. Secure computer system: Unified exposition and MULTICS interpretation. Technical Report, MTR-2997Rev.1, Bedford: The MITRE Corporation, 1976.
    [2] Bell D, LaPadual LJ. Secure computer systems: Mathematical foundations. Technical Report, MTR-2547 Vol I, Bedford: TheMITRE Corporation, 1973.
    [3] Wu YJ, Liang HL, Zhao C. A multi-level security model with least privilege support for trusted subject. Journal of Software,2007,18(3):1-2 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/18/730.htm [doi: 10.1360/jos180730]
    [4] Li YF, Shen CX. A new security model for operating system. Science in China (Series E): Information Sciences, 2006,36(4):1-2 (in Chinese with English abstract).
    [5] Chaudhuri A, Naldurg P, Rajamani SK. EON: Modeling and analyzing dynamic access control systems with logic programs. In:Proc. of the 15th ACM Conf. on Computer and Communications Security (CCS 2008). New York: ACM Press, 2008. 1-2.
    [6] Vaidya J, Atluri V, Warner J. Roleminer: Mining roles using subset enumeration. In: Proc. of the 13th ACM Conf. on Computerand Communications Security (CCS 2006). New York: ACM Press, 2006. 1-2. [doi: 10.1145/1180405.1180424]
    [7] Zhang D, Ramamohanrao K, Ebringer T. Role engineering using graph optimisation. In: Proc. of the 12th ACM Symp. on AccessControl Models and Technologies (SACMAT 2007). New York: ACM Press, 2007. 1-2. [doi: 10.1145/1266840.1266862]
    [8] Vaidya J, Atluri V, Guo Q. The role mining problem: Finding a minimal descriptive set of roles. In: Proc. of the 12th ACM Symp.on Access Control Models and Technologies. New York: ACM Press, 2007. 1-2. [doi: 10.1145/1266840.1266870]
    [9] Lu H, Vaidya J, Atluri V. Optimal Boolean matrix decomposition: Application to role engineering. In: Proc. of the 24th Int’l Conf.on Data Engineering (ICDE 2008). Cancun: IEEE Computer Society Press, 2008. 1-2. [doi: 10.1109/ICDE.2008.4497438]
    [10] Frank M, Basin D, Buhmann JM. A class of probabilistic models for role engineering. In: Proc. of the 15th ACM Conf. onComputer and Communications Security (CCS 2008). New York: ACM Press, 2008. 1-2. [doi: 10.1145/1455770.1455809]
    [11] Molloy I, Chen H, Li TC, Calo S, Lobo J, Wang QH, Li NH, Bertino E. Mining roles with semantic meanings. In: Proc. of the 13thACM Symp. on Access Control Models and Technologies (SACMAT 2008). New York: ACM Press, 2008. 1-2. [doi:10.1145/1377836.1377840]
    [12] Bauer L, Garriss S, Reiter MK. Detecting and resolving policy misconfigurations in access-control systems. In: Proc. of the 13thACM Symp. on Access Control Models and Technologies. New York: ACM Press, 2008. 1-2. [doi: 10.1145/1377836.1377866]
    [13] Miettinen P. The discrete basis problem [MS. Thesis]. Helsinki: University of Helsinki, 2006.
    [14] Miettinen P, Mielikainen T, Gionis A, Das G, Mannila H. The discrete basis problem. IEEE Trans. on Knowledge and DataEngineering, 2008,20(10):1-2. [doi: 10.1109/TKDE.2008.53]
    [15] Berkhin P. Survey of clustering data mining techniques. Technical Report, EE242, San Jose: Accrue Software, 2002.
    [16] Xie X, Bcni G. A validity measure for fuzzy clustering. IEEE Trans. on Pattern Analysis and Machine Intelligence, 1991,13(8):84l-847. [doi: 10.1109/34.85677]
    [17] Kapp AV, Tibshirani R. Are clusters found in one datasetpresent in another dataset? Biostatistics, 2007,8(1):1-2.
    [18] Maekawa K, Mori N, Tamaki H, Kita H, Nishikawa Y. A genetic solution for the traveling salesman problem by means of athermodynamical selection rule. In: Fukuda T, Furuhashi T, eds. Proc. of the IEEE Conf. on Evolutionary Computation. New York:IEEE Press, 1996. 1-2. [doi: 10.1109/ICEC.1996.542655]
    [19] Rudolph G. Convergence analysis of canonical genetic algorithms. IEEE Trans. on Neural Networks, 1994,5(1):1-2. [doi:10.1109/72.265964]
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

杨智,金舒原,段洣毅,方滨兴.多级安全中敏感标记的最优化挖掘.软件学报,2011,22(5):1020-1030

Copy
Share
Article Metrics
  • Abstract:5762
  • PDF: 6778
  • HTML: 0
  • Cited by: 0
History
  • Received:August 18,2009
  • Revised:February 01,2010
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2032497Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063