Parkinson, Simon, Somaraki, Vassiliki and Ward, Rupert (2016) Auditing file system permissions using Association Rule Mining. Expert Systems with Applications. ISSN 09574174 (In Press)
- Accepted Version
Restricted to Repository staff only until 18 February 2018.
Available under License Creative Commons Attribution Non-commercial No Derivatives.
Identifying irregular file system permissions in large, multi-user systems is challenging due to the complexity of gaining structural understanding from large volumes of permission information. This challenge is exacerbated when file systems permissions are allocated in an ad-hoc manner when new access rights are required, and when access rights become redundant as users change job roles or terminate employment. These factors make it challenging to identify what can be classed as an irregular file system permission, as well as identifying if they are irregular and exposing a vulnerability. The current way of finding such irregularities is by performing an exhaustive audit of the permission distribution; however, this requires expert knowledge and a significant amount of time. In this paper a novel method of modelling file system permissions which can be used by association rule mining techniques to identify irregular permissions is presented. This results in the creation of object-centric model as a by-product. This technique is then implemented and tested on Microsoft's New Technology File System permissions (NTFS). Empirical observations are derived by making comparisons with expert knowledge to determine the effectiveness of the proposed technique on five diverse real-world directory structures extracted from different organisations. The results demonstrate that the technique is able to correctly identify irregularities with an average accuracy rate of 91%, minimising the reliance on expert knowledge. Experiments are also performed on synthetic directory structures which demonstrate an accuracy rate of 95% when the number of irregular permissions constitutes 1% of the total number. This is a significant contribution as it creates the possibility of identifying vulnerabilities without prior knowledge of how to file systems permissions are implemented within a directory structure.
|Subjects:||Q Science > QA Mathematics > QA76 Computer software|
|Schools:||School of Computing and Engineering > High-Performance Intelligent Computing > Planning, Autonomy and Representation of Knowledge
School of Computing and Engineering > High-Performance Intelligent Computing > Planning, Autonomy and Representation of Knowledge
School of Computing and Engineering
|Depositing User:||Simon Parkinson|
|Date Deposited:||22 Feb 2016 15:13|
|Last Modified:||06 Dec 2016 23:12|
Downloads per month over past year
Repository Staff Only: item control page