A Dynamic Trust Model Enforcing Security Policies

“…In [3], the authors present a dynamic trust model to enforce security policies. Our model is based on their trust model.…”

“…It also enables the security officers and designers to have the opportunity for immediate testing to see if the roles are working as they should. In [3] the notion of trust is addressed when an access control systems is desired to behave truly dynamically. That is, when users misuse the access level that they have been granted or try to access the data that they are not supposed to access, the model should raise a flag and limit/reduce the privileges that the users have.…”

“…That is, when users misuse the access level that they have been granted or try to access the data that they are not supposed to access, the model should raise a flag and limit/reduce the privileges that the users have. In [3] a trust management component is introduced that handles trust levels associated with the users. It can modify the security policies assigned to the users and result in limiting or reducing their data access.…”

“…It can modify the security policies assigned to the users and result in limiting or reducing their data access. In this paper we take the model introduced in [3] and add a machine learning component that helps the system to adapt itself, learn from the user's behavior and recognize access patterns based on the similar access requests and not only limit the illegitimate access, but also predict and prevent potential malicious and questionable accesses. Machine learning can be considered as science for the design of computational methods using experience to improve their performance [4].…”

“…This paper is structured as follows: Section 2 describes background and related work. Section 3, briefly describes the trust model [3] based on which we propose our model. Sections 4 and 5 introduce our approach and how machine learning helps enforcing security policies based on user's behavior.…”

An autonomous model to enforce security policies based on user's behavior

“…In [3], the authors present a dynamic trust model to enforce security policies. Our model is based on their trust model.…”

“…It also enables the security officers and designers to have the opportunity for immediate testing to see if the roles are working as they should. In [3] the notion of trust is addressed when an access control systems is desired to behave truly dynamically. That is, when users misuse the access level that they have been granted or try to access the data that they are not supposed to access, the model should raise a flag and limit/reduce the privileges that the users have.…”

“…That is, when users misuse the access level that they have been granted or try to access the data that they are not supposed to access, the model should raise a flag and limit/reduce the privileges that the users have. In [3] a trust management component is introduced that handles trust levels associated with the users. It can modify the security policies assigned to the users and result in limiting or reducing their data access.…”

“…It can modify the security policies assigned to the users and result in limiting or reducing their data access. In this paper we take the model introduced in [3] and add a machine learning component that helps the system to adapt itself, learn from the user's behavior and recognize access patterns based on the similar access requests and not only limit the illegitimate access, but also predict and prevent potential malicious and questionable accesses. Machine learning can be considered as science for the design of computational methods using experience to improve their performance [4].…”

“…This paper is structured as follows: Section 2 describes background and related work. Section 3, briefly describes the trust model [3] based on which we propose our model. Sections 4 and 5 introduce our approach and how machine learning helps enforcing security policies based on user's behavior.…”

An autonomous model to enforce security policies based on user's behavior

Detecting Advanced Persistent Threats in Oracle Databases