Multi-user permission strategy to access sensitive information

Abstract Exfiltration of sensitive data and intellectual property theft have increased to a significant level affecting both government agencies as well as small to large businesses. One of the major reasons of data breaches is malicious insiders who have the access rights, knowledge of data values and technical know-how of escalating their privileges in launching such insider attacks. Traditional access control policies (to shared data and computing resources) were evolved around the trust on legitimate users’ access rights (read, write and execute) based on their jobs and role hierarchy in an organization. However, such access privileges are increasingly being misused by hostile, oblivious, rouge and pseudo-insiders. This work introduces a multi-user permission strategy and formulates a methodology for shared-trustworthy access (to classified data and services) by considering organizational structure. Accordingly, based on the sensitivity of the information being requested by a user, approvers are selected dynamically to reflect the work environment such as mobility, use of the device, access policy, etc. For this purpose, the proposed methodology first generates an access control graph, based on inter-relationship among employees and their roles in an organization. Next, it generates a set of permission grantees who are allowed to approve the access request of a user at a given time. The proposed multi-user permission strategy is evaluated with two empirical datasets and reported results demonstrated its ability in selecting non-repetitive approvers for a user access under different organizational and environmental constraints.

[1]  Christos Faloutsos,et al.  R-MAT: A Recursive Model for Graph Mining , 2004, SDM.

[2]  Salvatore J. Stolfo,et al.  Lost in Translation: Improving Decoy Documents via Automated Translation , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[3]  George Loizou,et al.  Administrative scope: A foundation for role-based administrative models , 2003, TSEC.

[4]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[5]  Christos Faloutsos,et al.  Kronecker Graphs: An Approach to Modeling Networks , 2008, J. Mach. Learn. Res..

[6]  Tamara G. Kolda,et al.  An In-depth Study of Stochastic Kronecker Graphs , 2011, 2011 IEEE 11th International Conference on Data Mining.

[7]  Jessica Lin,et al.  Pattern Recognition in Time Series , 2012 .

[8]  Jeffrey G. Andrews,et al.  Stochastic geometry and random graphs for the analysis and design of wireless networks , 2009, IEEE Journal on Selected Areas in Communications.

[9]  Hoang Pham,et al.  Toward the development of a conventional time series based web error forecasting framework , 2018, Empirical Software Engineering.

[10]  Christos Faloutsos,et al.  Graphs over time: densification laws, shrinking diameters and possible explanations , 2005, KDD '05.

[11]  Dipankar Dasgupta,et al.  Adaptive Multi-factor Authentication , 2017 .

[12]  Dipankar Dasgupta,et al.  Toward the design of adaptive selection strategies for multi-factor authentication , 2016, Comput. Secur..

[13]  Dipankar Dasgupta,et al.  A fuzzy decision support system for multifactor authentication , 2018, Soft Comput..

[14]  Ninghui Li,et al.  On mutually-exclusive roles and separation of duty , 2004, CCS '04.

[15]  Oliver Brdiczka,et al.  A Bayesian Network Model for Predicting Insider Threats , 2013, 2013 IEEE Security and Privacy Workshops.

[17]  David F. Gleich,et al.  Moment-Based Estimation of Stochastic Kronecker Graph Parameters , 2011, Internet Math..