Abstract
The analysis of access control data has many applications in information security, including: role mining and policy learning; discovering errors in deployed policies; regulatory compliance; intrusion detection; and risk mitigation. The success of research in these areas hinges on the availability of high quality real-world data. Thus far, little access control data has been released to the public. We analyze eight publicly released access control datasets and contrast them with three client policies in our possession. Our analysis indicates there are many differences in the structure and distribution of permissions between the public and client datasets, including sparseness, permission distributions, and cohesion. The client datasets also revealed a wide range of semantics and granularities of permissions, ranging from application-specific rights to general accounts on systems we could not observe on the public data due to anonymization. Finally, we analyze the distribution of user-attributes, which the public datasets lack. We find techniques that work well on some datasets do not work equally well on others and discuss possible future research and directions based on our experience with real-world data.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
