基于权限依赖图约简的快速用户实际权限推理框架

IF 1.3 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

IET Information Security Pub Date : 2023-03-07 DOI:10.1049/ise2.12112

Wei Bai, Angxuan Cheng, Cailing Wang, Zhisong Pan

{"title":"基于权限依赖图约简的快速用户实际权限推理框架","authors":"Wei Bai, Angxuan Cheng, Cailing Wang, Zhisong Pan","doi":"10.1049/ise2.12112","DOIUrl":null,"url":null,"abstract":"<p>It is a key point to find out the actual privileges of network users in network security risk assessment. The Privilege dependency graph (PDG) provides an effective way to reason the actual privileges of network users from their initial privileges. The existing User Actual Privilege reasoning method is time-consuming and not suitable for large-scale networks. This paper introduces a fast User Actual Privilege reasoning framework based on PDG reduction. The core idea is to reduce the size of the graph as much as possible before the actual privilege reasoning. Three different nodes merged scenarios are proposed and discussed, as well as the influences of different execution sequences and execution times. Networks of different sizes were simulated to validate the effectiveness and scalability of their method. The experimental results show that the proposed method can decrease the time of User Actual Privilege reasoning by over 25% in large-scale networks.</p>","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"17 3","pages":"505-517"},"PeriodicalIF":1.3000,"publicationDate":"2023-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12112","citationCount":"0","resultStr":"{\"title\":\"A fast user actual privilege reasoning framework based on privilege dependency graph reduction\",\"authors\":\"Wei Bai, Angxuan Cheng, Cailing Wang, Zhisong Pan\",\"doi\":\"10.1049/ise2.12112\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>It is a key point to find out the actual privileges of network users in network security risk assessment. The Privilege dependency graph (PDG) provides an effective way to reason the actual privileges of network users from their initial privileges. The existing User Actual Privilege reasoning method is time-consuming and not suitable for large-scale networks. This paper introduces a fast User Actual Privilege reasoning framework based on PDG reduction. The core idea is to reduce the size of the graph as much as possible before the actual privilege reasoning. Three different nodes merged scenarios are proposed and discussed, as well as the influences of different execution sequences and execution times. Networks of different sizes were simulated to validate the effectiveness and scalability of their method. The experimental results show that the proposed method can decrease the time of User Actual Privilege reasoning by over 25% in large-scale networks.</p>\",\"PeriodicalId\":50380,\"journal\":{\"name\":\"IET Information Security\",\"volume\":\"17 3\",\"pages\":\"505-517\"},\"PeriodicalIF\":1.3000,\"publicationDate\":\"2023-03-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1049/ise2.12112\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1049/ise2.12112\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Information Security","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/ise2.12112","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

了解网络用户的实际权限是网络安全风险评估的关键。特权依赖图（PDG）提供了一种有效的方法来从网络用户的初始特权推断网络用户的实际特权。现有的用户实际权限推理方法耗时长，不适合大规模网络。本文介绍了一种基于PDG约简的快速用户实际权限推理框架。核心思想是在实际的特权推理之前尽可能地减小图的大小。提出并讨论了三种不同的节点合并场景，以及不同执行顺序和执行时间的影响。对不同规模的网络进行了仿真，以验证其方法的有效性和可扩展性。实验结果表明，在大规模网络中，该方法可以将用户实际权限推理的时间减少25%以上。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

A fast user actual privilege reasoning framework based on privilege dependency graph reduction

查看原文本刊更多论文

A fast user actual privilege reasoning framework based on privilege dependency graph reduction

It is a key point to find out the actual privileges of network users in network security risk assessment. The Privilege dependency graph (PDG) provides an effective way to reason the actual privileges of network users from their initial privileges. The existing User Actual Privilege reasoning method is time-consuming and not suitable for large-scale networks. This paper introduces a fast User Actual Privilege reasoning framework based on PDG reduction. The core idea is to reduce the size of the graph as much as possible before the actual privilege reasoning. Three different nodes merged scenarios are proposed and discussed, as well as the influences of different execution sequences and execution times. Networks of different sizes were simulated to validate the effectiveness and scalability of their method. The experimental results show that the proposed method can decrease the time of User Actual Privilege reasoning by over 25% in large-scale networks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IET Information Security 工程技术-计算机：理论方法

CiteScore

3.80

自引率

7.10%

发文量

审稿时长

8.6 months

期刊介绍： IET Information Security publishes original research papers in the following areas of information security and cryptography. Submitting authors should specify clearly in their covering statement the area into which their paper falls. Scope: Access Control and Database Security Ad-Hoc Network Aspects Anonymity and E-Voting Authentication Block Ciphers and Hash Functions Blockchain, Bitcoin (Technical aspects only) Broadcast Encryption and Traitor Tracing Combinatorial Aspects Covert Channels and Information Flow Critical Infrastructures Cryptanalysis Dependability Digital Rights Management Digital Signature Schemes Digital Steganography Economic Aspects of Information Security Elliptic Curve Cryptography and Number Theory Embedded Systems Aspects Embedded Systems Security and Forensics Financial Cryptography Firewall Security Formal Methods and Security Verification Human Aspects Information Warfare and Survivability Intrusion Detection Java and XML Security Key Distribution Key Management Malware Multi-Party Computation and Threshold Cryptography Peer-to-peer Security PKIs Public-Key and Hybrid Encryption Quantum Cryptography Risks of using Computers Robust Networks Secret Sharing Secure Electronic Commerce Software Obfuscation Stream Ciphers Trust Models Watermarking and Fingerprinting Special Issues. Current Call for Papers: Security on Mobile and IoT devices - https://digital-library.theiet.org/files/IET_IFS_SMID_CFP.pdf