Automated Planning of Administrative Tasks Using Historic Events

A File System Case Study

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Understanding how to implement file system access control rules within a system is heavily reliant on expert knowledge, both that intrinsic to how a system can be configured as well as how a current configuration is structured. Maintaining the required level of expertise in fast-changing environments, where frequent configuration changes are implemented, can be challenging. Another set of complexities lies in gaining structural understanding of large volumes of permission information. The accuracy of a new addition within a file system access control is essential, as inadvertently assigning rights that result in a higher than necessary level of access can generate unintended vulnerabilities. To address these issues, a novel mechanism is devised to automatically process a system’s event history to determine how previous access control configuration actions have been implemented and then utilise the model for suggesting how to implement new access control rules. Throughout this paper, we focus on Microsoft’s New Technology File System permissions (NTFS) access control through processing operating system generated log data. We demonstrate how the novel technique can be utilised to plan for the administrator when assigning new permissions. The plans are then evaluated in terms of their validity as well as the reduction in required expert knowledge.
Original languageEnglish
Title of host publicationGuide to Vulnerability Analysis for Computer Networks and Systems
Subtitle of host publicationAn Artificial Intelligence Approach
EditorsSimon Parkinson, Andrew Crampton, Richard Hill
PublisherSpringer, Cham
Chapter7
Pages159-182
ISBN (Electronic)9783319926247
ISBN (Print)9783319926230
DOIs
Publication statusPublished - 5 Sep 2018

Publication series

NameComputer Communications and Networks
PublisherSpringer
ISSN (Print)1617-7975
ISSN (Electronic)2197-8433

Fingerprint

Access control
Planning
Processing

Cite this

Khan, S., & Parkinson, S. (2018). Automated Planning of Administrative Tasks Using Historic Events: A File System Case Study. In S. Parkinson, A. Crampton, & R. Hill (Eds.), Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach (pp. 159-182). (Computer Communications and Networks). Springer, Cham. https://doi.org/10.1007/978-3-319-92624-7_7
Khan, Saad ; Parkinson, Simon. / Automated Planning of Administrative Tasks Using Historic Events : A File System Case Study. Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. editor / Simon Parkinson ; Andrew Crampton ; Richard Hill. Springer, Cham, 2018. pp. 159-182 (Computer Communications and Networks).
@inbook{5f35ce4b77a64ef0ab62a10f19bec338,
title = "Automated Planning of Administrative Tasks Using Historic Events: A File System Case Study",
abstract = "Understanding how to implement file system access control rules within a system is heavily reliant on expert knowledge, both that intrinsic to how a system can be configured as well as how a current configuration is structured. Maintaining the required level of expertise in fast-changing environments, where frequent configuration changes are implemented, can be challenging. Another set of complexities lies in gaining structural understanding of large volumes of permission information. The accuracy of a new addition within a file system access control is essential, as inadvertently assigning rights that result in a higher than necessary level of access can generate unintended vulnerabilities. To address these issues, a novel mechanism is devised to automatically process a system’s event history to determine how previous access control configuration actions have been implemented and then utilise the model for suggesting how to implement new access control rules. Throughout this paper, we focus on Microsoft’s New Technology File System permissions (NTFS) access control through processing operating system generated log data. We demonstrate how the novel technique can be utilised to plan for the administrator when assigning new permissions. The plans are then evaluated in terms of their validity as well as the reduction in required expert knowledge.",
author = "Saad Khan and Simon Parkinson",
year = "2018",
month = "9",
day = "5",
doi = "10.1007/978-3-319-92624-7_7",
language = "English",
isbn = "9783319926230",
series = "Computer Communications and Networks",
publisher = "Springer, Cham",
pages = "159--182",
editor = "Simon Parkinson and Andrew Crampton and Richard Hill",
booktitle = "Guide to Vulnerability Analysis for Computer Networks and Systems",

}

Khan, S & Parkinson, S 2018, Automated Planning of Administrative Tasks Using Historic Events: A File System Case Study. in S Parkinson, A Crampton & R Hill (eds), Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. Computer Communications and Networks, Springer, Cham, pp. 159-182. https://doi.org/10.1007/978-3-319-92624-7_7

Automated Planning of Administrative Tasks Using Historic Events : A File System Case Study. / Khan, Saad; Parkinson, Simon.

Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. ed. / Simon Parkinson; Andrew Crampton; Richard Hill. Springer, Cham, 2018. p. 159-182 (Computer Communications and Networks).

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - Automated Planning of Administrative Tasks Using Historic Events

T2 - A File System Case Study

AU - Khan, Saad

AU - Parkinson, Simon

PY - 2018/9/5

Y1 - 2018/9/5

N2 - Understanding how to implement file system access control rules within a system is heavily reliant on expert knowledge, both that intrinsic to how a system can be configured as well as how a current configuration is structured. Maintaining the required level of expertise in fast-changing environments, where frequent configuration changes are implemented, can be challenging. Another set of complexities lies in gaining structural understanding of large volumes of permission information. The accuracy of a new addition within a file system access control is essential, as inadvertently assigning rights that result in a higher than necessary level of access can generate unintended vulnerabilities. To address these issues, a novel mechanism is devised to automatically process a system’s event history to determine how previous access control configuration actions have been implemented and then utilise the model for suggesting how to implement new access control rules. Throughout this paper, we focus on Microsoft’s New Technology File System permissions (NTFS) access control through processing operating system generated log data. We demonstrate how the novel technique can be utilised to plan for the administrator when assigning new permissions. The plans are then evaluated in terms of their validity as well as the reduction in required expert knowledge.

AB - Understanding how to implement file system access control rules within a system is heavily reliant on expert knowledge, both that intrinsic to how a system can be configured as well as how a current configuration is structured. Maintaining the required level of expertise in fast-changing environments, where frequent configuration changes are implemented, can be challenging. Another set of complexities lies in gaining structural understanding of large volumes of permission information. The accuracy of a new addition within a file system access control is essential, as inadvertently assigning rights that result in a higher than necessary level of access can generate unintended vulnerabilities. To address these issues, a novel mechanism is devised to automatically process a system’s event history to determine how previous access control configuration actions have been implemented and then utilise the model for suggesting how to implement new access control rules. Throughout this paper, we focus on Microsoft’s New Technology File System permissions (NTFS) access control through processing operating system generated log data. We demonstrate how the novel technique can be utilised to plan for the administrator when assigning new permissions. The plans are then evaluated in terms of their validity as well as the reduction in required expert knowledge.

U2 - 10.1007/978-3-319-92624-7_7

DO - 10.1007/978-3-319-92624-7_7

M3 - Chapter

SN - 9783319926230

T3 - Computer Communications and Networks

SP - 159

EP - 182

BT - Guide to Vulnerability Analysis for Computer Networks and Systems

A2 - Parkinson, Simon

A2 - Crampton, Andrew

A2 - Hill, Richard

PB - Springer, Cham

ER -

Khan S, Parkinson S. Automated Planning of Administrative Tasks Using Historic Events: A File System Case Study. In Parkinson S, Crampton A, Hill R, editors, Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. Springer, Cham. 2018. p. 159-182. (Computer Communications and Networks). https://doi.org/10.1007/978-3-319-92624-7_7