EMERGING THEORIES AND PERSPECTIVES RELEVANT TO ACCESS CONTROL AND SECURITY POLICIES

Get Complete Project Material File(s) Now! »

INTRODUCTION – PROBLEM STATEMENT

Introduction

These days, large organisations are significantly affected by growing economic globalisation and the development in information technology, both of which result in the generation and storing of large amounts of data. With the correct tools, techniques and processes, data can be turned into information; information can be turned into knowledge and wisdom can be obtained from knowledge. What is needed to advance from one state to the next is firstly a reason and secondly, the ability to go to the next state. The competitive business environment in which organisations find themselves provides a convincing reason for developing data into knowledge. Identifying those relations, correlations and patterns in business information and market prices that are not immediately obvious to managers due to the large volume of data will indisputably add to solving business problems in general. In most cases the workforce has the ability to develop data into knowledge and eventually into wisdom – a skill that is often referred to as data mining in large organisations. This is a quality and ability that should be managed. According to the financial thriller writer, Linda Davies [1997], “[b]ankers who hire money hungry geniuses should not always express surprise and amazement when some of them turn around with brilliant, creative, and illegal means of making money”. The banking sector is a typical case of the progression of data from information to knowledge. This sector also comprises organisations and customers varying between bodies with substantial debt to bodies with considerable wealth. The discussions to follow will refer to the banking section by means of an illustrative discussion.

PROBLEM STATEMENT

When taking a broad view on data mining, it is seen as the course of action involved in discovering appealing and exciting knowledge in large amounts of data stored in data bases, data warehouses or other information repositories [Han & Kamber, 2006]. Although data-mining technology can be seen as having many advantages, there are also some clear disadvantages that need to be addressed. A problem associated with data mining is the lack or loss of confidentiality associated with knowledge management, namely how to maintain security [Bertino, Khan, Sandhu, & Thuraisingham, 2006]. It is technologies such as data mining that make possible the nightmare of living in a world where all one’s movements and purchases are tracked. Although data mining gives companies the information they need to market their products and services to customers, it also gives them access to a huge amount of personal information. What stops these institutions from selling their data to others? Even if legislation can stop institutions from selling data, what stops the individuals who work with this data from selling it to others once the data-mining process has changed the data to information? Many consumers are completely unaware of data-mining technology and do not know that their lending habits, names, addresses and other information are being stored in a database. While data mining is a term that is well understood in some circles, it has not really entered the vocabulary of the general population. Do the customers know that their information is put in a database? Does the owner of the company tell customers that their information is put in a database specifically for data-mining purposes?

TABLE OF CONTENTS :

ABSTRACT|
PREFACE
SUMMARY
ACKNOWLEDGEMENTS
TABLE OF CONTENTS
LIST OF FIGURES
LIST OF TABLES
- CHAPTER 1: INTRODUCTION ‐ PROBLEM STATEMENT
  - 1.1 INTRODUCTION
  - 1.2 PROBLEM STATEMENT
  - 1.3 RESEARCH QUESTIONS
  - 1.4 RESEARCH HIERARCHY AND METHODOLOGY
  - 1.5 SCOPE AND CONTEXT OF THE STUDY
  - 1.6 TERMINOLOGY USED IN THE THESIS
  - 1.7 LAYOUT OF THESIS
- CHAPTER 2: CASE STUDY ‐ DM BANK
  - 2.1 INTRODUCTION
  - 2.2 CASE STUDY
  - 2.2.1 ABC Petrol’s environment
  - 2.2.2 DM Bank’s environment
  - 2.3 ACCESS CONTROL AND THE DATA‐MINING ENVIRONMENT OF DM BANK
- CHAPTER 3: EMERGING THEORIES AND PERSPECTIVES RELEVANT TO ACCESS CONTROL AND SECURITY POLICIES
  - 3.1 INTRODUCTION
  - 3.2 ACCESS CONTROL TERMINOLOGY
  - 3.3 SECURITY POLICIES AND ACCESS CONTROL POLICIES
  - 3.4 ACCESS CONTROL MODELS
  - 3.4.1 Access Control Models for Confidentiality
  - 3.4.1.1 Bell‐La Padula Model (BLP)
  - 3.4.1.2 Lampson model; Graham‐Denning model; Harrison‐Ruzzo‐Ullman model
  - 3.4.2 Access Control Models for Conflict
  - 3.4.2.1 Chinese Wall Security Policy Model
  - 3.4.2.2 Aggressive Chinese Wall Security Policy Model
  - 3.4.3 Access Control Models for a Data‐Mining Environment
  - 3.4.3.1 Privacy‐Preserving Access Control
  - 3.4.3.2 Privacy‐Aware Access Control
  - 3.4.3.3 Privacy‐Enhanced Access Control
  - 3.5 ACCESS CONTROL MODEL SUMMARY
  - 3.6 CONCLUSION
- CHAPTER 4: EMERGING THEORIES AND PERSPECTIVES RELEVANT TO ACCESS CONTROL AND DATA MINING
- 4.1 INTRODUCTION
- 4.2 THE DATA‐MINING PROCESS
- 4.2.1 Business‐understanding Step [Daimler‐Benz, et al.]
- 4.2.1.1 Determine the business objectives
- 4.2.1.2 Determine and assess the details of the business situation
- 4.2.1.3 Determine the data‐mining goals
- 4.2.1.4 Produce a project plan
- CBAC – A model for conflict-based access control
- 4.2.2 Data‐understanding Step [Daimler‐Benz, et al.]
- 4.2.2.1 Collect initial data
- 4.2.2.2 Describe the data
- 4.2.2.3 Explore the data
- 4.2.2.4 Verify the data quality
- 4.2.3 Data Preparation Step [Daimler‐Benz, et al.]
- 4.2.3.1 Select the data
- 4.2.3.2 Clean the data
- 4.2.3.3 Construct the data
- 4.2.3.4 Integrate the data
- 4.2.3.5 Format the data
- 4.2.4 Data‐mining Step (Modelling Step) [Daimler‐Benz, et al.]
- 4.2.4.1 Select a modelling technique
- 4.2.4.2 Generate a test design
- 4.2.4.3 Build a model
- 4.2.4.4 Assess the model
- 4.2.5 Evaluation Step [Daimler‐Benz, et al.]
- 4.2.5.1 Evaluate the results
- 4.2.5.2 Review the process
- 4.2.5.3 Determine the next steps
- 4.2.6 Deployment Step [Daimler‐Benz, et al.]
- 4.2.6.1 Plan the deployment
- 4.2.6.2 Plan the monitoring and maintenance
- 4.2.6.3 Produce the final report
- 4.2.6.4 Review the project
- 4.3 THE DATA‐MINING ENVIRONMENT
- 4.4 SECURITY REQUIREMENTS FOR DATA MINING
- 4.5 ACCESS CONTROL REQUIREMENTS WHEN DOING DATA MINING
- 4.6 CONCLUSION
CHAPTER 5: REQUIREMENTS ANALYSIS
- 5.1 INTRODUCTION
- 5.2 REQUIREMENTS FOR THE CBAC MODEL
- 5.3 INDUSTRY AND THE REQUIREMENTS FOR THE CBAC MODEL
- 5.4 THE CONCEPTUAL FRAMEWORK FOR THE CBAC MODEL
- 5.5 CONCLUSION
CHAPTER 6: THE CONFLICT‐BASED ACCESS CONTROL MODEL
- 6.1 INTRODUCTION
- 6.2 THE CONFLICT‐BASED ACCESS CONTROL (CBAC) MODEL
- 6.2.1 Requirements for the CBAC model
- 6.2.2 Basic elements of the CBAC model
- 6.2.2.1 Secondary agent
- 6.2.2.2 Global agent
- 6.2.2.3 Conflict‐of‐interest field
- 6.2.2.4 Non‐conflict‐of‐interest field
- 6.2.2.5 MiningAgentx
- 6.2.2.6 Session
- 6.2.2.7 Secondary agents accessed by mining agents
- 6.2.2.8 Functional business domain
- 6.2.2.9 Associations between secondary agents and functional business domains
- 6.2.3 Operational elements of the CBAC model
- 6.2.3.1 Access group list for secondary agent ci
- 6.2.3.2 Sphere of conflict – conflict of interest
- 6.2.3.3 Cut‐off point for conflict of interest
- 6.2.3.4 Distance – degree of conflict of interest
- 6.2.3.5 Potential Conflict of Interest (PIT)
- 6.2.3.6 Potential Conflict of Interest (PIT) – Path
- 6.2.3.7 Potential Conflict of Interest (PIT) – The k‐th path
- 6.2.3.8 Potential Conflict of Interest (PIT) – The weight of a path
- CBAC – A model for conflict-based access control
- 6.2.3.9 Potential Conflict of Interest (PIT) – Shortest path
- 6.3 ACCESS REQUEST
- 6.3.1 Grant / reject an access request
- 6.4 CONCLUSION
CHAPTER 7: A CBAC PROTOTYPE IMPLEMENTATION
- 7.1 INTRODUCTION
- 7.2 THE AIMS OF THE PROOF‐OF‐CONCEPT PROTOTYPE
- 7.3 PROOF‐OF‐CONCEPT PROTOTYPE IMPLEMENTATION
- 7.3.1 Technical platform used for developing the prototype
- 7.3.2 Structure of prototype
- 7.3.3 A statechart diagram for the prototype
- 7.4 PROOF‐OF‐CONCEPT PROTOTYPE OPERATION
- 7.4.1 The Browser
- 7.4.2 The Relations Manager
- 7.4.3 The Groups Manager
- 7.5 EXAMPLE OF THE PROOF‐OF‐CONCEPT PROTOTYPE
- 7.5.1 Specifying the sphere of conflict for the ABC Petrol company
- 7.5.2 Setting the severity of the conflict for ABC Petrol
- 7.5.3 Specifying the conflict radius for ABC Petrol
- 7.6 EXAMPLE: HOW ACCESS PERMISSION FOR A USER WITH A GIVEN ACCESS HISTORY IS DETERMINED
- 7.7 CONCLUSION
CHAPTER 8: CONCLUSION
- 8.1 INTRODUCTION
- 8.2 REVISITING THE PROBLEM STATEMENT
- 8.3 MAIN CONTRIBUTION
- 8.4 FUTURE RESEARCH
- BIBLIOGRAPHY
- APPENDIX A: PROTOTYPE TECHNICAL PLATFORM
- A.1 THE TECHNICAL PLATFORM USED FOR CONSTRUCTING THE PROTOTYPE
- A.1.1 LINQ (Language Integrated Queries)
- A.1.2 WPF (Windows Presentation Foundation)
- A.1.3 Object Serialization
- APPENDIX B: PUBLISHED PAPERS
- B.1 INTRODUCTION
- B.2 MINIMIZING SECURITY RISK AREAS REVEALED BY DATA MINING
- B.3 INVESTIGATING THE USAGE OF THE CHINESE WALL SECURITY POLICY MODEL FOR DATA MINING
- B.4 A NEW ACCESS CONTROL MODEL BASED ON THE CHINESE WALL SECURITY POLICY MODEL
- B.5 CBAC: CONFLICT‐BASED ACCESS CONTROL