Abstract
Security policies are becoming more sophisticated. Operational forces will often be faced with making tricky risk decisions and policies must be flexible enough to allow appropriate actions to be facilitated. Access requests are no longer simple subject access object matters. There is often a great deal of context to be taken into account. Most security work is couched in terms of risk management, but the benefits of actions will need to be taken into account too. In some cases it may not be clear what the policy should be. People are often better at dealing with specific examples than producing general rules. In this paper we investigate the use of Grammatical Evolution (GE) to attempt to infer Fuzzy MLS policy from decision examples. This approach couches policy inference as a search for a policy that is most consistent with the supplied examples set. The results show this approach is promising.
Research was sponsored by US Army Research laboratory and the UK Ministry of Defence and was accomplished under Agreement Number W911NF–06–3–0001. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the US Army Research Laboratory, the U.S. Government, the UK Ministry of Defense, or the UK Government. The US and UK Governments are authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation hereon.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Horizontal Integration: Broader Access Models for Realizing Information Dominance. Technical Report JSR-04-132, The MITRE Corporation JASON Program Office, Mclean, Virginia (December 2004)
Barbara, D.: Applications of Data Mining in Computer Security. Kluwer Academic Publishers, Norwell (2002)
McDaniel, P.D.: Policy Evolution: Autonomic Environmental Security (December 2004)
Lim, Y.T., Cheng, P.C., Clark, J.A., Rohatgi, P.: Policy Evolution with Genetic Programming. Technical report, IBM Research Report RC24442 (2008)
Dempsey, I., O’Neill, M., Brabazon, A.: Adaptive Trading with Grammatical Evolution. In: Proceedings of the 2006 IEEE Congress on Evolutionary Computation, Vancouver, July 6-21, 2006, pp. 9137–9142. IEEE Press, Los Alamitos (2006)
Brabazon, T., O’Neill, M., Ryan, C., Collins, J.J.: Uncovering Technical Trading Rules Using Evolutionary Automatic Programming. In: Proceedings of 2001 AAANZ Conference (Accounting Association of Australia and NZ), Auckland, New Zealand, July 1-3 (2001)
Brabazon, T., O’Neill, M.: Trading Foreign Exchange Markets Using Evolutionary Automatic Programming. In: Barry, A.M. (ed.) GECCO 2002: Proceedings of the Bird of a Feather Workshops, Genetic and Evolutionary Computation Conference, New York, July 8, 2002, pp. 133–136. AAAI, Menlo Park (2002)
O’Neill, M., Ryan, C.: Grammatical Evolution: Evolutionary Automatic Programming in an Arbitrary Language. Genetic programming, vol. 4. Kluwer Academic Publishers, Dordrecht (2003)
Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control. In: IEEE Symposium on Security and Privacy, pp. 222–230 (2007)
Bell, D.E., LaPadula, L.J.: Computer Security Model: Unified Exposition and Multics Interpretation. Technical Report ESD–TR–75–306, The MITRE Corporation, Bedford, MA. HQ Electronic Systems Division, Hanscom AFB, MA (March 1976)
Ryan, C., Azad, R.M.A.: Sensible Initialisation in Chorus. In: Ryan, C., Soule, T., Keijzer, M., Tsang, E., Poli, R., Costa, E. (eds.) EuroGP 2003. LNCS, vol. 2610, pp. 394–403. Springer, Heidelberg (2003)
Koza, J.R.: Genetic Programming: On the Programming of Computers by Means of Natural Selection. MIT Press, Cambridge (1992)
Lim, Y.T., Cheng, P.C., Clark, J.A., Rohatgi, P.: Policy Evolution with Genetic Programming: a Comparison of Three Approaches. In: 2008 IEEE Congress on Evolutionary Computation, Hong Kong, IEEE Computational Intelligence Society, June 1-6, 2008, pp. 813–819. IEEE Press, Los Alamitos (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lim, Y.T., Cheng, P.C., Clark, J.A., Rohatgi, P. (2008). Policy Evolution with Grammatical Evolution. In: Li, X., et al. Simulated Evolution and Learning. SEAL 2008. Lecture Notes in Computer Science, vol 5361. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89694-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-89694-4_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89693-7
Online ISBN: 978-3-540-89694-4
eBook Packages: Computer ScienceComputer Science (R0)