redirect_from: "bancaditalia.github.io/sacmat2018/"
This work is licensed under a Creative Commons Attribution 4.0 International License.
Dataset and experimental results of the manuscript "On the Use of Max-SAT in RBAC" submitted to Cybersecurity journal.
Dataset generated by simplyfing the paper working example to obtain optimal solution with a wide range of B values thus enabling the comparison with sub-otpimal solvers
Input | Link |
---|---|
Permission-to-User | UPA |
User-to-role | UA |
Permission-to-Role | PA |
Exception List | excs |
Violation List | excs |
Dataset benchmark used in Role-mining literature obtained from the user access profiles of the Lotus Domino Server.
Input | Link |
---|---|
Permission-to-User | UPA |
User-to-role | UA |
Permission-to-Role | PA |
Exception List | excs |
Dataset benchmark used in Role-ming literature generated from a template at the Stony Brook University.
Input | Link |
---|---|
Permission-to-User | UPA |
User-to-role | UA |
Permission-to-Role | PA |
Exception List | excs |
Dataset benchmark used in Role-ming literature representing policies implemented though firewalls used to provide external users access to internal resources.
Input | Link |
---|---|
Permission-to-User | UPA |
User-to-role | UA |
Permission-to-Role | PA |
Exception List | excs |
Max-SAT Formulas: 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21
Solver | SmallComp | Domino | University | Firewall1 |
---|---|---|---|---|
Maximo | B<=0.5 | B=0 | B=0 | B=0 |
MaxHS | B<=0.4 | B=0 | B=0 | - |
LMHS | B<=0.3 | B=0 | B=0 | - |
Ahmaxsat | B<=0.25 | - | - | - |
90 online fixing instances of increasing size have been generated from Firewall1 by selecting more and more of its users (i.e., rows); each instance is associated with a single exception to incorporate and generates a Max-SAT encoding of growing size.
Number of users (CNF formula size) | UA | PA | exc |
---|---|---|---|
5 users (0.3 MB) | UA | PA | exc |
21 users (5.1 MB) | UA | PA | exc |
37 users (11.3 MB) | UA | PA | exc |
53 users (27.5 MB) | UA | PA | exc |
69 users (54.9 MB) | UA | PA | exc |
85 users (79.6 MB) | UA | PA | exc |
101 users (120.1 MB) | UA | PA | exc |
117 users (162.4 MB) | UA | PA | exc |
133 users (231.7 MB) | UA | PA | exc |
149 users (300.9 MB) | UA | PA | exc |
165 users (337.2 MB) | UA | PA | exc |
181 users (380.7 MB) | UA | PA | exc |
197 users (519.1 MB) | UA | PA | exc |
The following figure shows the minimum timeout needed (y axis) to obtain a feasible solution for these inputs as a function of their size (x axis) with B=0.8.
Experiment based on SmallComp dataset to measure the ability of the incomplete solver adopted to satisfy the soft constraints. In particular, this is computed as the average weight of satisfied soft constraints over the total sum of weights for the 12 exceptions.
Average percentage of satisfied soft clauses (y axis) as a function of the balance B (x_axis) in the SmallComp dataset:
Results are also available in plain text in rates.txt which are based on the evalaution of the three configurations:
- complete solver Results_Complete.txt
- incomplete solver (timeout 2 sec) Results_t=2.txt
- incomplete solver (timeout 180 sec) Results_t=180.txt
By adopting CCEHC Max-SAT solver we asses experimentally the impact of balance B to sim (similarity) and opt (simplicity) for three dataset.
Average similarity and simplicity (y axis) as a function of the balance B (x axis) with 21 values of B sampled at regular intervals:
Average number of roles (y axis) after incorporating exceptions as a function of the balance B (x axis) for different dataset:
Average number of assignments (y axis) depending on the balance B (x axis):
Average percentage of satisfied weights (y axis) depending on the balance B (x axis):
Results collected in the following are obtained starting from Domino to show the impact of the timeout with three different balance configurations:
Average simplicity in Domino (y axis) as a function of the timeout (x axis, secs) at different balance points B.
Average similarity in Domino (y axis) as a function of the timeout (x axis, secs) at different balance points B.
Average number of roles in Domino (y axis) as a function of the timeout (x axis, secs) at different balance points B.
Average number of assignments in Domino (y axis) as a function of the timeout (x axis, secs) at different balance points B.
We picked a string of 6 exceptions to be incorporated.
Input | Link |
---|---|
Permission-to-User | UPA |
User-to-role | UA |
Permission-to-Role | PA |
Exception List | excs |
We generated all the 720 permutations as possibly different incorporating sequences. We fix each sequence and collected at each our metrics (715/720 paths considered as solvable in less than 60 seconds).
In the following is reported the distribution of the final number of roles obtained at different B values.
Corresponding input data are also available in the following:
This work is licensed under a Creative Commons Attribution 4.0 International License.
Images have been created by the means of a software with non-commercial license.
We are currently setting up a git-hub repository to host the “RBAC Maintance” Open Source software. Meanwhile we are available to distribute it upon reception of a simple request of interest sent to appliedresearchteam@bancaditalia.it.