Discovery of Multi-Level Security Policies

With the increasing complexity and dynamics of database and information systems, it becomes more and more di cult for administrative personnel to identify, specify and enforce security policies that govern against the misuse of data. Often security policies are not known, too imprecise or simply have been disabled because of changing requirements. Recently several proposals have been made to use data mining techniques to discover pro les and anomalous user behavior from audit logs. These approaches, however, are often too ne-grained in that they compute too many rules to be useful for an administrator in implementing appropriate security enforcing mechanisms. In this paper we present a novel approach to discover security policies from audit logs. The approach is based on the usage of multiple concept hierarchies that specify properties of objects and data at di erent levels of abstraction and thus can embed useful domain knowledge. A pro ler, attached to the information system's auditing component, utilizes such concept hierarchies to compute pro les at di erent levels of granularity, guided by the administrator through the speci cation of an interestingness measure. The computed pro les can be translated into security policies and existing policies can be veri ed against the pro les. The proposed approach provides a exible framework for (re-)engineering security policies for diverse types of information systems.