Visible to the public Policy Analysis

SoS Newsletter- Advanced Book Block

Policy Analysis

Policy-based access controls and security policies are intertwined in most commercial systems. Analytics use abstraction and reduction to improve policy-based security. The work cited here was presented in the first half of 2014.

  • Gupta, P.; Stoller, S.; Xu, Z., "Abductive Analysis of Administrative Policies in Rule-based Access Control," Dependable and Secure Computing, IEEE Transactions on, vol. PP, no.99, pp.1, 1, Jan 2014. doi: 10.1109/TDSC.2013.42 In large organizations, access control policies are managed by multiple users (administrators). An administrative policy specifies how each user in an enterprise may change the policy. Fully understanding the consequences of an administrative policy in an enterprise system can be difficult, because of the scale and complexity of the access control policy and the administrative policy, and because sequences of changes by different users may interact in unexpected ways. Administrative policy analysis helps by answering questions such as user-permission reachability, which asks whether specified users can together change the policy in a way that achieves a specified goal, namely, granting a specified permission to a specified user. This paper presents a rule-based access control policy language, a rule-based administrative policy model that controls addition and removal of facts and rules, and an abductive analysis algorithm for user-permission reachability. Abductive analysis means that the algorithm can analyze policy rules even if the facts initially in the policy (e.g., information about users) are unavailable. The algorithm does this by computing minimal sets of facts that, if present in the initial policy, imply reachability of the goal.
    Keywords: Access control; Algorithm design and analysis; Grammar; Hospitals; Organizations; Semantics; Access controls; Verification (ID#:14-3008)
  • ang, Xiaoyan; Xia, Chunhe; Jiao, Jian; Hu, Junshun; Li, Xiaojian, "Modeling and Global Conflict Analysis Of Firewall Policy," Communications, China, vol.11, no.5, pp.124,135, May 2014. doi: 10.1109/CC.2014.6880468 The global view of firewall policy conflict is important for administrators to optimize the policy. It has been lack of appropriate firewall policy global conflict analysis, existing methods focus on local conflict detection. We research the global conflict detection algorithm in this paper. We presented a semantic model that captures more complete classifications of the policy using knowledge concept in rough set. Based on this model, we presented the global conflict formal model, and represent it with OBDD (Ordered Binary Decision Diagram). Then we developed GFPCDA (Global Firewall Policy Conflict Detection Algorithm) algorithm to detect global conflict. In experiment, we evaluated the usability of our semantic model by eliminating the false positives and false negatives caused by incomplete policy semantic model, of a classical algorithm. We compared this algorithm with GFPCDA algorithm. The results show that GFPCDA detects conflicts more precisely and independently, and has better performance.
    Keywords: Algorithm design and analysis; Analytical models; Classification algorithms; Detection algorithms; Firewalls (computing); Semantics; conflict analysis; conflict detection; firewall policy; semantic model (ID#:14-3009)
  • Prasad, S.; Raina, G., "Local Hopf bifurcation analysis of Compound TCP with an Exponential-RED queue management policy," Control and Decision Conference (2014 CCDC), The 26th Chinese , vol., no., pp.2588,2594, May 31 2014-June 2 2014 doi: 10.1109/CCDC.2014.6852610 Abstract: The analysis of TCP, along with queue management policies, forms an important aspect of performance evaluation for the Internet. In this paper, we analyse a non-linear fluid model for Compound TCP (C-TCP) coupled with an Exponential-RED (E-RED) queue management policy. Compound is an important flavor of TCP, as it is the default transport protocol in the Windows operating system. For the bifurcation analysis, we motivate an exogenous and non-dimensional bifurcation parameter. Using this parameter, we first derive the Hopf bifurcation condition for the underlying model. Then, employing Poincare normal forms and the center manifold theory, we outline the analysis to characterise the type of the Hopf bifurcation, and determine the stability of the bifurcating periodic solutions. Some numerical analysis and stability charts complement our theoretical analysis.
    Keywords: Internet; bifurcation; computer network management; computer network performance evaluation; queueing theory; transport protocols; C-TCP ;E-RED; Internet; Poincare normal forms; Windows operating system; bifurcating periodic solution; center manifold theory; compound TCP analysis; default transport protocol; exogenous bifurcation parameter; exponential-RED queue management policy; local Hopf bifurcation analysis; nondimensional bifurcation parameter; nonlinear fluid model; numerical analysis; performance evaluation; stability charts; Bifurcation; Compounds; Delays; Mathematical model; Numerical stability; Stability analysis; Compound TCP; Exponential-RED; Hopf bifurcation; queue management; stability (ID#:14-3010)
  • Ali, M.Q.; Al-Shaer, E.; Samak, T., "Firewall Policy Reconnaissance: Techniques and Analysis," Information Forensics and Security, IEEE Transactions on, vol.9, no.2, pp.296, 308, Feb. 2014. doi: 10.1109/TIFS.2013.2296874 In the past decade, scanning has been widely used as a reconnaissance technique to gather critical network information to launch a follow up attack. To combat, numerous intrusion detectors have been proposed. However, scanning methodologies have shifted to the next-generation paradigm to be evasive. The next-generation reconnaissance techniques are intelligent and stealthy. These techniques use a low volume packet sequence and intelligent calculation for the victim selection to be more evasive. Previously, we proposed models for firewall policy reconnaissance that are used to set bound for learning accuracy as well as to put minimum requirements on the number of probes. We presented techniques for reconstructing the firewall policy by intelligently choosing the probing packets based on the responses of previous probes. In this paper, we show the statistical analysis of these techniques and discuss their evasiveness along with the improvement. First, we present the previously proposed two techniques followed by the statistical analysis and their evasiveness to current detectors. Based on the statistical analysis, we show that these techniques still exhibit a pattern and thus can be detected. We then develop a hybrid approach to maximize the benefit by combining the two heuristics.
    Keywords: firewalls; learning (artificial intelligence);statistical analysis ;critical network information; current detectors; firewall policy reconnaissance; firewall policy reconstruction; intelligent calculation; intrusion detectors; learning accuracy; next-generation paradigm; next-generation reconnaissance techniques; probing packets; scanning methodology; statistical analysis; victim selection; volume packet sequence; Adaptation models; Boolean functions; Detectors; Next generation networking; Ports (Computers); Probes; Reconnaissance; Security; intrusion detection; reconnaissance (ID#:14-3011)
  • Yuan Zhao; Shunfu Jin; Wuyi Yue, "A Novel Spectrum Access Strategy With A-Retry Policy In Cognitive Radio Networks: A Queueing-Based Analysis," Communications and Networks, Journal of, vol.16, no.2, pp.193, 201, April 2014. doi: 10.1109/JCN.2014.000030 In cognitive radio networks, the packet transmissions of the secondary users (SUs) can be interrupted randomly by the primary users (PUs). That is to say, the PU packets have preemptive priority over the SU packets. In order to enhance the quality of service (QoS) for the SUs, we propose a spectrum access strategy with an a-Retry policy. A buffer is deployed for the SU packets. An interrupted SU packet will return to the buffer with probability a for later retrial, or leave the system with probability (1 - a). For mathematical analysis, we build a preemptive priority queue and model the spectrum access strategy with an a-Retry policy as a two-dimensional discrete-time Markov chain (DTMC). We give the transition probability matrix of the Markov chain and obtain the steady-state distribution. Accordingly, we derive the formulas for the blocked rate, the forced dropping rate, the throughput and the average delay of the SU packets. With numerical results, we show the influence of the retrial probability for the strategy proposed in this paper on different performance measures. Finally, based on the tradeoff between different performance measures, we construct a cost function and optimize the retrial probabilities with respect to different system parameters by employing an iterative algorithm.
    Keywords: Markov processes; cognitive radio; iterative methods; matrix algebra; optimisation; packet radio networks; probability; quality of service; queueing theory; radio spectrum management; a-retry policy;2D DTMC;PU packet; SU packets; buffer deployment; cognitive radio network; cost function; discrete time Markov chain; dropping rate ;iterative algorithm; mathematical analysis; packet transmission; preemptive priority queue; primary user; quality of service; queueing-based analysis; retrial probability optimization; secondary users; spectrum access strategy; steady-state distribution; system parameter; transition probability matrix; Analytical models; Cognitive radio; Delays; Markov processes; Queueing analysis; T hroughput; Vectors;??-Retry policy; cognitive radio networks; discrete-time Markov chain (DTMC); priority queue; spectrum access strategy}, (ID#:14-3012)
  • Prasad, S.; Raina, G., "Stability and Hopf Bifurcation Analysis Of TCP With a RED-Like Queue Management Policy," Control and Decision Conference (2014 CCDC), The 26th Chinese, vol., no., pp.2599, 2605, May 31 2014-June 2 2014. doi: 10.1109/CCDC.2014.6852612 We analyze a non-linear fluid model of TCP coupled with a Random Early Detection (RED)-like queue management policy. We first show that the conditions for local stability, as parameters vary, will be violated via a Hopf bifurcation. Thus, a stable equilibrium would give rise to limit cycles. To identify the type of the Hopf bifurcation, and to determine the stability of the bifurcating limit cycles, we apply the theory of normal forms and the center manifold analysis. Some numerical computations accompany our theoretical work.
    Keywords: bifurcation; queueing theory; stability; telecommunication network management; transport protocols; Hopf bifurcation; RED-like queue management policy; TCP; bifurcating limit cycles stability; center manifold analysis; local stability; nonlinear fluid model; normal forms theory; random early detection-like queue management policy; Bifurcation; Compounds; Limit-cycles; Mathematical model; Numerical stability; Stability analysis; Hopf bifurcation; TCP; congestion control; queue management; stability (ID#:14-3013)
  • Singh, R.; I-Hong Hou; Kumar, P.R., "Fluctuation Analysis Of Debt Based Policies For Wireless Networks With Hard Delay Constraints," INFOCOM, 2014 Proceedings IEEE, pp.2400,2408, April 27 2014-May 2 2014. doi: 10.1109/INFOCOM.2014.6848185 Hou et al. have analyzed wireless networks where clients served by an access point require a timely-throughput of packets to be delivered by hard per-packet deadlines and also proved the timely-throughput optimality of certain debt-based policies. However, this is a weak notion of optimality; there might be long time intervals in which a client does not receive any packets, undesirable for real-time applications. Motivated by this, the authors, in an earlier work, introduced a pathwise cost function based on the law of the iterated logarithm, studied in fluctuation theory, which captures the deviation from a steady stream of packet deliveries and showed that a debt-based policy is optimal if the frame length is one. This work extends the analysis of debt-based policies to general frame lengths greater than one, as is important for general applications.
    Keywords: iterative methods; radio networks; access point; debt fluctuation analysis; debt-based policy; hard delay constraint; iterated logarithm; pathwise cost function; steady packet delivery stream; wireless network; Computers; Conferences; Delays Limiting; Markov processes; Throughput; Vectors (ID#:14-3014)
  • Lu Ge; Gaojie Chen; Yu Gong; Chambers, J., "Performance Analysis Of Multi-Antenna Selection Policies Using The Golden Code In Multiple-Input Multiple-Output Systems," Communications, IET, vol.8, no.12, pp.2147,2152, August 14, 2014. doi: 10.1049/iet-com.2013.0686 In multiple-input multiple-output (MIMO) systems, multiple-antenna selection has been proposed as a practical scheme for improving the signal transmission quality as well as reducing realisation cost because of minimising the number of radio-frequency chains. In this study, the authors investigate transmit antenna selection for MIMO systems with the Golden Code. Two antenna selection schemes are considered: max-min and max-sum approaches. The outage and pairwise error probability performance of the proposed approaches are analysed. Simulations are also given to verify the analysis. The results show the proposed methods provide useful schemes for antenna selection.
    Keywords: Gold codes; MIMO communication; cost reduction; error statistics; transmitting antennas; MIMO systems; cost reduction; error probability; golden code; multiantenna selection policies; multiple-antenna selection; multiple-input-multiple-output systems; radio-frequency chains; signal transmission quality improvement; transmitting antenna selection (ID#:14-3015)
  • Su, Shen; Zhang, Hongli; Fang, Binxing; Ye, Lin, "Quantifying AS-level Routing Policy Changes," Communications (ICC), 2014 IEEE International Conference on, pp.1148,1153, 10-14 June 2014. doi: 10.1109/ICC.2014.6883476 To study Internet's routing behavior on the granularity of Autonomous Systems (ASes), one needs to understand inter-domain routing policy. Routing policy changes over time, and may cause route oscillation, network congestion, and other problems. However, there are few works on routing policy changes and their impact on BGP's routing behaviors. In this paper, we model inter-domain routing policy as the preference to neighboring ASes, noted as neighbor preference, and propose an algorithm for quantifying routing policy changes based on neighbor preference. As a further analysis, we study the routing policy changes for the year of 2012, and find that generally an AS may experience a routing policy change for at least 20% prefixes within 6 months. An AS changes its routing policy mainly by exchanging two neighboring ASes' preference. In most cases, an AS changes a stable fraction of its prefixes' routing policy, but non-tier1 ASes may endure a large scale routing policy changing event. We also analyse the main reasons of routing policy changes, and exclude the possibilities of AS business relationship changes and topology changes.
    Keywords: Business; Internet ; Monitoring; Quality of service; Reliability; Routing; Topology (ID#:14-3016)
  • Anduo Wang; Gurney, AJ.T.; Xianglong Han; Jinyan Cao; Boon Thau Loo; Talcott, C.; Scedrov, A, "A Reduction-Based Approach Towards Scaling Up Formal Analysis Of Internet Configurations," INFOCOM, 2014 Proceedings IEEE, pp.637,645, April 27 2014-May 2 2014. doi: 10.1109/INFOCOM.2014.6847989 The Border Gateway Protocol (BGP) is the single inter-domain routing protocol that enables network operators within each autonomous system (AS) to influence routing decisions by independently setting local policies on route filtering and selection. This independence leads to fragile networking and makes analysis of policy configurations very complex. To aid the systematic and efficient study of the policy configuration space, this paper presents network reduction, a scalability technique for policy-based routing systems. In network reduction, we provide two types of reduction rules that transform policy configurations by merging duplicate and complementary router configurations to simplify analysis. We show that the reductions are sound, dual of each other and are locally complete. The reductions are also computationally attractive, requiring only local configuration information and modification. We have developed a prototype of network reduction and demonstrated that it is applicable on various BGP systems and enables significant savings in analysis time. In addition to making possible safety analysis on large networks that would otherwise not complete within reasonable time, network reduction is also a useful tool for discovering possible redundancies in BGP systems.
    Keywords: Internet; routing protocols; AS; BGP systems; Internet configurations; autonomous system; border gateway protocol; formal analysis; network reduction; policy based routing systems; policy configurations; reduction based approach; route filtering; route selection; safety analysis; scalability technique; single interdomain routing protocol; Computers; Conferences; Merging; Protocols; Redundancy; Routing; Safety (ID#:14-3017)
  • Kan Yang; Xiaohua Jia; Kui Ren; Ruitao Xie; Liusheng Huang, "Enabling Efficient Access Control With Dynamic Policy Updating For Big Data In The Cloud," INFOCOM, 2014 Proceedings IEEE, pp.2013,2021, April 27 2014-May 2 2014. doi: 10.1109/INFOCOM.2014.6848142 Due to the high volume and velocity of big data, it is an effective option to store big data in the cloud, because the cloud has capabilities of storing big data and processing high volume of user access requests. Attribute-Based Encryption (ABE) is a promising technique to ensure the end-to-end security of big data in the cloud. However, the policy updating has always been a challenging issue when ABE is used to construct access control schemes. A trivial implementation is to let data owners retrieve the data and re-encrypt it under the new access policy, and then send it back to the cloud. This method incurs a high communication overhead and heavy computation burden on data owners. In this paper, we propose a novel scheme that enabling efficient access control with dynamic policy updating for big data in the cloud. We focus on developing an outsourced policy updating method for ABE systems. Our method can avoid the transmission of encrypted data and minimize the computation work of data owners, by making use of the previously encrypted data with old access policies. Moreover, we also design policy updating algorithms for different types of access policies. The analyses show that our scheme is correct, complete, secure and efficient.
    Keywords: Big Data; authorisation; cloud computing; cryptography; ABE; Big Data; access control; access policy; attribute-based encryption; cloud; dynamic policy updating; end-to-end security; outsourced policy updating method; Access control; Big data; Encryption; Public key; Servers; ABE; Access Control; Big Data; Cloud; Policy Updating (ID#:14-3018)
  • Li, B.; Li, R.; Eryilmaz, A, "Throughput-Optimal Scheduling Design with Regular Service Guarantees in Wireless Networks," Networking, IEEE/ACM Transactions on, vol. PP, no.99, pp.1, 1, July 2014 doi: 10.1109/TNET.2014.2333008 Motivated by the regular service requirements of video applications for improving quality of experience (QoE) of users, we consider the design of scheduling strategies in multihop wireless networks that not only maximize system throughput but also provide regular interservice times for all links. Since the service regularity of links is related to the higher-order statistics of the arrival process and the policy operation, it is challenging to characterize and analyze directly. We overcome this obstacle by introducing a new quantity, namely the time-since-last-service (TSLS), which tracks the time since the last service. By combining it with the queue length in the weight, we propose a novel maximum-weight-type scheduling policy, called Regular Service Guarantee (RSG) Algorithm. The unique evolution of the TSLS counter poses significant challenges for the analysis of the RSG Algorithm. To tackle these challenges, we first propose a novel Lyapunov function to show the throughput optimality of the RSG Algorithm. Then, we prove that the RSG Algorithm can provide service regularity guarantees by using the Lyapunov-drift-based analysis of the steady-state behavior of the stochastic processes. In particular, our algorithm can achieve a degree of service regularity within a factor of a fundamental lower bound we derive. This factor is a function of the system statistics and design parameters and can be as low as two in some special networks. Our results, both analytical and numerical, exhibit significant service regularity improvements over the traditional throughput-optimal policies, which reveals the importance of incorporating the metric of time-since-last-service into the scheduling policy for providing regulated service.
    Keywords: Algorithm design and analysis; Delays; Quality of service; Steady-state; Throughput; Vectors; Wireless networks; Quality of experience (QoE);real-time traffic; service regularity; throughput optimality; wireless scheduling (ID#:14-3019)
  • Xiaonong Lu; Baoqun Yin; Haipeng Zhang, "Switching-POMDP Based Admission Control Policies For Service Systems With Distributed Architecture," Networking, Sensing and Control (ICNSC), 2014 IEEE 11th International Conference on, pp.209,214, 7-9 April 2014,. doi: 10.1109/ICNSC.2014.6819627 Many network systems with distributed structure today such as streaming media systems and resource-sharing systems can be modeled as the distributed network service system with multiple service nodes. Admission control technology is an essential way to enhance such systems. Model-based optimization approach as Markov decision process (MDP) is a good way to be applied to analyze and compute the optimal admission control policy that maximizes performance of system. However, due to the "curse of dimensionality", computing such optimal admission control policy for practical distributed systems is a rather difficult task. Therefore, we describe the admission control process of the distributed network service system as a switching partially observable Markov decision process (SPOMDP) with two-level structure. The upper level decides whether to switch the operation mode of system, and the lower level decides to admit or block new service requests. According to the partially observable Markov decision process (POMDP) model, a distributed admission control algorithm is presented which the service nodes in system make decisions without the knowledge of other service nodes. The randomized policy is applied to optimize system performance, and the policy-gradient iteration algorithm is used to compute the optimal admission control policy. Then, an operation mode switching mechanism is presented to detect the change of system and determine the switch epoch of operation mode. Through the numerical experiments, we demonstrate the efficiency of the presented approach.
    Keywords: Markov processes; distributed algorithms; optimal control; SPOMDP model; admission control process; admission control technology; dimensionality; distributed admission control algorithm; distributed architecture; distributed network service system; distributed structure today; model-based optimization; multiple service nodes; network systems; operation mode switching mechanism; optimal admission control policy; policy-gradient iteration algorithm; randomized policy; resource-sharing systems; service systems; streaming media systems; switch epoch; switching partially observable Markov decision process; switching-POMDP based admission control policies; Artificial neural networks; Gain; Switches; SPOMDP; distributed admission control algorithm; distributed network service system; operation mode; policy-gradient iteration; two-level structure (ID#:14-3020)
  • Huang Qinlong; Ma Zhaofeng; Yang Yixian; Niu Xinxin; Fu Jingyi, "Improving Security And Efficiency For Encrypted Data Sharing In Online Social Networks," Communications, China, vol.11, no.3, pp.104, 117, March 2014. doi: 10.1109/CC.2014.6825263 Despite that existing data sharing systems in online social networks (OSNs) propose to encrypt data before sharing, the multiparty access control of encrypted data has become a challenging issue. In this paper, we propose a secure data sharing scheme in OSNs based on ciphertext-policy attribute-based proxy re-encryption and secret sharing. In order to protect users' sensitive data, our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider. Our scheme presents a multiparty access control model, which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy. Further, we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider. We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext. Moreover, our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy. The security and performance analysis results indicate that the proposed scheme is secure and efficient in OSNs.
    Keywords: authorisation; cryptography; social networking (online); attribute based proxy reencryption; ciphertext policy; data security; decryption operations ;encrypted data sharing efficiency; multiparty access control model; online social networks; secret sharing; secure data sharing; Access control; Amplitude shift keying; Data sharing; Encryption; Social network services; attribute revocation; attribute-based encryption; data sharing; multiparty access control; online social networks (ID#:14-3021)
  • Torrez Rojas, M.A; Takeo Ueda, E.; Melo de Brito Carvalho, T.C., "Modelling and Verification Of Security Rules In An Openflow Environment with Coloured Petri Nets," Information Systems and Technologies (CISTI), 2014 9th Iberian Conference on, pp.1,7, 18-21 June 2014. doi: 10.1109/CISTI.2014.6876890 The discussion of alternatives to the Internet architecture has been the subject of research for several years, resulting in a number of solutions and mechanisms that can help even the current approach. Within this context, the paradigm of Software Defined Networking (SDN) is becoming popular due to recent initiatives based on OpenFlow. This article presents an analysis of security policy rules applied in an environment based on OpenFlow. The analysis of the security policy rules is realized based on data obtained from a simulation of a scenario, modeled using Colored Petri Nets (CPN), and validated by the state space generated from the outputs of this model. The collected results are for a specific scenario. However, the approach is useful to analyze several types of systems. Thus, this research demonstrates that is feasible to employ CPN to model and validate security rules in an OpenFlow-based SDN.
    Keywords: Petri nets; computer network security; protocols; CPN; Internet architecture; OpenFlow environment; OpenFlow-based SDN; coloured Petri nets; security policy rules analysis; security rule modelling; security rule validation ;security rule verification; software defined networking; state space; Analytical models; Computational modeling; Data models; Internet; Petri nets; Security; Software; Coloured Petri Nets; OpenFlow; SDN; Validate security rules (ID#:14-3022)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.