Affiliation:
1. College of Command and Control Engineering Army Engineering University of PLA Nanjing China
2. Unit 93117 PLA Nanjing China
Abstract
AbstractIt is a key point to find out the actual privileges of network users in network security risk assessment. The Privilege dependency graph (PDG) provides an effective way to reason the actual privileges of network users from their initial privileges. The existing User Actual Privilege reasoning method is time‐consuming and not suitable for large‐scale networks. This paper introduces a fast User Actual Privilege reasoning framework based on PDG reduction. The core idea is to reduce the size of the graph as much as possible before the actual privilege reasoning. Three different nodes merged scenarios are proposed and discussed, as well as the influences of different execution sequences and execution times. Networks of different sizes were simulated to validate the effectiveness and scalability of their method. The experimental results show that the proposed method can decrease the time of User Actual Privilege reasoning by over 25% in large‐scale networks.
Publisher
Institution of Engineering and Technology (IET)
Subject
Computer Networks and Communications,Information Systems,Software