Computer Science Colloquia
Thursday July 28, 2011
Advisor: Dave Evans
Attending Faculty: Jack Davidson
Olsson Hall, Room 236D, 11:00 AM
A Master's Project Presentation
Mining User Action Policies to Control Program Behavior
Application security depends critically on how users interact with their interfaces, but user actions are not incorporated systematically into current systems. Information about user actions can be used to construct better access control policies and in other contexts such as intrusion detection. We present a system for learning access control policies for file and network access based on analyzing user interactions with graphical user interfaces in conjunction with dynamic program behavior. Our system automatically builds models of preconditions for security-critical events that can include both the appearance of graphical user interfaces and user actions within those interfaces. This provides steps toward a trusted path from physical user actions through application interfaces to system modification. In this paper, we describe a system for automatically learning policies that incorporate user actions as well as models for visually verifying those interfaces. We show that it is possible to accurately distinguish intended user actions from spoofed events and report on experiments demonstrating the value of validated user actions in improving security policies.