Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

6-2011

Abstract

Audit mechanisms are essential for privacy protection in permissive access control regimes, such as in hospitals where denying legitimate access requests can adversely affect patient care. Recognizing this need, we develop the first principled learning-theoretic foundation for audits. Our first contribution is a game-theoretic model that captures the interaction between the defender (e.g., hospital auditors) and the adversary (e.g., hospital employees). The model takes pragmatic considerations into account, in particular, the periodic nature of audits, a budget that constrains the number of actions that the defender can inspect, and a loss function that captures the economic impact of detected and missed violations on the organization. We assume that the adversary is worst-case as is standard in other areas of computer security. We also formulate a desirable property of the audit mechanism in this model based on the concept of regret in learning theory. Our second contribution is an efficient audit mechanism that provably minimizes regret for the defender. This mechanism learns from experience to guide the defender's auditing efforts. The regret bound is significantly better than prior results in the learning literature. The stronger bound is important from a practical standpoint because it implies that the recommendations from the mechanism will converge faster to the best fixed auditing strategy for the defender.

Discipline

Databases and Information Systems

Research Areas

Data Science and Engineering

Publication

24th IEEE Computer Security Foundations Symposium, Cernay-la-Ville, France, 2011 June 27-29

Identifier

10.1109/CSF.2011.28

Publisher

Oxford University Press (OUP): Policy E - Oxford Open Option D

City or Country

Cernay-la-Ville, France

Additional URL

https://doi.org/10.1109/CSF.2011.28

Download

Share

COinS