Using ILP to Learn AppArmor Policies

Lukas Brodschelm, Marcus Gelderie

2024

Abstract

Access control has become ubiquitous in contemporary computer systems but creating policies is an costly and errorprone task, thus it is desirable to automize it. Machine learning is a common tool to automate such tasks. But typical modern machine learning (ML) techniques require large example sets and do not give guarantees which makes it hard to learn policies with them. Inductive logic programming (ILP) is a symbolic form of ML that addresses these limitations. We show how ILP can be used to create generalized file access policies from examples. To do so we introduce two strategies to use the ILASP ILP framework to create file access rulesets for AppArmor. Further, we introduce concepts to generate negative examples for the learning tasks. Our evaluation shows the feasibility of our strategies by comparing them with AppArmor’s default tooling.

Paper Citation

in Harvard Style

Brodschelm L. and Gelderie M. (2024). Using ILP to Learn AppArmor Policies. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 766-773. DOI: 10.5220/0012379000003648

in Bibtex Style

@conference{icissp24,
author={Lukas Brodschelm and Marcus Gelderie},
title={Using ILP to Learn AppArmor Policies},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={766-773},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012379000003648},
isbn={978-989-758-683-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Using ILP to Learn AppArmor Policies
SN - 978-989-758-683-5
AU - Brodschelm L.
AU - Gelderie M.
PY - 2024
SP - 766
EP - 773
DO - 10.5220/0012379000003648
PB - SciTePress