Security Policy Learning

Security Policies define rules aiming to protect the infrastructure from insider and outsider threats. A key component to achieving this goal is access control policies, where security officers specify how subjects may access objects and under which conditions. However, developing detailed access control policies is a time-consuming and highly error-prone task that may have catastrophic effects if done incorrectly. Therefore, researchers have investigated techniques to automatically learn the security policies. In this chapter, we discuss ML techniques for automatic security policy learning. We organize those techniques in three parts: the first part refers to learning high-level access control policies, such as ABAC policy learning, whereas the second part discusses network security policy learning. While both parts pertain to access control policy learning, the former considers attributes of the subjects, objects, and operations, whereas the latter considers the idiosyncrasies of network environments, such as communication protocols and network addressing. The final part discusses privacy policy learning.