Finding logical vulnerability in policies using three-level semantic framework

Bataityte, Karolina, Vassilev, Vassil and Gill, Olivia Jo (2024) Finding logical vulnerability in policies using three-level semantic framework. In: 20th International Conference on Artificial Intelligence Applications and Innovations, 27-30 June 2024, Cyprus. (In Press)


We present the continuation of our work on a three-level framework, which can be used to model and analyze the identification-authentication-authorization policies. Finding the gaps in such policies is challenging. We explore the cases when operations become accessible to the user because of flawed or missing authentication methods. Our objective is to model the domain and find such vulnerabilities. Our proposed framework has three levels. Each level is built on top of a previous one. The first is ontological, where we model the static domain in OWL; the second is logical, where we model the dynamic using SWRL; and the
third is analytical level, where we utilize the reasoner to get the results. In this paper, we present the algorithm, which finds vulnerable situations in the policies or confirms that there are no vulnerable situations. We have modelled a couple of policies from different user-based applications to validate our approach as well as demonstrate the feasibility of using it on policies from the actual systems.

AIAI_Final_v2.pdf - Accepted Version
Restricted to Repository staff only until 3 April 2025.

Download (577kB)
View Item View Item