skip to main content

DOE PAGESDOE PAGES

Title: Evolving bipartite authentication graph partitions

As large scale enterprise computer networks become more ubiquitous, finding the appropriate balance between user convenience and user access control is an increasingly challenging proposition. Suboptimal partitioning of users’ access and available services contributes to the vulnerability of enterprise networks. Previous edge-cut partitioning methods unduly restrict users’ access to network resources. This paper introduces a novel method of network partitioning superior to the current state-of-the-art which minimizes user impact by providing alternate avenues for access that reduce vulnerability. Networks are modeled as bipartite authentication access graphs and a multi-objective evolutionary algorithm is used to simultaneously minimize the size of large connected components while minimizing overall restrictions on network users. Lastly, results are presented on a real world data set that demonstrate the effectiveness of the introduced method compared to previous naive methods.
Authors:
ORCiD logo [1] ;  [1] ;  [2]
  1. Missouri Univ. of Science and Technology, Rolla, MO (United States)
  2. Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Publication Date:
Report Number(s):
LA-UR-15-27173
Journal ID: ISSN 1545-5971
Grant/Contract Number:
AC52-06NA25396
Type:
Accepted Manuscript
Journal Name:
IEEE Transactions on Dependable and Secure Computing
Additional Journal Information:
Journal Name: IEEE Transactions on Dependable and Secure Computing; Journal ID: ISSN 1545-5971
Publisher:
IEEE
Research Org:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org:
USDOE
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING; network security
OSTI Identifier:
1351186