Using Conditional Random Fields to Optimize a Self-Adaptive Bell–LaPadula Model in Control Systems.

Once defined, the access control policies and regulations would never be changed in a running and state transition process. However, it will give attackers the possibility of discovering vulnerabilities in the system, and the control systems lack the ability of dynamic perception of security state and risk, causing the systems to be exposed to risks. In this article, a dynamic Bell–LaPadula (BLP) model is proposed. The conditional random field (CRF) is introduced into the BLP model to optimize the rules. First, the model formalizes the security attributes, states of system, transition rules, and constraint models on the basis of the state transition of CRFs. After the historical system access logs are processed as the original dataset, a feature selection method is proposed to extract the requests and current states as feature vectors. Second, this article presents a rules training algorithm based on L-BFGS to implement the study and training of datasets, and then marks the logs in the test set through Viterbi algorithm automatically. On the base of these, a rule generation algorithm is proposed to dynamically adjust the access control rules based on the current security status and events of the system. Third, the security of CRFs-BLP is proved by theoretical analysis. Finally, the validity and accuracy of the model are verified by estimating the value of the precision, recall, and $F1$ -score. As the system threats are shown to be decreased obviously from these experiments, this dynamic model can decrease the vulnerabilities and risk effectively. [ABSTRACT FROM AUTHOR]