Policy Evolution with Grammatical Evolution

  • Yow Tzu Lim
  • Pau Chen Cheng
  • John Andrew Clark
  • Pankaj Rohatgi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5361)


Security policies are becoming more sophisticated. Operational forces will often be faced with making tricky risk decisions and policies must be flexible enough to allow appropriate actions to be facilitated. Access requests are no longer simple subject access object matters. There is often a great deal of context to be taken into account. Most security work is couched in terms of risk management, but the benefits of actions will need to be taken into account too. In some cases it may not be clear what the policy should be. People are often better at dealing with specific examples than producing general rules. In this paper we investigate the use of Grammatical Evolution (GE) to attempt to infer Fuzzy MLS policy from decision examples. This approach couches policy inference as a search for a policy that is most consistent with the supplied examples set. The results show this approach is promising.


Genetic Program Security Policy Production Rule Derivative Tree Grammatical Evolution 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Horizontal Integration: Broader Access Models for Realizing Information Dominance. Technical Report JSR-04-132, The MITRE Corporation JASON Program Office, Mclean, Virginia (December 2004)Google Scholar
  2. 2.
    Barbara, D.: Applications of Data Mining in Computer Security. Kluwer Academic Publishers, Norwell (2002)CrossRefzbMATHGoogle Scholar
  3. 3.
    McDaniel, P.D.: Policy Evolution: Autonomic Environmental Security (December 2004)Google Scholar
  4. 4.
    Lim, Y.T., Cheng, P.C., Clark, J.A., Rohatgi, P.: Policy Evolution with Genetic Programming. Technical report, IBM Research Report RC24442 (2008)Google Scholar
  5. 5.
    Dempsey, I., O’Neill, M., Brabazon, A.: Adaptive Trading with Grammatical Evolution. In: Proceedings of the 2006 IEEE Congress on Evolutionary Computation, Vancouver, July 6-21, 2006, pp. 9137–9142. IEEE Press, Los Alamitos (2006)Google Scholar
  6. 6.
    Brabazon, T., O’Neill, M., Ryan, C., Collins, J.J.: Uncovering Technical Trading Rules Using Evolutionary Automatic Programming. In: Proceedings of 2001 AAANZ Conference (Accounting Association of Australia and NZ), Auckland, New Zealand, July 1-3 (2001)Google Scholar
  7. 7.
    Brabazon, T., O’Neill, M.: Trading Foreign Exchange Markets Using Evolutionary Automatic Programming. In: Barry, A.M. (ed.) GECCO 2002: Proceedings of the Bird of a Feather Workshops, Genetic and Evolutionary Computation Conference, New York, July 8, 2002, pp. 133–136. AAAI, Menlo Park (2002)Google Scholar
  8. 8.
    O’Neill, M., Ryan, C.: Grammatical Evolution: Evolutionary Automatic Programming in an Arbitrary Language. Genetic programming, vol. 4. Kluwer Academic Publishers, Dordrecht (2003)CrossRefzbMATHGoogle Scholar
  9. 9.
    Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control. In: IEEE Symposium on Security and Privacy, pp. 222–230 (2007)Google Scholar
  10. 10.
    Bell, D.E., LaPadula, L.J.: Computer Security Model: Unified Exposition and Multics Interpretation. Technical Report ESD–TR–75–306, The MITRE Corporation, Bedford, MA. HQ Electronic Systems Division, Hanscom AFB, MA (March 1976)Google Scholar
  11. 11.
    Ryan, C., Azad, R.M.A.: Sensible Initialisation in Chorus. In: Ryan, C., Soule, T., Keijzer, M., Tsang, E., Poli, R., Costa, E. (eds.) EuroGP 2003. LNCS, vol. 2610, pp. 394–403. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Koza, J.R.: Genetic Programming: On the Programming of Computers by Means of Natural Selection. MIT Press, Cambridge (1992)zbMATHGoogle Scholar
  13. 13.
    Lim, Y.T., Cheng, P.C., Clark, J.A., Rohatgi, P.: Policy Evolution with Genetic Programming: a Comparison of Three Approaches. In: 2008 IEEE Congress on Evolutionary Computation, Hong Kong, IEEE Computational Intelligence Society, June 1-6, 2008, pp. 813–819. IEEE Press, Los Alamitos (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Yow Tzu Lim
    • 1
  • Pau Chen Cheng
    • 2
  • John Andrew Clark
    • 1
  • Pankaj Rohatgi
    • 2
  1. 1.Department of Computer ScienceUniversity of YorkUK
  2. 2.Department of Security and PrivacyIBM T J Watson Research CenterUSA

Personalised recommendations