A Deep Learning Approach for Extracting Attributes of ABAC Policies

Alohaly, Manar; Takabi, Hassan; Blanco, Eduardo

doi:10.1145/3205977.3205984

Cited by 31 publications

(22 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, when a desired feature had the form p=True, where p is a path, the learned NN might give p=True high weight to s 1 , or the NN might give p=True lower weight to s 1 and compensate by giving its "complementary" feature p=False higher weight to s 0 ; both NNs can classify feature vectors accurately, and the objective function does not prefer one of them over the other. To ensure the desired feature is categorized as useful regardless of which NN is learned in this and similar situations, we select the 1 3 N uf features with the highest values of s 0…”

Section: Useful Feature Selectionmentioning

confidence: 99%

Efficient and Extensible Policy Mining for Relationship-Based Access Control

Bui

Stoller

2019

Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

Relationship-based access control (ReBAC) is a flexible and expressive framework that allows policies to be expressed in terms of chains of relationship between entities as well as attributes of entities. ReBAC policy mining algorithms have a potential to significantly reduce the cost of migration from legacy access control systems to ReBAC, by partially automating the development of a ReBAC policy. Existing ReBAC policy mining algorithms support a policy language with a limited set of operators; this limits their applicability.This paper presents a ReBAC policy mining algorithm designed to be both (1) easily extensible (to support additional policy language features) and (2) scalable. The algorithm is based on Bui et al.'s evolutionary algorithm for ReBAC policy mining algorithm. First, we simplify their algorithm, in order to make it easier to extend and provide a methodology that extends it to handle new policy language features. However, extending the policy language increases the search space of candidate policies explored by the evolutionary algorithm, thus causes longer running time and/or worse results. To address the problem, we enhance the algorithm with a feature selection phase. The enhancement utilizes a neural network to identify useful features. We use the result of feature selection to reduce the evolutionary algorithm's search space. The new algorithm is easy to extend and, as shown by our experiments, is more efficient and produces better policies. KEYWORDS security policy mining; attribute-based access control; relationshipbased access control; feature selection ACM Reference Format:

show abstract

Section: Useful Feature Selectionmentioning

confidence: 99%

Efficient and Extensible Policy Mining for Relationship-Based Access Control

Bui

Stoller

2019

Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

show abstract

“…Machine learning can help with converting natural language policies into formal access-control policies, e.g. through the identification of attributes in [1]. Policy analysis tools can identify excessive privileges and redundancies [9], establish privacy properties [12], and improve revocation schemes for delegation chains [13].…”

Section: Policy Analysis and Synthesismentioning

confidence: 99%

“…A decentralized app for accommodation sharing, e.g., may enable Consumer-To-Consumer (C2C) business models for the sharing of rooms, apartments or other facilities such that clients can directly formulate the access conditions to their own data and physical resources without a central organization having already access to such data and resources. 1 Such an approach requires, though, that clients as owners of physical resources can freely delegate the access of their own resources to others -under specific conditions that typically include or trigger financial transactions.…”

Section: Introductionmentioning

confidence: 99%

Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital Ecosystems

Cheung¹,

Huth

Kirk³

et al. 2019

Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

We are living in an age in which digitization will connect more and more physical assets with IT systems and where IoT endpoints will generate a wealth of valuable data. Companies, individual users, and organizations alike therefore have the need to control their own physical or non-physical assets and data sources. At the same time, they recognize the need for, and opportunity to, share access to such data and digitized physical assets. This paper sets out our technology vision for such sharing ecosystems, reports initial work in that direction, identifies challenges for realizing this vision, and seeks feedback and collaboration from the academic access-control community in that R&D space.

show abstract

“…A top-down approach to ABAC policy mining has also been pursued, with the goal of using natural language processing and machine learning to extract ABAC policies from natural language documents. Since this problem is extremely difficult, the focus so far has been on sub-problems, such as analyzing natural language documents to identify the sentences relevant to access control [NTN18] and the relevant attributes [ATB18].…”

Section: Related Work On Abac Policy Miningmentioning

confidence: 99%

Mining Relationship-Based Access Control Policies

Bui

Stoller

2017

Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

Relationship-based access control (ReBAC) provides a high level of expressiveness and flexibility that promotes security and information sharing. We formulate ReBAC as an object-oriented extension of attribute-based access control (ABAC) in which relationships are expressed using fields that refer to other objects, and path expressions are used to follow chains of relationships between objects.ReBAC policy mining algorithms have potential to significantly reduce the cost of migration from legacy access control systems to ReBAC, by partially automating the development of a ReBAC policy from an existing access control policy and attribute data. This paper presents two algorithms for mining ReBAC policies from access control lists (ACLs) and attribute data represented as an object model: a greedy algorithm guided by heuristics, and a grammar-based evolutionary algorithm. An evaluation of the algorithms on four sample policies and two large case studies demonstrates their effectiveness.

show abstract

A Deep Learning Approach for Extracting Attributes of ABAC Policies

Cited by 31 publications

References 26 publications

Efficient and Extensible Policy Mining for Relationship-Based Access Control

Efficient and Extensible Policy Mining for Relationship-Based Access Control

Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital Ecosystems

Mining Relationship-Based Access Control Policies

Contact Info

Product

Resources

About