Efficient Bottom-Up Mining of Attribute Based Access Control Policies

Talukdar, Tanay; Batra, Gunjan; Vaidya, Jaideep; Atluri, Vijayalakshmi; Sural, Shamik

doi:10.1109/cic.2017.00051

Cited by 24 publications

(10 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Entities in the context will be annotation data, web documents and users. With Attribute-Based Access Control (ABAC), annotation data attributes are signed to security tokens which matches them with document or consumer attributes to either grant or deny access to an instance of annotation data (Talukdar et al, 2017). However, this is still based on the validity of a web document utilising an instance of annotation data previously generated for another document.…”

Section: Annotation Data Sharingmentioning

confidence: 99%

Leveraging cloud computing for the semantic web: review and trends

et al. 2019

View full text Add to dashboard Cite

Semantic and Cloud Computing technologies have become vital elements for developing and deploying solutions across diverse fields in computing. While they are independent of each other, they can be integrated in diverse ways for developing solutions and this has been significantly explored in recent times. With the migration of web-based data and applications to cloud platforms and the evolution of the web itself from a social, web 2.0 to a semantic, web 3.0 comes the convergence of both technologies. While several concepts and implementations have been provided regarding interactions between the two technologies from existing research, without an explicit classification of the modes of interaction, it can be quite challenging to articulate the interaction modes, hence building upon them can be a very daunting task. Hence, this research identifies and describes the modes of interaction between them. Furthermore, a "cloud-driven" interaction mode which focuses on fully maximising cloud computing characteristics and benefits for driving the semantic web is described; providing an approach for evolving the semantic web and delivering automated semantic annotation on a large-scale to web applications.

show abstract

Section: Annotation Data Sharingmentioning

confidence: 99%

Leveraging cloud computing for the semantic web: review and trends

et al. 2019

View full text Add to dashboard Cite

show abstract

“…In this section, we briefly present the attribute based access control (ABAC) model [1,12] and the Role Based Access Control model [7], upon which all of the following work is based. In ABAC, the authorization to perform an operation (e.g.,read/write/modify) is granted based on the attributes of the requesting user, requested object, and the environment in which a request is made.…”

Section: Preliminariesmentioning

confidence: 99%

“…First, a synthetic ABAC policy base ( Π A ) is created. For creating synthetic ABAC Policies we used the data generator used by Talukdar et al [12]. Next, using the ABAC policy base and the User Attribute relation (UAR) and Object Attribute Relation (OAR), the (UPA) relation is created, on which Role Mining is done on the (UPA) relation to create the User Assignment (UA) and Role Assignment (PA) relation.…”

Section: Experimental Comparison Of Access Request Evaluation Cost Inmentioning

confidence: 99%

Enabling the Deployment of ABAC Policies in RBAC Systems

Batra

Atluri

Vaidya

et al. 2018

Data and Applications Security and Privacy XXXII

Self Cite

View full text Add to dashboard Cite

The flexibility, portability and identity-less access control features of Attribute Based Access Control (ABAC) make it an attractive choice to be employed in many application domains. However, commercially viable methods for implementation of ABAC do not exist while a vast majority of organizations use Role Based Access Control (RBAC) systems. In this paper, we present a way in which organizations having a RBAC system can deploy an ABAC policy. Thus, we propose a method for the translation of an ABAC policy into a form that can be adopted by an RBAC system. We compare the cost of enforcement in ABAC and RBAC with respect to time taken to evaluate an access request, and experimentally demonstrate that RBAC is significantly better in this respect. Since the cost of security management is more expensive under RBAC when compared to ABAC, we present an analysis of the different management costs and present mitigation approaches by considering various administrative operations.

show abstract

“…While there is some work on mining ABAC policies [3] [5], and also on constrained versions of the ABAC policy mining problem [2], to the best of our knowledge, this is the first attempt towards formulating and solving ABAC policy mining problem which involves environment attributes.…”

Section: Introductionmentioning

confidence: 99%

Using Gini Impurity to Mine Attribute-based Access Control Policies with Environment Attributes

Das

Sural

Vaidya

et al. 2018

Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies

Self Cite

View full text Add to dashboard Cite

In Attribute-based Access Control (ABAC) systems, utilizing environment attributes along with the subject and object attributes introduces a dynamic nature to the access decisions. The inclusion of environment attributes helps in achieving a more fine-grained access control. In this paper, we present an ABAC policy mining algorithm that considers the environment attributes and their associated values while forming the rules. Furthermore, we use gini impurity to form the rules. This helps to minimize the number of rules in the generated policy. The experimental evaluation shows that our approach is quite effective in practice.

show abstract

Efficient Bottom-Up Mining of Attribute Based Access Control Policies

Cited by 24 publications

References 21 publications

Leveraging cloud computing for the semantic web: review and trends

Leveraging cloud computing for the semantic web: review and trends

Enabling the Deployment of ABAC Policies in RBAC Systems

Using Gini Impurity to Mine Attribute-based Access Control Policies with Environment Attributes

Contact Info

Product

Resources

About