HyPE: A Hybrid Approach toward Policy Engineering in Attribute-Based Access Control

Das, Saptarshi; Sural, Shamik; Vaidya, Jaideep; Atluri, Vijayalakshmi

doi:10.1109/locs.2018.2889980

Cited by 9 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We argue that recommendation-based ACP optimization constitutes a hybrid model of fully-automated and manual optimization. In the closely related domains of RBAC and ABAC policy modelling, which face the closely related challenge to automate the creation of semantically meaningful ACPs with high quality, hybrid approaches have also been proposed and gained broad acceptance (Fuchs and Pernul, 2008;Das et al, 2018).…”

Section: Recommendation-based Optimizationmentioning

confidence: 99%

Optimization of Access Control Policies

Kern¹,

Baumer²,

Groll³

et al. 2022

Journal of Information Security and Applications

View full text Add to dashboard Cite

Section: Recommendation-based Optimizationmentioning

confidence: 99%

Optimization of Access Control Policies

Kern¹,

Baumer²,

Groll³

et al. 2022

Journal of Information Security and Applications

View full text Add to dashboard Cite

“…In the context of deployment of ABAC in organizations, there is some existing work on standardization [12], policy engineering [18] [10] [23] [9], etc. Moreover, procedures have been developed for enabling organizations to migrate to ABAC from other access control models [14].…”

Section: Related Workmentioning

confidence: 99%

PolTree

Nath

Das

Sural

et al. 2019

Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

Self Cite

View full text Add to dashboard Cite

In Attribute-Based Access Control (ABAC), a user is permitted or denied access to an object based on a set of rules (together called an ABAC Policy) specified in terms of the values of attributes of various types of entities, namely, user, object and environment. Efficient evaluation of these rules is therefore essential for ensuring decision making at on-line speed when an access request comes. Sequentially evaluating all the rules in a policy is inherently time consuming and does not scale with the size of the ABAC system or the frequency of access requests. This problem, which is quite pertinent for practical deployment of ABAC, surprisingly has not so far been addressed in the literature. In this paper, we introduce two variants of a tree data structure for representing ABAC policies, which we name as PolTree. In the binary version (B-PolTree), at each node, a decision is taken based on whether a particular attribute-value pair is satisfied or not. The n-ary version (N-PolTree), on the other hand, grows as many branches out of a given node as the total number of possible values for the attribute being checked at that node. An extensive experimental evaluation with diverse data sets shows the scalability and effectiveness of the proposed approach.

show abstract

“…In the current literature, the policy mining problem has been formulated as a minimization problem. Combining top-down and bottom-up approaches gives hybrid policy engineering [7].…”

Section: Introductionmentioning

confidence: 99%

PAMMELA: Policy Administration Methodology using Machine Learning

Gumma¹,

Mitra²,

Dey³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

In recent years, Attribute-Based Access Control (ABAC) has become quite popular and effective for enforcing access control in dynamic and collaborative environments. Implementation of ABAC requires the creation of a set of attribute-based rules which cumulatively form a policy. Designing an ABAC policy ab initio demands a substantial amount of effort from the system administrator. Moreover, organizational changes may necessitate the inclusion of new rules in an already deployed policy. In such a case, re-mining the entire ABAC policy will require a considerable amount of time and administrative effort. Instead, it is better to incrementally augment the policy. Keeping these aspects of reducing administrative overhead in mind, in this paper, we propose PAMMELA, a Policy Administration Methodology using Machine Learning to help system administrators in creating new ABAC policies as well as augmenting existing ones. PAMMELA can generate a new policy for an organization by learning the rules of a policy currently enforced in a similar organization. For policy augmentation, PAMMELA can infer new rules based on the knowledge gathered from the existing rules. Experimental results show that our proposed approach provides a reasonably good performance in terms of the various machine learning evaluation metrics as well as execution time.

show abstract

HyPE: A Hybrid Approach toward Policy Engineering in Attribute-Based Access Control

Cited by 9 publications

References 17 publications

Optimization of Access Control Policies

Optimization of Access Control Policies

PolTree

PAMMELA: Policy Administration Methodology using Machine Learning

Contact Info

Product

Resources

About