Migrating from DAC to RBAC

Uzun, Emre; Lorenzi, David; Atluri, Vijayalakshmi; Vaidya, Jaideep; Sural, Shamik

doi:10.1007/978-3-319-20810-7_5

Cited by 6 publications

(9 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Step 3. Derive User Assignment Relation 𝒰𝒜 and Permission Assignment Relation 𝒫𝒜 by performing Role Mining: For the automation of this step, we have used DEMiner algorithm proposed by Uzun et al [6]. The primary reason to choose this is because it generates a compact set of roles which are disjoint in their permissions.…”

Section: Approachmentioning

confidence: 99%

“…Any Role Mining algorithm could be used, as long as it completely covers the given 𝒰𝒫𝒜. In this particular case, we use the DEMiner algorithm proposed by Uzun et al[6].For each set of experiments, we have compared the access request evaluation time for both ABAC and RBAC. The experiments are performed on a Intel Core i7 2.60 GHz machine with 8.00 GB memory running 64-bit Windows 10.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Deploying ABAC policies using RBAC systems

Batra

Atluri

Vaidya

et al. 2019

JCS

Self Cite

View full text Add to dashboard Cite

The flexibility, portability and identity-less access control features of Attribute Based Access Control(ABAC) make it an attractive choice to be employed in many application domains. However, commercially viable methods for implementation of ABAC do not exist while a vast majority of organizations use Role Based Access Control (RBAC) or their temporal extensions, such as Temporal Role Based Access Control (TRBAC). In this paper, we present a solution for organizations having a RBAC/TRBAC that can deploy an ABAC policy. Essentially, we propose a method for the translation of an ABAC policy (including time constraints) into a form that can be adopted by an RBAC/TRBAC system.We experimentally demonstrate that time taken to evaluate an access request in RBAC and TRBAC systems is significantly less than that of the corresponding ABAC system. Since the cost of security management is more expensive under RBAC when compared to ABAC, we present an analysis of the different management costs and present mitigation approaches by considering various administrative operations.

show abstract

Section: Approachmentioning

confidence: 99%

mentioning

confidence: 99%

Deploying ABAC policies using RBAC systems

Batra

Atluri

Vaidya

et al. 2019

JCS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Step 3. Derive User Assignment Relation (UA) and Permission Assignment Relation (PA) by performing Role Mining: For the automation of this step, we have used DEMiner algorithm proposed by Uzun et al [3]. The primary reason to choose this is because it generates a compact set of roles which are disjoint in their permissions.…”

Section: Abac To Rbac Translationmentioning

confidence: 99%

“…Any Role Mining algorithm could be used, as long as it completely covers the given UPA. In this particular case, we use the DEMiner algorithm proposed by Uzun et al [3].…”

Section: Experimental Comparison Of Access Request Evaluation Cost Inmentioning

confidence: 99%

Enabling the Deployment of ABAC Policies in RBAC Systems

Batra

Atluri

Vaidya

et al. 2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

The flexibility, portability and identity-less access control features of Attribute Based Access Control (ABAC) make it an attractive choice to be employed in many application domains. However, commercially viable methods for implementation of ABAC do not exist while a vast majority of organizations use Role Based Access Control (RBAC) systems. In this paper, we present a way in which organizations having a RBAC system can deploy an ABAC policy. Thus, we propose a method for the translation of an ABAC policy into a form that can be adopted by an RBAC system. We compare the cost of enforcement in ABAC and RBAC with respect to time taken to evaluate an access request, and experimentally demonstrate that RBAC is significantly better in this respect. Since the cost of security management is more expensive under RBAC when compared to ABAC, we present an analysis of the different management costs and present mitigation approaches by considering various administrative operations.

show abstract

“…This dataset uses the same simple PEs as in [8], namely, π = policy from Phase 3 q = Q pol (π) workL = list of removable roles in π changed = true while ¬empty(workL) ∧ changed sort workL in ascending order by Q role changed = false for r in workL Figure 6: Phase 4: Remove roles. [6,11], [7,10], [8,9], [8,11], [9,11], [10,11], [10,12], [11,13], [14,15], [16,17]. These PEs are designed to cover various relationships between intervals, such as overlapping, consecutive, disjoint, and nested.…”

Section: Datasetsmentioning

confidence: 99%

Mining hierarchical temporal roles with multiple metrics

Stoller

Bui

2017

JCS

View full text Add to dashboard Cite

Temporal role-based access control (TRBAC) extends role-based access control to limit the times at which roles are enabled. This paper presents a new algorithm for mining high-quality TRBAC policies from timed ACLs (i.e., ACLs with time limits in the entries) and optionally user attribute information. Such algorithms have potential to significantly reduce the cost of migration from timed ACLs to TRBAC. The algorithm is parameterized by the policy quality metric. We consider multiple quality metrics, including number of roles, weighted structural complexity (a generalization of policy size), and (when user attribute information is available) interpretability, i.e., how well role membership can be characterized in terms of user attributes. Ours is the first TRBAC policy mining algorithm that produces hierarchical policies, and the first that optimizes weighted structural complexity or interpretability. In experiments with datasets based on real-world ACL policies, our algorithm is more effective than previous algorithms at optimizing policy quality.

show abstract

Migrating from DAC to RBAC

Cited by 6 publications

References 25 publications

Deploying ABAC policies using RBAC systems

Deploying ABAC policies using RBAC systems

Enabling the Deployment of ABAC Policies in RBAC Systems

Mining hierarchical temporal roles with multiple metrics

Contact Info

Product

Resources

About