Towards an Automated Extraction of ABAC Constraints from Natural Language Policies

Alohaly, Manar; Takabi, Hassan; Blanco, Eduardo

doi:10.1007/978-3-030-22312-0_8

Cited by 11 publications

(10 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While policy languages and models were developed [9], [37] that enforce obligation requirements, we also need to consider the effectiveness of NLP approaches that target policy documents. There is also a significant effort to automate rule extraction and management from natural language text [2], [18], [47]. However, as Ravichander et al [40] point out, there are challenges to automating knowledge extraction from policy documents.…”

Section: Background and Related Workmentioning

confidence: 99%

“…Consider the following sentence taken from a Policy: "Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, including the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information." 2 The word "and" has been used 3 times in the sentence to join multiple clauses. This is a difficult sentence to read.…”

Section: Connective Wordsmentioning

confidence: 99%

“…New policy languages and models have been developed [9], [15], [37], [45] that enforce obligation requirements. There is also a significant effort to automate rule extraction and management from natural language text [2], [18], [20], [23], [38], [47]. This requires text segmentation and text classification, and the quality of text in a natural language document can affect the performance of these processes [40].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The Effect of Text Ambiguity on creating Policy Knowledge Graphs

Kotal

Joshi

2021

2021 IEEE Intl Conf on Parallel &Amp; Distributed Processing With Applications, Big Data &Amp; Cloud Computing, Sustainable Com

View full text Add to dashboard Cite

A growing number of web and cloud-based products and services rely on data sharing between consumers, service providers, and their subsidiaries and third parties. There is a growing concern around the security and privacy of data in such large-scale shared architectures. Most organizations have a human-written privacy policy that discloses all the ways that data is shared, stored, and used. The organizational privacy policies must also be compliant with government and administrative regulations. This raises a major challenge for providers as they try to launch new services. Thus they are moving towards a system of automatic policy maintenance and regulatory compliance. This requires extracting policy from text documents and representing it in a semi-structured, machine-processable framework. The most popular method to this end is extracting policy information into a Knowledge Graph (KG). There exists a significant body of work that converts text descriptions of regulations into policies expressed in languages such as OWL and XACML and is grounded in the control-based schema by using NLP approaches. In this paper, we show that the NLP-based approaches to extract knowledge from written policy documents and representing them in enforceable Knowledge Graphs fail when the text policies are ambiguous. Ambiguity can arise from lack of clarity, misuse of syntax, and/or the use of complex language. We describe a system to extract features from a policy document that affect its ambiguity and classify the documents based on the level of ambiguity present. We validate this approach using human annotators. We show that a large number of documents in a popular privacy policy corpus (OPP-115) are ambiguous. This affects the ability to automatically monitor privacy policies. We show that for policies that are more ambiguous according to our proposed measure, NLP-based text segment classifiers are less accurate.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Connective Wordsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

The Effect of Text Ambiguity on creating Policy Knowledge Graphs

Kotal

Joshi

2021

2021 IEEE Intl Conf on Parallel &Amp; Distributed Processing With Applications, Big Data &Amp; Cloud Computing, Sustainable Com

View full text Add to dashboard Cite

show abstract

“…The authors also propose a scoring method for determining the quality of a policy from a least privilege point of view. [1] proposes a methodology that can extract ABAC constraints in an automated manner from policies expressed in natural language. A constrained policy mining technique has been proposed in [9].…”

Section: Related Workmentioning

confidence: 99%

PAMMELA: Policy Administration Methodology using Machine Learning

Gumma¹,

Mitra²,

Dey³

et al. 2021

Preprint

View full text Add to dashboard Cite

In recent years, Attribute-Based Access Control (ABAC) has become quite popular and effective for enforcing access control in dynamic and collaborative environments. Implementation of ABAC requires the creation of a set of attribute-based rules which cumulatively form a policy. Designing an ABAC policy ab initio demands a substantial amount of effort from the system administrator. Moreover, organizational changes may necessitate the inclusion of new rules in an already deployed policy. In such a case, re-mining the entire ABAC policy will require a considerable amount of time and administrative effort. Instead, it is better to incrementally augment the policy. Keeping these aspects of reducing administrative overhead in mind, in this paper, we propose PAMMELA, a Policy Administration Methodology using Machine Learning to help system administrators in creating new ABAC policies as well as augmenting existing ones. PAMMELA can generate a new policy for an organization by learning the rules of a policy currently enforced in a similar organization. For policy augmentation, PAMMELA can infer new rules based on the knowledge gathered from the existing rules. Experimental results show that our proposed approach provides a reasonably good performance in terms of the various machine learning evaluation metrics as well as execution time.

show abstract

“…Recent research efforts have been focused on exploring Artificial Intelligence (AI) and Machine Learning (ML) based approaches for developing and managing ABAC authorization systems, ranging from mining ABAC policies from access logs [15,19,21] to extracting such policies using deep learning (DL) algorithms [28] and employing natural language processing (NLP) tools for automating policy development and enforcement [2]. While supervised learning algorithms seem to be an option for inferring ABAC policies from access logs, they suffer from several limitations.…”

Section: Introductionmentioning

confidence: 99%

Adaptive ABAC Policy Learning: A Reinforcement Learning Approach

Karimi¹,

Abdelhakim²,

Joshi³

2021

Preprint

View full text Add to dashboard Cite

With rapid advances in computing systems, there is an increasing demand for more effective and efficient access control (AC) approaches. Recently, Attribute Based Access Control (ABAC) approaches have been shown to be promising in fulfilling the AC needs of such emerging complex computing environments. An ABAC model grants access to a requester based on attributes of entities in a system and an authorization policy; however, its generality and flexibility come with a higher cost. Further, increasing complexities of organizational systems and the need for federated accesses to their resources make the task of AC enforcement and management much more challenging. In this paper, we propose an adaptive ABAC policy learning approach to automate the authorization management task. We model ABAC policy learning as a reinforcement learning problem. In particular, we propose a contextual bandit system, in which an authorization engine adapts an ABAC model through a feedback control loop; it relies on interacting with users/administrators of the system to receive their feedback that assists the model in making authorization decisions. We propose four methods for initializing the learning model and a planning approach based on attribute value hierarchy to accelerate the learning process. We focus on developing an adaptive ABAC policy learning model for a home IoT environment as a running example. We evaluate our proposed approach over real and synthetic data. We consider both complete and sparse datasets in our evaluations. Our experimental results show that the proposed approach achieves performance that is comparable to ones based on supervised learning in many scenarios and even outperforms them in several situations.

show abstract

Towards an Automated Extraction of ABAC Constraints from Natural Language Policies

Cited by 11 publications

References 21 publications

The Effect of Text Ambiguity on creating Policy Knowledge Graphs

The Effect of Text Ambiguity on creating Policy Knowledge Graphs

PAMMELA: Policy Administration Methodology using Machine Learning

Adaptive ABAC Policy Learning: A Reinforcement Learning Approach

Contact Info

Product

Resources

About