Towards an Automatic Top-down Role Engineering Approach Using Natural Language Processing Techniques

Narouei, Masoud; Takabi, Hassan

doi:10.1145/2752952.2752958

Cited by 21 publications

(14 citation statements)

References 4 publications

(8 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1. Several studies have researched challenges and opportunities faced by natural language processing (NLP) applications in the automation of the second phase of the cycle, named "gather authorization requirements" (Xiao et al 2012;Slankas and Williams 2013;Slankas et al 2014;Narouei and Takabi 2015a). Our work complements these prior efforts to aid security architects in the process of deriving required attributes from natural language authorization requirements, which is the third phase of the lifecycle.…”

Section: Abac Policy Authoringmentioning

confidence: 98%

“…This boost of recall, however, comes at the cost of precision. While we are aware that the lack of benchmark dataset makes the comparison task non-trivial, the reported results suggest that a combination of policy extraction approaches by Slankas et al (2014) and Narouei and Takabi (2015a) can potentially balance both precision and recall values. Further, Narouei et al (2018) investigated the idea of improving SRL performance using domain adaptation techniques.…”

Section: Natural Language and Access Control Policymentioning

confidence: 99%

“…The necessity to automate this manual process has motivated several studies in developing automated tools to derive elements of access control rules directly from natural language policies (Xiao et al 2012;Slankas and Williams 2013;Slankas et al 2014;Narouei and Takabi 2015a). Prior research efforts have mostly been restricted to two areas: (1) automatic identification of the access control policy sentences from natural language artifacts, and (2) automatic extraction of the subject, object and action triples from these sentences.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Automated extraction of attributes from natural language attribute-based access control (ABAC) Policies

2019

Self Cite

View full text Add to dashboard Cite

The National Institute of Standards and Technology (NIST) has identified natural language policies as the preferred expression of policy and implicitly called for an automated translation of ABAC natural language access control policy (NLACP) to a machine-readable form. To study the automation process, we consider the hierarchical ABAC model as our reference model since it better reflects the requirements of real-world organizations. Therefore, this paper focuses on the questions of: how can we automatically infer the hierarchical structure of an ABAC model given NLACPs; and, how can we extract and define the set of authorization attributes based on the resulting structure. To address these questions, we propose an approach built upon recent advancements in natural language processing and machine learning techniques. For such a solution, the lack of appropriate data often poses a bottleneck. Therefore, we decouple the primary contributions of this work into: (1) developing a practical framework to extract authorization attributes of hierarchical ABAC system from natural language artifacts, and (2) generating a set of realistic synthetic natural language access control policies (NLACPs) to evaluate the proposed framework. Our experimental results are promising as we achieved -in average -an F1-score of 0.96 when extracting attributes values of subjects, and 0.91 when extracting the values of objects' attributes from natural language access control policies.

show abstract

Section: Abac Policy Authoringmentioning

confidence: 98%

Section: Natural Language and Access Control Policymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Automated extraction of attributes from natural language attribute-based access control (ABAC) Policies

2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…The algorithm described the relationship among roles by attribute information. Narouei et al [32] proposed a novel top-down role engineering approach that used natural language processing techniques to extract roles from documents. Kumar et al [33] proposed a constrained role mining scheme (CRM).…”

Section: Related Workmentioning

confidence: 99%

Access Control Role Evolution Mechanism for Open Computing Environment

Liu

Wang

2020

Electronics

View full text Add to dashboard Cite

Data resources in open computing environments (including big data, internet of things and cloud computing) are characterized by large scale, wide source, and strong dynamics. Therefore, the user-permission relationship of open computing environments has a huge scale and will be dynamically adjusted over time, which enables effective permission management in the role based access control (RBAC) model to become a challenging problem. In this paper, we design an evolution mechanism of access control roles for open computing environments. The mechanism utilizes the existing user-permission relationship in the current system to mine the access control role and generate the user-role and role-permission relationship. When the user-permission relationship changes, the roles are constantly tuned and evolved to provide role support for access control of open computing environments. We propose a novel genetic-based role evolution algorithm that can effectively mine and optimize roles while preserving the core permissions of the system. In addition, a role relationship aggregation algorithm is proposed to realize the clustering of roles, which provides a supplementary reference for the security administrator to give the role real semantic information. Experimental evaluations in real-world data sets show that the proposed mechanism is effective and reliable.

show abstract

“…In our previous work, we proposed semantic role labeling (SRL) to automatically extract ACP elements from unrestricted natural language documents, define roles, and build an RBAC model [20]. We did not attempt to identify ACP sentences, but instead used the already extracted sentences by [25] and left implementing the ACP sentence identification step for future work.…”

Section: Related Workmentioning

confidence: 99%

Identification of Access Control Policy Sentences from Natural Language Policy Documents

Narouei

Khanpour

Takabi

2017

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Towards an Automatic Top-down Role Engineering Approach Using Natural Language Processing Techniques

Cited by 21 publications

References 4 publications

Automated extraction of attributes from natural language attribute-based access control (ABAC) Policies

Automated extraction of attributes from natural language attribute-based access control (ABAC) Policies

Access Control Role Evolution Mechanism for Open Computing Environment

Identification of Access Control Policy Sentences from Natural Language Policy Documents

Contact Info

Product

Resources

About