2018
DOI: 10.1109/locs.2018.2889980
|View full text |Cite
|
Sign up to set email alerts
|

HyPE: A Hybrid Approach toward Policy Engineering in Attribute-Based Access Control

Abstract: Successful deployment of attribute-based access control requires the process of policy engineering which involves constructing a set of appropriate rules, known as a policy. Policy engineering is performed either by a top-down approach that may ignore some of the existing accesses in the organization or a bottom-up approach that may form rules which are not relevant to the organizational processes. In this work, we propose a hybrid approach toward policy engineering that addresses the limitations of the top-do… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

0
3
0

Year Published

2019
2019
2023
2023

Publication Types

Select...
3
3
1

Relationship

2
5

Authors

Journals

citations
Cited by 9 publications
(3 citation statements)
references
References 17 publications
0
3
0
Order By: Relevance
“…We argue that recommendation-based ACP optimization constitutes a hybrid model of fully-automated and manual optimization. In the closely related domains of RBAC and ABAC policy modelling, which face the closely related challenge to automate the creation of semantically meaningful ACPs with high quality, hybrid approaches have also been proposed and gained broad acceptance (Fuchs and Pernul, 2008;Das et al, 2018).…”
Section: Recommendation-based Optimizationmentioning
confidence: 99%
“…We argue that recommendation-based ACP optimization constitutes a hybrid model of fully-automated and manual optimization. In the closely related domains of RBAC and ABAC policy modelling, which face the closely related challenge to automate the creation of semantically meaningful ACPs with high quality, hybrid approaches have also been proposed and gained broad acceptance (Fuchs and Pernul, 2008;Das et al, 2018).…”
Section: Recommendation-based Optimizationmentioning
confidence: 99%
“…In the context of deployment of ABAC in organizations, there is some existing work on standardization [12], policy engineering [18] [10] [23] [9], etc. Moreover, procedures have been developed for enabling organizations to migrate to ABAC from other access control models [14].…”
Section: Related Workmentioning
confidence: 99%
“…In the current literature, the policy mining problem has been formulated as a minimization problem. Combining top-down and bottom-up approaches gives hybrid policy engineering [7].…”
Section: Introductionmentioning
confidence: 99%