Learning Attribute-Based and Relationship-Based Access Control Policies with Unknown Values

Bui, Thang; Stoller, Scott D.

doi:10.1007/978-3-030-65610-2_2

Cited by 11 publications

(12 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Deep learning was used to identify relevant attributes [1] to mine ABAC policies from natural language. Other methods including classification trees [13], deep recurrent neural network (RNN) [53], K-Nearest Neighbor (KNN) [20], Decision Tree [8,9,71] and Restricted Boltzmann Machine (RBM) model [50] have also been used to mine ABAC policy. The first unsupervised learning-based ABAC mining method used k-modes clustering to mine rules from historical operation data [40].…”

Section: Related Workmentioning

confidence: 99%

Toward Deep Learning Based Access Control

Nobi,

Krishnan,

Huang

et al. 2022

Preprint

View full text Add to dashboard Cite

A common trait of current access control approaches is the challenging need to engineer abstract and intuitive access control models. This entails designing access control information in the form of roles (RBAC), attributes (ABAC), or relationships (ReBAC) as the case may be, and subsequently, designing access control rules. This framework has its benefits but has significant limitations in the context of modern systems that are dynamic, complex, and large-scale, due to which it is difficult to maintain an accurate access control state in the system for a human administrator. This paper proposes Deep Learning Based Access Control (DLBAC) by leveraging significant advances in deep learning technology as a potential solution to this problem. We envision that DLBAC could complement and, in the long-term, has the potential to even replace, classical access control models with a neural network that reduces the burden of access control model engineering and updates. Without loss of generality, we conduct a thorough investigation of a candidate DLBAC model, called DLBAC α , using both real-world and synthetic datasets. We demonstrate the feasibility of the proposed approach by addressing issues related to accuracy, generalization, and explainability. We also discuss challenges and future research directions. CCS CONCEPTS• Security and privacy → Access control; • Computing methodologies → Machine learning.

show abstract

Section: Related Workmentioning

confidence: 99%

Toward Deep Learning Based Access Control

Nobi,

Krishnan,

Huang

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Neste trabalho, vamos comparar o método proposto (A.Dec+Gen) com uma abordagem que utiliza árvore de decisão tradicional (A.Dec), similar ao trabalho [Bui and Stoller 2020], porém aplicada para o ABAC. Os experimentos realizados para avaliar o desempenho de ambos métodos foram realizados através de simulações computacionais.…”

Section: Experimentosunclassified

“…Em outros métodos, minera-se ACPs somente quando o registro possui uma grande quantidade de situações de acesso, pois, caso con-trário, o método apresentará ACPs regras muito específicas e incapazes de generalizar situações [Xu and Stoller 2014]. Por fim, em outro extremo, há técnicas excessivamente permissivas, o que pode gerar permissões de acessos errôneos e sem qualquer evidência no registro que coloca em risco a segurança do sistema [Bui and Stoller 2020].…”

Section: Introductionunclassified

Um Método para Extração e Refinamento de Políticas de Acesso baseado em Árvore de Decisão e Algoritmo Genético

Cremonezi¹,

Vieira²,

Nacif³

et al. 2021

Anais Do XXXIX Simpósio Brasileiro De Redes De Computadores E Sistemas Distribuídos (SBRC 2021)

View full text Add to dashboard Cite

O controle de acesso baseado em atributos (ABAC) está cada vez mais popular. No entanto, sua adoção possui uma série de desaﬁos a serem enfrentados. Dentre eles, a deﬁnição e manutenção das políticas de acesso se mostra como um dos maiores desaﬁos, pois essas são tarefas complexas. Este artigo propõe um método de mineração de políticas que utiliza registros de acesso para simpliﬁcar o processo de criação e manutenção de políticas de acesso no ABAC. A proposta utiliza um algoritmo de aprendizado de máquina supervisionado para gerar uma árvore de decisão, que será utilizada para identiﬁcar padrões presentes no registro e gerar uma política de acesso. Esse trabalho também apresenta um método de reﬁnamento das políticas através de um algoritmo genético que insere distorções controladas na política para melhorar os resultados da política. A avaliação foi realizada com dados sintéticos e reais. Os resultados mostram que o método proposto é capaz de gerar políticas corretas, com uma acurácia 10% superior em relação ao estado da arte. Os autores agradecem o apoio da UFPR e auxílio ﬁnanceiro do CNPq e da CAPES, processo número 426701/2018-6, 313844/2020-8 e 432204/2018-0.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Although the policy specification language in this paper is very different from [2,9], these two works are relevant related work. In [2], an approach to mine ABAC and ReBAC policies has been proposed where access control lists and incomplete information about entities are given. A few significant points about [2] are i) the proposed algorithm prefers the context of ReBAC mining because ReBAC is more general than ABAC, ii) entity ids are allowed to be used (which makes the generated policy less general), and iii) there is a policy quality metric available.…”

Section: Related Workmentioning

confidence: 99%

On Feasibility of Attribute-Aware Relationship-Based Access Control Policy Mining

Chakraborty¹,

Sandhu²

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This paper studies whether exact conversion to an AReBAC (Attribute-aware Relationship-Based Access Control) system is possible from an Enumerated Authorization System (EAS), given supporting attribute and relationship data. The Attribute-aware ReBAC Ruleset Existence Problem (ARREP) is defined formally and solved algorithmically, along with complexity analysis. Approaches to resolve infeasibility using exact solutions are discussed.

show abstract

Learning Attribute-Based and Relationship-Based Access Control Policies with Unknown Values

Cited by 11 publications

References 16 publications

Toward Deep Learning Based Access Control

Toward Deep Learning Based Access Control

Um Método para Extração e Refinamento de Políticas de Acesso baseado em Árvore de Decisão e Algoritmo Genético

On Feasibility of Attribute-Aware Relationship-Based Access Control Policy Mining

Contact Info

Product

Resources

About