Policy Engineering in RBAC and ABAC

Das, Saptarshi; Mitra, Barsha; Atluri, Vijayalakshmi; Vaidya, Jaideep; Sural, Shamik

doi:10.1007/978-3-030-04834-1_2

Cited by 25 publications

(12 citation statements)

References 80 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the access control currently adopted by the traditional big data platform, such as Hadoop [1][2][3], is based on the static policy specified by the user/user group, and cannot be authorized in groups according to multiple attribute tags of users, let alone the dynamic change of permissions according to the changes of users' attributes, which makes it only suitable for the rights management of a small number of users. The data under the environment of big data is large and dynamic, so the access control list is large and difficult to maintain, the phenomenon of over-authorization and under-authorization is more and more serious, and rights management is complex and difficult [4].…”

Section: Introductionmentioning

confidence: 99%

Research on ABAC Access Control Based on Big Data Platform

Yang¹,

Jin²,

Zeng³

2021

Journal of Cyber Security

View full text Add to dashboard Cite

In the environment of big data, the traditional access control lacks effective and flexible access mechanism. Based on attribute access control, this paper proposes a HBMC-ABAC big data access control framework. It solves the problems of difficult authority change, complex management, over-authorization and lack of authorization in big data environment. At the same time, binary mapping codes are proposed to solve the problem of low efficiency of policy retrieval in traditional ABAC. Through experimental analysis, the results show that our proposed HBMC-ABAC model can meet the current large and complex environment of big data.

show abstract

Section: Introductionmentioning

confidence: 99%

Research on ABAC Access Control Based on Big Data Platform

Yang¹,

Jin²,

Zeng³

2021

Journal of Cyber Security

View full text Add to dashboard Cite

show abstract

“…policy learning) algorithms have the potential to greatly reduce this cost, by automatically producing a draft high-level policy from existing lower-level data, such as access control lists or access logs. There is a substantial amount of research on role mining [21,10] and a small but growing literature on ABAC policy mining [25,24,20,22,10,9,14,17,8,19], and ReBAC policy mining [4,5,6,3,15,2,16].…”

Section: Introductionmentioning

confidence: 99%

Learning Attribute-Based and Relationship-Based Access Control Policies with Unknown Values

Bui¹,

Stoller²

2020

Preprint

View full text Add to dashboard Cite

Attribute-Based Access Control (ABAC) and Relationship-based access control (ReBAC) provide a high level of expressiveness and flexibility that promote security and information sharing, by allowing policies to be expressed in terms of attributes of and chains of relationships between entities. Algorithms for learning ABAC and ReBAC policies from legacy access control information have the potential to significantly reduce the cost of migration to ABAC or ReBAC. This paper presents the first algorithms for mining ABAC and ReBAC policies from access control lists (ACLs) and incomplete information about entities, where the values of some attributes of some entities are unknown. We show that the core of this problem can be viewed as learning a concise three-valued logic formula from a set of labeled feature vectors containing unknowns, and we give the first algorithm (to the best of our knowledge) for that problem.

show abstract

Section: Introductionmentioning

confidence: 99%

“…Policy mining algorithms promise to drastically reduce this cost, by automatically produce a "first draft" of a high-level policy from existing lower-level data. There is a substantial amount of research on role mining, surveyed in [8,17], and a small but growing literature on ABAC policy mining [7,14,16,18,22,23], surveyed in [8]. Bui et al proposed a problem of ReBAC policy mining [4,6]: given information about subjects, resources, and other objects, and the set of currently granted permissions, find a ReBAC policy that grants the same permissions using high-level rules.…”

Section: Introductionmentioning

confidence: 99%

Efficient and Extensible Policy Mining for Relationship-Based Access Control

Bui

Stoller

2019

Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

Relationship-based access control (ReBAC) is a flexible and expressive framework that allows policies to be expressed in terms of chains of relationship between entities as well as attributes of entities. ReBAC policy mining algorithms have a potential to significantly reduce the cost of migration from legacy access control systems to ReBAC, by partially automating the development of a ReBAC policy. Existing ReBAC policy mining algorithms support a policy language with a limited set of operators; this limits their applicability.This paper presents a ReBAC policy mining algorithm designed to be both (1) easily extensible (to support additional policy language features) and (2) scalable. The algorithm is based on Bui et al.'s evolutionary algorithm for ReBAC policy mining algorithm. First, we simplify their algorithm, in order to make it easier to extend and provide a methodology that extends it to handle new policy language features. However, extending the policy language increases the search space of candidate policies explored by the evolutionary algorithm, thus causes longer running time and/or worse results. To address the problem, we enhance the algorithm with a feature selection phase. The enhancement utilizes a neural network to identify useful features. We use the result of feature selection to reduce the evolutionary algorithm's search space. The new algorithm is easy to extend and, as shown by our experiments, is more efficient and produces better policies. KEYWORDS security policy mining; attribute-based access control; relationshipbased access control; feature selection ACM Reference Format:

show abstract

Policy Engineering in RBAC and ABAC

Cited by 25 publications

References 80 publications

Research on ABAC Access Control Based on Big Data Platform

Research on ABAC Access Control Based on Big Data Platform

Learning Attribute-Based and Relationship-Based Access Control Policies with Unknown Values

Efficient and Extensible Policy Mining for Relationship-Based Access Control

Contact Info

Product

Resources

About