skip to main content
research-article
Public Access

Policy Adaptation in Hierarchical Attribute-based Access Control Systems

Published:17 August 2019Publication History
Skip Abstract Section

Abstract

In Attribute-Based Access Control (ABAC), access to resources is given based on the attributes of subjects, objects, and environment. There is an imminent need for the development of efficient algorithms that enable migration to ABAC. However, existing policy mining approaches do not consider possible adaptation to the policy of a similar organization. In this article, we address the problem of automatically determining an optimal assignment of attribute values to subjects for enabling the desired accesses to be granted while minimizing the number of ABAC rules used by each subject or other appropriate metrics. We show the problem to be NP-Complete and propose a heuristic solution.

References

  1. E. Bertino, B. Catania, M. L. Damiani, and P. Perlasca. 2005. GEO-RBAC: A spatially aware RBAC. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT’05). 29--37. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. A. Colantonio, R. D. Pietro, and N. V. Verde. 2012. A business-driven decomposition methodology for role mining. Comput. Sec. 31, 7 (2012), 844--855. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. S. Das, S. Sural, J. Vaidya, and V. Atluri. 2017. Policy adaptation in attribute-based access control for inter-organizational collaboration. In Proceedings of the International Conference on Collaboration and Internet Computing. 136--145.Google ScholarGoogle Scholar
  4. Andrew Gainer Dewar and Paola Vera Licona. 2016. The minimal hitting set generation problem: Algorithms and Computation. In SIAM J. Discrete Mathematics 31, 1 (2016), 63--100.Google ScholarGoogle ScholarCross RefCross Ref
  5. M. Gautam, S. Jha, S. Sural, J. Vaidya, and V. Atluri. 2017. Poster: Constrained policy mining in attribute based access control. In Proceedings of the ACM Symposium on Access Control Models and Technologies. 121--123. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. V. C. Hu, D. Ferraiolo, D. R. Kuhn, A. Schnitzer, K. Sandlin, R. Miller, and K. Scarfone. 2014. Guide to Attribute-Based Access Control (ABAC) Definition and Considerations. Technical Report. NIST Special Publication 800-162.Google ScholarGoogle Scholar
  7. Y. T. Lim. 2010. Evolving Security Policies. Ph.D. Dissertation, University of York, UK.Google ScholarGoogle Scholar
  8. W. L. Ruzzo, M. A. Harrison, and J. D. Ullman. 1976. Protection in operating systems. In Commun. ACM 19, 8 (1976), 461--471. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. B. Mitra, S. Sural, J. Vaidya, and V. Atluri. 2017. Migrating from RBAC to temporal RBAC. IET Inform. Sec. 11 (2017), 294--300.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Ian Molloy, Hong Chen, Tiancheng Li, Qihua Wang, Ninghui Li, Elisa Bertino, Seraphin Calo, and Jorge Lobo. 2008. Mining roles with semantic meanings. In Proceedings of the Symposium on Access Control Models and Technologies (SACMAT’10). 21--30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, and J. Lobo. 2010. Mining roles with multiple objectives. ACM Trans. Inform. Syst. Sec. 13, 4 (2010), 36:1--36:35. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. I. Ray and M. Toahchoodee. 2007. A spatio-temporal role-based access control model. In Proceedings of the 21st IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec’07). 211--226. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. R. S. Sandhu. 1993. Lattice-based access control models. In Computer 26, 11 (1996), 9--19. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. 1996. Role-based access control models. IEEE Comput. 29, 2 (1996), 38--47. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Ravi S. Sandhu and Pierangela Samarati. 1994. Access control: Principle and practice. In IEEE Commun. Mag. 32, 9 (1994), 40--48. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. D. Servos and S. L. Osborn. 2017. Current research and open problems in attribute-based access control. In ACM Computing Surveys 49, 4 (2017), 65:1--65:45. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. T. Talukdar, G. Batra, J. Vaidya, V. Atluri, and S. Sural. 2017. Efficient bottom-up mining of attribute based access control policies. In Proceedings of the International Conference on Collaboration and Internet Computing. 339--348.Google ScholarGoogle Scholar
  18. Jaideep Vaidya, Vijayalakshmi Atluri, Qi Guo, and Nabil Adam. 2008. Migrating to optimal RBAC with minimal perturbation. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT’08). 11--20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. J. Vaidya, B. Shafiq, V. Atluri, and D. Lorenzi. 2015. A framework for policy similarity evaluation and migration based on change detection. In Proceedings of the International Conference on Network and System Security. 191--205.Google ScholarGoogle Scholar
  20. Z. Xu and S. D. Stoller. 2015. Mining attribute-based access control policies. In IEEE Transactions on Dependable and Secure Computing (TDSC). 533--545. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Policy Adaptation in Hierarchical Attribute-based Access Control Systems

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM Transactions on Internet Technology
      ACM Transactions on Internet Technology  Volume 19, Issue 3
      Special Section on Advances in Internet-Based Collaborative Technologies
      August 2019
      289 pages
      ISSN:1533-5399
      EISSN:1557-6051
      DOI:10.1145/3329912
      • Editor:
      • Ling Liu
      Issue’s Table of Contents

      Copyright © 2019 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 17 August 2019
      • Accepted: 1 February 2019
      • Revised: 1 January 2019
      • Received: 1 February 2018
      Published in toit Volume 19, Issue 3

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article
      • Research
      • Refereed

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format .

    View HTML Format
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!