Abstract
In Attribute-Based Access Control (ABAC), access to resources is given based on the attributes of subjects, objects, and environment. There is an imminent need for the development of efficient algorithms that enable migration to ABAC. However, existing policy mining approaches do not consider possible adaptation to the policy of a similar organization. In this article, we address the problem of automatically determining an optimal assignment of attribute values to subjects for enabling the desired accesses to be granted while minimizing the number of ABAC rules used by each subject or other appropriate metrics. We show the problem to be NP-Complete and propose a heuristic solution.
- E. Bertino, B. Catania, M. L. Damiani, and P. Perlasca. 2005. GEO-RBAC: A spatially aware RBAC. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT’05). 29--37. Google Scholar
Digital Library
- A. Colantonio, R. D. Pietro, and N. V. Verde. 2012. A business-driven decomposition methodology for role mining. Comput. Sec. 31, 7 (2012), 844--855. Google Scholar
Digital Library
- S. Das, S. Sural, J. Vaidya, and V. Atluri. 2017. Policy adaptation in attribute-based access control for inter-organizational collaboration. In Proceedings of the International Conference on Collaboration and Internet Computing. 136--145.Google Scholar
- Andrew Gainer Dewar and Paola Vera Licona. 2016. The minimal hitting set generation problem: Algorithms and Computation. In SIAM J. Discrete Mathematics 31, 1 (2016), 63--100.Google Scholar
Cross Ref
- M. Gautam, S. Jha, S. Sural, J. Vaidya, and V. Atluri. 2017. Poster: Constrained policy mining in attribute based access control. In Proceedings of the ACM Symposium on Access Control Models and Technologies. 121--123. Google Scholar
Digital Library
- V. C. Hu, D. Ferraiolo, D. R. Kuhn, A. Schnitzer, K. Sandlin, R. Miller, and K. Scarfone. 2014. Guide to Attribute-Based Access Control (ABAC) Definition and Considerations. Technical Report. NIST Special Publication 800-162.Google Scholar
- Y. T. Lim. 2010. Evolving Security Policies. Ph.D. Dissertation, University of York, UK.Google Scholar
- W. L. Ruzzo, M. A. Harrison, and J. D. Ullman. 1976. Protection in operating systems. In Commun. ACM 19, 8 (1976), 461--471. Google Scholar
Digital Library
- B. Mitra, S. Sural, J. Vaidya, and V. Atluri. 2017. Migrating from RBAC to temporal RBAC. IET Inform. Sec. 11 (2017), 294--300.Google Scholar
Digital Library
- Ian Molloy, Hong Chen, Tiancheng Li, Qihua Wang, Ninghui Li, Elisa Bertino, Seraphin Calo, and Jorge Lobo. 2008. Mining roles with semantic meanings. In Proceedings of the Symposium on Access Control Models and Technologies (SACMAT’10). 21--30. Google Scholar
Digital Library
- I. Molloy, H. Chen, T. Li, Q. Wang, N. Li, E. Bertino, S. Calo, and J. Lobo. 2010. Mining roles with multiple objectives. ACM Trans. Inform. Syst. Sec. 13, 4 (2010), 36:1--36:35. Google Scholar
Digital Library
- I. Ray and M. Toahchoodee. 2007. A spatio-temporal role-based access control model. In Proceedings of the 21st IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec’07). 211--226. Google Scholar
Digital Library
- R. S. Sandhu. 1993. Lattice-based access control models. In Computer 26, 11 (1996), 9--19. Google Scholar
Digital Library
- R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. 1996. Role-based access control models. IEEE Comput. 29, 2 (1996), 38--47. Google Scholar
Digital Library
- Ravi S. Sandhu and Pierangela Samarati. 1994. Access control: Principle and practice. In IEEE Commun. Mag. 32, 9 (1994), 40--48. Google Scholar
Digital Library
- D. Servos and S. L. Osborn. 2017. Current research and open problems in attribute-based access control. In ACM Computing Surveys 49, 4 (2017), 65:1--65:45. Google Scholar
Digital Library
- T. Talukdar, G. Batra, J. Vaidya, V. Atluri, and S. Sural. 2017. Efficient bottom-up mining of attribute based access control policies. In Proceedings of the International Conference on Collaboration and Internet Computing. 339--348.Google Scholar
- Jaideep Vaidya, Vijayalakshmi Atluri, Qi Guo, and Nabil Adam. 2008. Migrating to optimal RBAC with minimal perturbation. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT’08). 11--20. Google Scholar
Digital Library
- J. Vaidya, B. Shafiq, V. Atluri, and D. Lorenzi. 2015. A framework for policy similarity evaluation and migration based on change detection. In Proceedings of the International Conference on Network and System Security. 191--205.Google Scholar
- Z. Xu and S. D. Stoller. 2015. Mining attribute-based access control policies. In IEEE Transactions on Dependable and Secure Computing (TDSC). 533--545. Google Scholar
Digital Library
Index Terms
Policy Adaptation in Hierarchical Attribute-based Access Control Systems
Recommendations
Mining Positive and Negative Attribute-Based Access Control Policy Rules
SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and TechnologiesMining access control policies can reduce the burden of adopting more modern access control models by automating the process of generating policies based on existing authorization information in a system. Previous work in this area has focused on mining ...
Towards Policy Engineering for Attribute-Based Access Control
INTRUST 2013: Proceedings of the 5th International Conference on Trusted Systems - Volume 8292Attribute-based Access Control (ABAC) was recently proposed as a general model which is able to capture the main existing access control models. This paper discusses the problems of configuring ABAC and engineering access policies. We question how to ...
Policy Analysis for Administrative Role Based Access Control without Separate Administration
DBSec 2013: Proceedings of the 27th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXVII - Volume 7964Access control is widely used in large systems for restricting resource access to authorized users. In particular, role based access control RBAC is a generalized approach to access control and is well recognized for its many advantages in managing ...






Comments