Evolutionary Inference of Attribute-Based Access Control Policies

被引:38
作者
Medvet, Eric [1 ]
Bartoli, Alberto [1 ]
Carminati, Barbara [2 ]
Ferrari, Elena [2 ]
机构
[1] Univ Trieste, Dipartimento Ingn & Architettura, Trieste, Italy
[2] Univ Insubria, Dipartimento Sci Teor & Applicate, Como, Italy
来源
EVOLUTIONARY MULTI-CRITERION OPTIMIZATION, PT I | 2015年 / 9018卷
关键词
D O I
10.1007/978-3-319-15934-8_24
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
The interest in attribute-based access control policies is increasingly growing due to their ability to accommodate the complex security requirements of modern computer systems. With this novel paradigm, access control policies consist of attribute expressions which implicitly describe the properties of subjects and protection objects and which must be satisfied for a request to be allowed. Since specifying a policy in this framework may be very complex, approaches for policy mining, i.e., for inferring a specification automatically from examples in the form of logs of authorized and denied requests, have been recently proposed. In this work, we propose a multi-objective evolutionary approach for solving the policy mining task. We designed and implemented a problem representation suitable for evolutionary computation, along with several search-optimizing features which have proven to be highly useful in this context: a strategy for learning a policy by learning single rules, each one focused on a subset of requests; a custom initialization of the population; a scheme for diversity promotion and for early termination. We show that our approach deals successfully with case studies of realistic complexity.
引用
收藏
页码:351 / 365
页数:15
相关论文
共 17 条
[1]  
[Anonymous], 2004, Proceedings of the 2004 ACM Symposium on Applied Computing, SAC'04
[2]  
[Anonymous], 2013, J WIRELESS COMMUNICA
[3]  
[Anonymous], 2014, NIST SPECIAL PUBLICA
[4]  
Bartoli A, 2014, LECT NOTES COMPUT SC, V8672, P394
[5]  
Bleuler S, 2001, IEEE C EVOL COMPUTAT, P536, DOI 10.1109/CEC.2001.934438
[6]  
Brucker AD, 2009, SACMAT'09: PROCEEDINGS OF THE 14TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, P197, DOI 10.1145/1542207.1542239
[7]   A System for Timely and Controlled Information Sharing in Emergency Situations [J].
Carminati, Barbara ;
Ferrari, Elena ;
Guglielmi, Michele .
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2013, 10 (03) :129-142
[8]  
Ferrari E., 2010, SYNTHESIS LECT DATA
[9]   Separate-and-conquer rule learning [J].
Fürnkranz, J .
ARTIFICIAL INTELLIGENCE REVIEW, 1999, 13 (01) :3-54
[10]  
Gal-Oz Nurit, 2011, Trust, Privacy and Security in Digital Business. Proceedings 8th International Conference (TrustBus 2011), P125, DOI 10.1007/978-3-642-22890-2_11