A Decision Tree Learning Approach for Mining Relationship-Based Access Control Policies

被引:11
|
作者
Bui, Thang [1 ]
Stoller, Scott D. [1 ]
机构
[1] SUNY Stony Brook, Stony Brook, NY 11794 USA
来源
SACMAT'20: PROCEEDINGS OF THE 25TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES | 2020年
关键词
security policy mining; attribute-based access control; relationship-based access control; decision trees;
D O I
10.1145/3381991.3395619
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Relationship-based access control (ReBAC) provides a high level of expressiveness and flexibility that promotes security and information sharing, by allowing policies to be expressed in terms of chains of relationships between entities. ReBAC policy mining algorithms have the potential to significantly reduce the cost of migration from legacy access control systems to ReBAC, by partially automating the development of a ReBAC policy. This paper presents new algorithms, called DTRM (Decision Tree ReBAC Miner) and DTRM-, based on decision trees, for mining ReBAC policies from access control lists (ACLs) and information about entities. Compared to state-of-the-art ReBAC mining algorithms, our algorithms are significantly faster, achieve comparable policy quality, and can mine policies in a richer language.
引用
收藏
页码:167 / 178
页数:12
相关论文
共 50 条
  • [1] Greedy and evolutionary algorithms for mining relationship-based access control policies
    Bui, Thang
    Stoller, Scott D.
    Li, Jiajie
    COMPUTERS & SECURITY, 2019, 80 : 317 - 333
  • [2] Active Learning of Relationship-Based Access Control Policies
    Iyer, Padmavathi
    Masoumzadeh, Amirreza
    SACMAT'20: PROCEEDINGS OF THE 25TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2020, : 155 - 166
  • [3] Generalized Mining of Relationship-Based Access Control Policies in Evolving Systems
    Iyer, Padmavathi
    Masoumzadeh, Amirreza
    PROCEEDINGS OF THE 24TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES (SACMAT '19), 2019, : 135 - 140
  • [4] Efficient and Extensible Policy Mining for Relationship-Based Access Control
    Bui, Thang
    Stoller, Scott D.
    Le, Hieu
    PROCEEDINGS OF THE 24TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES (SACMAT '19), 2019, : 161 - 172
  • [5] Security Analysis of Relationship-Based Access Control Policies
    Masoumzadeh, Amirreza
    PROCEEDINGS OF THE EIGHTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY'18), 2018, : 186 - 195
  • [6] Learning Relationship-Based Access Control Policies from Black-Box Systems
    Iyer, Padmavathi
    Masoumzadeh, Amirreza
    ACM TRANSACTIONS ON PRIVACY AND SECURITY, 2022, 25 (03)
  • [7] A Datalog Framework for Modeling Relationship-based Access Control Policies
    Pasarella, Edelmira
    Lobo, Jorge
    PROCEEDINGS OF THE 22ND ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES (SACMAT'17), 2017, : 91 - 102
  • [8] Effective Evaluation of Relationship-Based Access Control Policy Mining
    Iyer, Padmavathi
    Masoumzadeh, Amirreza
    PROCEEDINGS OF THE 27TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, SACMAT 2022, 2022, : 127 - 138
  • [9] On Feasibility of Attribute-Aware Relationship-Based Access Control Policy Mining
    Chakraborty, Shuvra
    Sandhu, Ravi
    DATA AND APPLICATIONS SECURITY AND PRIVACY XXXV, 2021, 12840 : 393 - 405
  • [10] Poster: A Flexible Relationship-Based Access Control Policy Generator
    Clark, Stanley
    Yakovets, Nikolay
    Fletcher, George H. L.
    Zannone, Nicola
    PROCEEDINGS OF THE 27TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, SACMAT 2022, 2022, : 263 - 265
12345