A Decision Tree Learning Approach for Mining Relationship-Based Access Control Policies

被引:11
|
作者
Bui, Thang [1 ]
Stoller, Scott D. [1 ]
机构
[1] SUNY Stony Brook, Stony Brook, NY 11794 USA
来源
SACMAT'20: PROCEEDINGS OF THE 25TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES | 2020年
关键词
security policy mining; attribute-based access control; relationship-based access control; decision trees;
D O I
10.1145/3381991.3395619
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Relationship-based access control (ReBAC) provides a high level of expressiveness and flexibility that promotes security and information sharing, by allowing policies to be expressed in terms of chains of relationships between entities. ReBAC policy mining algorithms have the potential to significantly reduce the cost of migration from legacy access control systems to ReBAC, by partially automating the development of a ReBAC policy. This paper presents new algorithms, called DTRM (Decision Tree ReBAC Miner) and DTRM-, based on decision trees, for mining ReBAC policies from access control lists (ACLs) and information about entities. Compared to state-of-the-art ReBAC mining algorithms, our algorithms are significantly faster, achieve comparable policy quality, and can mine policies in a richer language.
引用
收藏
页码:167 / 178
页数:12
相关论文
共 50 条
  • [31] Multidimensional Feature Selection and Interaction Mining with Decision Tree Based Ensemble Methods
    Krol, Lukasz
    Polanska, Joanna
    11TH INTERNATIONAL CONFERENCE ON PRACTICAL APPLICATIONS OF COMPUTATIONAL BIOLOGY & BIOINFORMATICS, 2017, 616 : 118 - 125
  • [32] On the Feasibility of Attribute-Based Access Control Policy Mining
    Chakraborty, Shuvra
    Sandhu, Ravi
    Krishnan, Ram
    2019 IEEE 20TH INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION FOR DATA SCIENCE (IRI 2019), 2019, : 245 - 252
  • [33] Integrating association rule mining and decision tree learning for network intrusion detection: A preliminary investigation
    Hossain, M
    6TH WORLD MULTICONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL XI, PROCEEDINGS: COMPUTER SCIENCE II, 2002, : 65 - 70
  • [34] Abductive Analysis of Administrative Policies in Rule-Based Access Control
    Gupta, Puneet
    Stoller, Scott D.
    Xu, Zhongyuan
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2014, 11 (05) : 412 - 424
  • [35] Decision Fault Tree Learning and Differential Lyapunov Optimal Control for Path Tracking
    Bose, S. Subash Chandra
    Alfurhood, Badria Sulaiman
    Gururaj, H. L.
    Flammini, Francesco
    Natarajan, Rajesh
    Jaya, Sheela Shankarappa
    ENTROPY, 2023, 25 (03)
  • [36] Specification and Analysis of Attribute-Based Access Control Policies: An Overview
    Xu, Dianxiang
    Zhang, Yunpeng
    2014 IEEE EIGHTH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY - COMPANION (SERE-C 2014), 2014, : 41 - 49
  • [37] An information entropy based splitting criterion better for the Data Mining Decision Tree algorithms
    Badulescu, Laviniu Aurelian
    2018 22ND INTERNATIONAL CONFERENCE ON SYSTEM THEORY, CONTROL AND COMPUTING (ICSTCC), 2018, : 535 - 540
  • [38] DECISION TREE-BASED CLASSIFICATION APPROACH TO DISCOVER FACTORS AFFECTING VITAMIN D LEVEL WITH MACHINE LEARNING
    Unal, Ceyda
    Cilgin, Cihan
    Albas, Suleyman
    Koc, Esra Meltem
    JOURNAL OF BASIC AND CLINICAL HEALTH SCIENCES, 2024, 8 (02): : 336 - 348
  • [39] Deep learning based decision tree ensembles for incomplete medical datasets
    Chiu, Chien-Hung
    Ke, Shih-Wen
    Tsai, Chih-Fong
    Lin, Wei-Chao
    Huang, Min-Wei
    Ko, Yi-Hsiu
    TECHNOLOGY AND HEALTH CARE, 2024, 32 (01) : 75 - 87
  • [40] SIM-PDT: A similarity based possibilistic decision tree approach
    Jenhani, Ilyes
    Ben Amor, Nahla
    Benferhat, Salem
    Elouedi, Zied
    FOUNDATIONS OF INFORMATION AND KNOWLEDGE SYSTEMS, PROCEEDINGS, 2008, 4932 : 348 - 364
12345