A Decision Tree Learning Approach for Mining Relationship-Based Access Control Policies

被引:11
|
作者
Bui, Thang [1 ]
Stoller, Scott D. [1 ]
机构
[1] SUNY Stony Brook, Stony Brook, NY 11794 USA
来源
SACMAT'20: PROCEEDINGS OF THE 25TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES | 2020年
关键词
security policy mining; attribute-based access control; relationship-based access control; decision trees;
D O I
10.1145/3381991.3395619
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Relationship-based access control (ReBAC) provides a high level of expressiveness and flexibility that promotes security and information sharing, by allowing policies to be expressed in terms of chains of relationships between entities. ReBAC policy mining algorithms have the potential to significantly reduce the cost of migration from legacy access control systems to ReBAC, by partially automating the development of a ReBAC policy. This paper presents new algorithms, called DTRM (Decision Tree ReBAC Miner) and DTRM-, based on decision trees, for mining ReBAC policies from access control lists (ACLs) and information about entities. Compared to state-of-the-art ReBAC mining algorithms, our algorithms are significantly faster, achieve comparable policy quality, and can mine policies in a richer language.
引用
收藏
页码:167 / 178
页数:12
相关论文
共 50 条
  • [41] Interoperability of Relationship- and Role-Based Access Control
    Rizvi, Syed Zain R.
    Fong, Philip W. L.
    CODASPY'16: PROCEEDINGS OF THE SIXTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY, 2016, : 231 - 242
  • [42] Mining Positive and Negative Attribute-Based Access Control Policy Rules
    Iyer, Padmavathi
    Masoumzadeh, Amirreza
    SACMAT'18: PROCEEDINGS OF THE 23RD ACM SYMPOSIUM ON ACCESS CONTROL MODELS & TECHNOLOGIES, 2018, : 161 - 172
  • [43] Fuzzy classification of pre-harvest tomatoes for ripeness estimation - An approach based on automatic rule learning using decision tree
    Goel, Nidhi
    Sehgal, Priti
    APPLIED SOFT COMPUTING, 2015, 36 : 45 - 56
  • [44] Real-time pattern recognition in statistical process control: a hybrid neural network/decision tree-based approach
    Guh, RS
    PROCEEDINGS OF THE INSTITUTION OF MECHANICAL ENGINEERS PART B-JOURNAL OF ENGINEERING MANUFACTURE, 2005, 219 (03) : 283 - 298
  • [45] An ontology-based approach to improve access policy administration of attribute-based access control
    Li J.
    Zhang B.
    International Journal of Information and Computer Security, 2019, 11 (4-5): : 391 - 412
  • [46] Improving Reuse of Attribute-Based Access Control Policies Using Policy Templates
    Decat, Maarten
    Moeys, Jasper
    Lagaisse, Bert
    Joosen, Wouter
    ENGINEERING SECURE SOFTWARE AND SYSTEMS (ESSOS 2015), 2015, 8978 : 196 - 210
  • [47] A Semantic-based Access Control Approach for Systems of Systems
    Sadeghi, Mersedeh
    Sartor, Luca
    Rossi, Matteo
    APPLIED COMPUTING REVIEW, 2021, 21 (04): : 5 - 19
  • [48] Reinforcement Learning Based Decision Tree Induction over Data Streams with Concept Drifts
    Blake, Christopher
    Ntoutsi, Eirini
    2018 9TH IEEE INTERNATIONAL CONFERENCE ON BIG KNOWLEDGE (ICBK), 2018, : 328 - 335
  • [49] A Decision Trees-based knowledge mining approach for controlling a complex production system
    Koulinas, Georgios
    Paraschos, Panagiotis
    Koulouriotis, Dimitrios
    30TH INTERNATIONAL CONFERENCE ON FLEXIBLE AUTOMATION AND INTELLIGENT MANUFACTURING (FAIM2021), 2020, 51 : 1439 - 1445
  • [50] Decision-Tree-Based Approach for Pressure Ulcer Risk Assessment in Immobilized Patients
    Vera-Salmeron, Eugenio
    Dominguez-Nogueira, Carmen
    Romero-Bejar, Jose L.
    Saez, Jose A.
    Mota-Romero, Emilio
    INTERNATIONAL JOURNAL OF ENVIRONMENTAL RESEARCH AND PUBLIC HEALTH, 2022, 19 (18)
12345