An Automatic Attribute-Based Access Control Policy Extraction From Access Logs
نویسندگان
چکیده
With the rapid advances in computing and information technologies, traditional access control models have become inadequate terms of capturing fine-grained, expressive security requirements newly emerging applications. An attribute-based (ABAC) model provides a more flexible approach to addressing authorization needs complex dynamic systems. While organizations are interested employing newer models, migrating such pose as significant challenge. Many large-scale businesses need grant authorizations their user populations that potentially distributed across disparate heterogeneous environments. Each these environments may its own model. The manual development single policy framework for an entire organization is tedious, costly, error-prone. In this article, we present methodology automatically learning ABAC rules from logs system simplify process. proposed employs unsupervised learning-based algorithm detecting patterns extracting patterns. addition, two improvement algorithms, including rule pruning refinement algorithms generate higher quality mined policy. Finally, implement prototype demonstrate feasibility.
منابع مشابه
Mining Attribute-Based Access Control Policies from Logs
Attribute-based access control (ABAC) provides a high level of flexibility that promotes security and information sharing. ABAC policy mining algorithms have potential to significantly reduce the cost of migration to ABAC, by partially automating the development of an ABAC policy from information about the existing access-control policy and attribute data. This paper presents an algorithm for m...
متن کاملTowards Policy Engineering for Attribute-Based Access Control
Attribute-based Access Control (ABAC) was recently proposed as a general model which is able to capture the main existing access control models. This paper discusses the problems of configuring ABAC and engineering access policies. We question how to design attributes, how to assign attributes to subjects, objects, actions, and how to formulate access policies which bind subjects to objects and...
متن کاملAttribute-Based Oblivious Access Control
In an attribute-based system (ABS), users are identified by various attributes, instead of their identities. Since its seminal introduction, the attribute-based mechanism has attracted a lot of attention. However, current ABS schemes have a number of drawbacks: (i) the communication cost is linear in the number of the required attributes; (ii) the computation cost is linear in the number of the...
متن کاملTowards Attribute-Based Access Control Policy Engineering Using Risk
In this paper, we consider a policy engineering problem for attribute-based access control. The general goal is to help a policy writer to specify access control policies. In particular, we target the problem of defining the values of attributes when access to an object should be granted or denied. We use risk to quantify possible harm caused by misuses and abuses of granted access rights and a...
متن کاملAttribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Dependable and Secure Computing
سال: 2022
ISSN: ['1941-0018', '1545-5971', '2160-9209']
DOI: https://doi.org/10.1109/tdsc.2021.3054331