Mining Attribute-Based Access Control Policies from Logs
Zhongyuan Xu, Scott D. Stoller
TL;DR
This paper introduces the first algorithm for automatically deriving attribute-based access control policies from operational logs and attribute data, aiming to facilitate easier migration to ABAC systems.
Contribution
It presents a novel algorithm that mines ABAC policies from logs and attribute data, reducing manual effort in policy development.
Findings
First algorithm for mining ABAC policies from logs
Demonstrates potential to automate ABAC policy creation
Facilitates easier migration to ABAC systems
Abstract
Attribute-based access control (ABAC) provides a high level of flexibility that promotes security and information sharing. ABAC policy mining algorithms have potential to significantly reduce the cost of migration to ABAC, by partially automating the development of an ABAC policy from information about the existing access-control policy and attribute data. This paper presents an algorithm for mining ABAC policies from operation logs and attribute data. To the best of our knowledge, it is the first algorithm for this problem.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAccess Control and Trust · Internet Traffic Analysis and Secure E-voting · Network Security and Intrusion Detection