An Automatic Attribute Based Access Control Policy Extraction from Access Logs
Leila Karimi, Maryam Aldairi, James Joshi, Mai Abdelhakim
TL;DR
This paper introduces an unsupervised learning method to automatically extract attribute-based access control policies from access logs, simplifying policy creation and management in complex, dynamic systems.
Contribution
It proposes a novel unsupervised algorithm for mining ABAC policies from logs and includes policy refinement techniques to improve policy quality.
Findings
Successfully extracts ABAC rules from access logs
Enhances policy quality through pruning and refinement
Prototype demonstrates practical feasibility
Abstract
With the rapid advances in computing and information technologies, traditional access control models have become inadequate in terms of capturing fine-grained, and expressive security requirements of newly emerging applications. An attribute-based access control (ABAC) model provides a more flexible approach for addressing the authorization needs of complex and dynamic systems. While organizations are interested in employing newer authorization models, migrating to such models pose as a significant challenge. Many large-scale businesses need to grant authorization to their user populations that are potentially distributed across disparate and heterogeneous computing environments. Each of these computing environments may have its own access control model. The manual development of a single policy framework for an entire organization is tedious, costly, and error-prone. In this paper,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAccess Control and Trust · Internet Traffic Analysis and Secure E-voting · Privacy-Preserving Technologies in Data
MethodsPruning