PAMMELA: Policy Administration Methodology using Machine Learning

TL;DR

PAMMELA leverages machine learning to assist in creating and updating Attribute-Based Access Control policies, reducing administrative effort and enabling policy adaptation based on existing organizational rules.

Contribution

Introduces PAMMELA, a machine learning-based methodology for efficient ABAC policy creation and augmentation, addressing administrative overhead and dynamic organizational needs.

Findings

Effective policy generation from similar organizational rules

Successful policy augmentation through learned rule inference

Good performance on machine learning metrics and execution time

Abstract

In recent years, Attribute-Based Access Control (ABAC) has become quite popular and effective for enforcing access control in dynamic and collaborative environments. Implementation of ABAC requires the creation of a set of attribute-based rules which cumulatively form a policy. Designing an ABAC policy ab initio demands a substantial amount of effort from the system administrator. Moreover, organizational changes may necessitate the inclusion of new rules in an already deployed policy. In such a case, re-mining the entire ABAC policy will require a considerable amount of time and administrative effort. Instead, it is better to incrementally augment the policy. Keeping these aspects of reducing administrative overhead in mind, in this paper, we propose PAMMELA, a Policy Administration Methodology using Machine Learning to help system administrators in creating new ABAC policies as well as augmenting existing ones. PAMMELA can generate a new policy for an organization by learning the rules of a policy currently enforced in a similar organization. For policy augmentation, PAMMELA can infer new rules based on the knowledge gathered from the existing rules. Experimental results show that our proposed approach provides a reasonably good performance in terms of the various machine learning evaluation metrics as well as execution time.