Learning Attribute-Based and Relationship-Based Access Control Policies with Unknown Values

by   Thang Bui, et al.

Attribute-Based Access Control (ABAC) and Relationship-based access control (ReBAC) provide a high level of expressiveness and flexibility that promote security and information sharing, by allowing policies to be expressed in terms of attributes of and chains of relationships between entities. Algorithms for learning ABAC and ReBAC policies from legacy access control information have the potential to significantly reduce the cost of migration to ABAC or ReBAC. This paper presents the first algorithms for mining ABAC and ReBAC policies from access control lists (ACLs) and incomplete information about entities, where the values of some attributes of some entities are unknown. We show that the core of this problem can be viewed as learning a concise three-valued logic formula from a set of labeled feature vectors containing unknowns, and we give the first algorithm (to the best of our knowledge) for that problem.


page 1

page 2

page 3

page 4


A Decision Tree Learning Approach for Mining Relationship-Based Access Control Policies

Relationship-based access control (ReBAC) provides a high level of expre...

Efficient and Extensible Policy Mining for Relationship-Based Access Control

Relationship-based access control (ReBAC) is a flexible and expressive f...

An Insider Threat Mitigation Framework Using Attribute Based Access Control

Insider Threat is a significant and potentially dangerous security issue...

A Precedent Approach to Assigning Access Rights

To design a discretionary access control policy, a technique is proposed...

End to End Secure Data Exchange in Value Chains with Dynamic Policy Updates

Data exchange among value chain partners provides them with a competitiv...

Efficient mining of maximal biclusters in mixed-attribute datasets

This paper presents a novel enumerative biclustering algorithm to direct...

Combining ID's, Attributes, and Policies in Hyperledger Fabric

This work aims to provide a more secure access control in Hyperledger Fa...

Please sign up or login with your details

Forgot password? Click here to reset