DeepAI
Log In Sign Up

The Next 700 Policy Miners: A Universal Method for Building Policy Miners

08/16/2019
by   Carlos Cotrini, et al.
0

A myriad of access control policy languages have been and continue to be proposed. The design of policy miners for each such language is a challenging task that has required specialized machine learning and combinatorial algorithms. We present an alternative method, universal access control policy mining (Unicorn). We show how this method streamlines the design of policy miners for a wide variety of policy languages including ABAC, RBAC, RBAC with user-attribute constraints, RBAC with spatio-temporal constraints, and an expressive fragment of XACML. For the latter two, there were no known policy miners until now. To design a policy miner using Unicorn, one needs a policy language and a metric quantifying how well a policy fits an assignment of permissions to users. From these, one builds the policy miner as a search algorithm that computes a policy that best fits the given permission assignment. We experimentally evaluate the policy miners built with Unicorn on logs from Amazon and access control matrices from other companies. Despite the genericity of our method, our policy miners are competitive with and sometimes even better than specialized state-of-the-art policy miners. The true positive rates of policies we mined differ by only 5 art and the false positive rates are always below 5 even outperforms the state of the art.

READ FULL TEXT

page 1

page 2

page 3

page 4

12/05/2022

Extending Expressive Access Policies with Privacy Features

Authentication, authorization, and trust verification are central parts ...
03/23/2019

PML: An Interpreter-Based Access Control Policy Language for Web Services

Access control is an important component for web services such as a clou...
03/16/2020

An Automatic Attribute Based Access Control Policy Extraction from Access Logs

With the rapid advances in computing and information technologies, tradi...
03/18/2019

Efficient and Extensible Policy Mining for Relationship-Based Access Control

Relationship-based access control (ReBAC) is a flexible and expressive f...
02/19/2021

SEPAL: Towards a Large-scale Analysis of SEAndroid Policy Customization

To investigate the status quo of SEAndroid policy customization, we prop...
11/13/2021

PAMMELA: Policy Administration Methodology using Machine Learning

In recent years, Attribute-Based Access Control (ABAC) has become quite ...
12/19/2012

Role Mining with Probabilistic Models

Role mining tackles the problem of finding a role-based access control (...