Skip to main content
SpringerLink
Log in

A Nature-Inspired Framework for Optimal Mining of Attribute-Based Access Control Policies

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2019)

Abstract

Even though attribute-based access control (ABAC) has been applied to address authorization in areas such as cloud and internet of things, implementing ABAC policies can become complex due to the high expressiveness of ABAC specifications. In order to semi-automate this process, several policy mining approaches have been proposed that mostly derive ABAC policies from access request logs. These approaches, however, do not take into account the existing ABAC policies and attempt to define all policies from scratch, which is not acceptable for an enterprise that already has an implemented ABAC system. Given basic assumptions on how access control configurations are generated, we first provide a formal definition of ABAC policy mining with minimal perturbation that fulfills the requirements that enterprises typically have. We then present an effective and efficient methodology based on particle swarm optimization algorithm for addressing the ABAC policy mining and ABAC policy mining with minimal perturbation problems. Experimental results demonstrate that the proposed methodology is able to generate much less complex policies than previous works using the same realistic case studies. Furthermore, we perform experiments on how to find an ABAC state as similar as possible to both the existing state and the optimal state.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    An over-assignment is when a permission is inappropriately granted to a user.

  2. 2.

    An under-assignment is when a user lacks a permission that he or she should be granted.

  3. 3.

    Identifying a set of policies that can satisfy a number of requests.

  4. 4.

    University case-study.

References

  1. Alohaly, M., Takabi, H., Blanco, E.: A deep learning approach for extracting attributes of ABAC policies. In: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, pp. 137–148. ACM (2018)

    Google Scholar 

  2. Antoniou, A., Lu, W.S.: The optimization problem. In: Antoniou, A., Lu, W.S. (eds.) Practical Optimization, pp. 1–26. Springer, Boston (2007). https://doi.org/10.1007/978-0-387-71107-2_1

    Chapter  MATH  Google Scholar 

  3. Brossard, D., Gebel, G., Berg, M.: A systematic approach to implementing ABAC. In: Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control, pp. 53–59. ACM (2017)

    Google Scholar 

  4. Cotrini, C., Weghorn, T., Basin, D.: Mining ABAC rules from sparse logs. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 31–46. IEEE (2018)

    Google Scholar 

  5. Das, S., Sural, S., Vaidya, J., Atluri, V.: Policy adaptation in attribute-based access control for inter-organizational collaboration. In: 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC), pp. 136–145. IEEE (2017)

    Google Scholar 

  6. Das, S., Sural, S., Vaidya, J., Atluri, V.: Hype: a hybrid approach toward policy engineering in attribute-based access control. IEEE Lett. Comput. Soc. 1(2), 25–29 (2018)

    Article  Google Scholar 

  7. Das, S., Sural, S., Vaidya, J., Atluri, V.: Using Gini impurity to mine attribute-based access control policies with environment attributes. In: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, pp. 213–215. ACM (2018)

    Google Scholar 

  8. Elbeltagi, E., Hegazy, T., Grierson, D.: Comparison among five evolutionary-based optimization algorithms. Adv. Eng. Inform. 19(1), 43–53 (2005)

    Article  Google Scholar 

  9. Fürnkranz, J.: Separate-and-conquer rule learning. Artif. Intell. Rev. 13(1), 3–54 (1999)

    Article  Google Scholar 

  10. Hu, V.C., et al.: Guide toattribute based access control (ABAC) definition and considerations (draft). NIST Spec. Publ. 800(162) (2013)

    Google Scholar 

  11. Iyer, P., Masoumzadeh, A.: Mining positive and negative attribute-based access control policy rules. In: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, pp. 161–172. ACM (2018)

    Google Scholar 

  12. Løvbjerg, M.: Improving particle swarm optimization by hybridization of stochastic search heuristics and self-organized criticality (2002)

    Google Scholar 

  13. Medvet, E., Bartoli, A., Carminati, B., Ferrari, E.: Evolutionary inference of attribute-based access control policies. In: Gaspar-Cunha, A., Henggeler Antunes, C., Coello, C.C. (eds.) EMO 2015. LNCS, vol. 9018, pp. 351–365. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15934-8_24

    Chapter  Google Scholar 

  14. Narouei, M., Khanpour, H., Takabi, H.: Identification of access control policy sentences from natural language policy documents. In: Livraga, G., Zhu, S. (eds.) DBSec 2017. LNCS, vol. 10359, pp. 82–100. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61176-1_5

    Chapter  Google Scholar 

  15. Narouei, M., Khanpour, H., Takabi, H., Parde, N., Nielsen, R.: Towards a top-down policy engineering framework for attribute-based access control. In: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, pp. 103–114. ACM (2017)

    Google Scholar 

  16. Narouei, M., Takabi, H.: Automatic top-down role engineering framework using natural language processing techniques. In: Akram, R.N., Jajodia, S. (eds.) WISTP 2015. LNCS, vol. 9311, pp. 137–152. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24018-3_9

    Chapter  Google Scholar 

  17. Narouei, M., Takabi, H.: Towards an automatic top-down role engineering approach using natural language processing techniques. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, pp. 157–160. ACM (2015)

    Google Scholar 

  18. Salman, A., Ahmad, I., Al-Madani, S.: Particle swarm optimization for task assignment problem. Microprocess. Microsyst. 26(8), 363–371 (2002)

    Article  Google Scholar 

  19. Shi, Y., Eberhart, R.: A modified particle swarm optimizer. In: The 1998 IEEE International Conference on Evolutionary Computation Proceedings. IEEE World Congress on Computational Intelligence, pp. 69–73. IEEE (1998)

    Google Scholar 

  20. Shi, Y., Eberhart, R.C.: Empirical study of particle swarm optimization. In: Proceedings of the 1999 congress on Evolutionary computation, CEC 99, vol. 3, pp. 1945–1950. IEEE (1999)

    Google Scholar 

  21. Takabi, H., Joshi, J.B.: StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, pp. 55–64. ACM (2010)

    Google Scholar 

  22. Vaidya, J., Atluri, V., Guo, Q., Adam, N.: Migrating to optimal RBAC with minimal perturbation. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 11–20. ACM (2008)

    Google Scholar 

  23. Vaidya, J., Atluri, V., Warner, J.: RoleMiner: mining roles using subset enumeration. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 144–153. ACM (2006)

    Google Scholar 

  24. Wenbiao, Z., Yan, Z., Zhigang, M.: A link-load balanced low energy mapping and routing for NoC. In: Lee, Y.-H., Kim, H.-N., Kim, J., Park, Y., Yang, L.T., Kim, S.W. (eds.) ICESS 2007. LNCS, vol. 4523, pp. 59–66. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72685-2_6

    Chapter  Google Scholar 

  25. Xu, Z., Stoller, S.D.: Mining attribute-based access control policies from logs. In: Atluri, V., Pernul, G. (eds.) DBSec 2014. LNCS, vol. 8566, pp. 276–291. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43936-4_18

    Chapter  Google Scholar 

  26. Xu, Z., Stoller, S.D.: Mining attribute-based access control policies. IEEE Trans. Dependable Secur. Comput. 12(5), 533–545 (2015)

    Article  Google Scholar 

  27. Zhang, D., Ramamohanarao, K., Ebringer, T.: Role engineering using graph optimisation. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 139–144. ACM (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of North Texas, Denton, TX, USA

    Masoud Narouei & Hassan Takabi

Authors
  1. Masoud Narouei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hassan Takabi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Masoud Narouei .

Editor information

Editors and Affiliations

  1. George Mason University, Fairfax, VA, USA

    Songqing Chen

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. Boston University, Lowell, MA, USA

    Xinwen Fu

  4. Virginia Tech, Blacksburg, VA, USA

    Wenjing Lou

  5. University of Central Florida, Orlando, FL, USA

    Aziz Mohaisen

Rights and permissions

Reprints and permissions

Copyright information

© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Narouei, M., Takabi, H. (2019). A Nature-Inspired Framework for Optimal Mining of Attribute-Based Access Control Policies. In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks. SecureComm 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 305. Springer, Cham. https://doi.org/10.1007/978-3-030-37231-6_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-37231-6_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37230-9

  • Online ISBN: 978-3-030-37231-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation