Skip to main content
View expanded cover

From Database to Cyber Security pp 24–54Cite as

Policy Engineering in RBAC and ABAC

Part of the Lecture Notes in Computer Science book series (LNSC,volume 11170)

Abstract

Role-based Access Control (RBAC) and Attribute-based access control (ABAC) are the most widely used access control models for mediating controlled access to resources in organizations. In RBAC, permissions are associated with roles, and users are assigned to appropriate roles. Therefore, it is imperative that a proper set of roles is necessary for the efficient deployment of RBAC. Most organizations possess a set of existing user-permission assignments which can be used to create appropriate roles. This process, known as role mining, is an important and challenging task in the deployment of RBAC in any organization. On the other hand, in ABAC, the access decisions depend on the attributes of the various entities and a set of authorization rules (policies). The efficiency of an ABAC model relies upon the strength and correctness of the authorization rules. Similar to role mining in RBAC, the process of constructing an appropriate set of ABAC authorization rules, known as policy engineering, is crucial for the implementation of ABAC. Regardless of the differences in RBAC and ABAC, the problems of role mining in RBAC and policy engineering in ABAC are quite similar and equally important for the corresponding access control models. In this chapter, we explore the role mining problem and the policy engineering problem along with their existing solution strategies and identify future directions of research in these two areas.

Keywords

  • Role-Based Access Control (RBAC)
  • Role mining
  • Attribute-Based Access Control (ABAC)
  • Policy engineering
  • Top-down
  • Bottom-up
  • Constraints

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-04834-1_2
  • Chapter length: 31 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   69.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-04834-1
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   89.99
Price excludes VAT (USA)
Learn about institutional subscriptions
Fig. 1.
Fig. 2.

References

  1. Agrawal, R., Srikant, R.: Fast algorithms for mining association rules in large databases. In: Proceedings of 20th International Conference on Very Large Data Bases (VLDB), pp. 487–499, September 1994

    Google Scholar 

  2. Moses, T., et al.: Extensible access control markup language (XACML) version 2.0. Oasis Standard (2005)

    Google Scholar 

  3. Aziz, B., Foley, S.N., Herbert, J., Swart, G.: Reconfiguring role based access control policies using risk semantics. J. High Speed Netw. 15(3), 261–273 (2006)

    Google Scholar 

  4. Baumgrass, A., Strembeck, M., Rinderle-Ma, S.: Deriving role engineering artifacts from business processes and scenario models. In: Proceedings of 16th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 11–20, June 2011

    Google Scholar 

  5. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: a temporal role-based access control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 191–233 (2001)

    CrossRef  Google Scholar 

  6. Biswas, P., Sandhu, R., Krishnan, R.: Label-based access control: an ABAC model with enumerated authorization policy. In: Conference on Data and Applications Security and Privacy, pp. 1–12 (2016)

    Google Scholar 

  7. Blundo, C., Cimato, S.: A simple role mining algorithm. In: Proceedings of 25th ACM Symposium on Applied Computing (SAC), pp. 1958–1962, March 2010

    Google Scholar 

  8. Blundo, C., Cimato, S.: Constrained role mining. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 289–304. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38004-4_19

    CrossRef  Google Scholar 

  9. Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140–156. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29963-6_11

    CrossRef  Google Scholar 

  10. Cobena, G., Abiteboul, S., Marian, A.: Detecting changes in xml documents. In: International Conference on Data Engineering (IDCE), pp. 41–52 (2002)

    Google Scholar 

  11. Colantonio, A., Pietro, R.D., Ocello, A.: A cost-driven approach to role engineering. In: Proceedings of 23rd ACM Symposium on Applied Computing (SAC), pp. 2129–2136, March 2008

    Google Scholar 

  12. Colantonio, A., Pietro, R.D., Ocello, A., Verde, N.V.: A formal framework to elicit roles with business meaning in RBAC systems. In: Proceedings of 14th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 85–94, June 2009

    Google Scholar 

  13. Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: Mining stable roles in RBAC. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IAICT, vol. 297, pp. 259–269. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01244-0_23

    CrossRef  Google Scholar 

  14. Colantonio, A., Di Pietro, R., Ocello, A., Verde, N.V.: Mining business-relevant RBAC states through decomposition. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IAICT, vol. 330, pp. 19–30. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15257-3_3

    CrossRef  Google Scholar 

  15. Colantonio, A., Pietro, R.D., Ocello, A., Verde, N.V.: Taming role mining complexity in RBAC. Comput. Secur. 29(5), 548–564 (2010). Special Issue on Challenges for Security and Privacy and Trust

    CrossRef  Google Scholar 

  16. Colantonio, A., Pietro, R.D., Ocello, A., Verde, N.V.: A new role mining framework to elicit business roles and to mitigate enterprise risk. Decis. Support Syst. (DSS) 50(4), 715–731 (2011)

    CrossRef  Google Scholar 

  17. Colantonio, A., Pietro, R.D., Verde, N.V.: A business-driven decomposition methodology for role mining. Comput. Secur. (COSE) 31(7), 844–855 (2012)

    CrossRef  Google Scholar 

  18. Coyne, E.J.: Role engineering. In: Proceedings of 1st ACM Workshop on Role-Based Access Control (RBAC), pp. 15–16, November 1995

    Google Scholar 

  19. Crook, R., Ince, D., Nuseibeh, B.: Towards an analytical role modelling framework for security requirements. In: Proceedings of 8th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ), pp. 9–10, September 2002

    Google Scholar 

  20. Elliott, A., Knight, S.: Start here: engineering scalable access control systems. In: Proceedings of 21st ACM on Symposium on Access Control Models and Technologies (SACMAT), pp. 113–124, June 2016

    Google Scholar 

  21. Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of 13th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 1–10, June 2008

    Google Scholar 

  22. Epstein, P., Sandhu, R.: Towards a UML based approach to role engineering. In: Proceedings of 4th ACM Workshop on Role-Based Access Control, pp. 135–143, October 1999

    Google Scholar 

  23. Fernandez, E.B., Hawkins, J.C.: Determining role rights from use cases. In: Proceedings of 2nd ACM Workshop on Role-based Access Control (RBAC), pp. 121–125, November 1997

    Google Scholar 

  24. Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)

    CrossRef  Google Scholar 

  25. Frank, M., Buhmann, J.M., Basin, D.: Role mining with probabilistic models. ACM Trans. Inf. Syst. Secur. (TISSEC) 15(4), 1–28 (2013)

    CrossRef  Google Scholar 

  26. Frank, M., Streich, A.P., Basin, D., Buhmann, J.M.: A probabilistic approach to hybrid role mining. In: Proceedings of 16th ACM Conference on Computer and Communications Security (CCS), pp. 101–111, November 2009

    Google Scholar 

  27. Fuchs, L., Pernul, G.: HyDRo – hybrid development of roles. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 287–302. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89862-7_24

    CrossRef  Google Scholar 

  28. Gautam, M., Jha, S., Sural, S., Vaidya, J., Atluri, V.: Constrained policy mining in attribute based access control. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 121–123 (2017)

    Google Scholar 

  29. Guo, Q., Vaidya, J., Atluri, V.: The role hierarchy mining problem: discovery of optimal role hierarchies. In: Proceedings of 24th Annual Computer Security Applications Conference (ACSAC), pp. 237–246, December 2008

    Google Scholar 

  30. Hamming, R.: Error detecting and error correcting codes. Bell Syst. Tech. J. 26(2), 14–160 (1950)

    MathSciNet  Google Scholar 

  31. Harika, P., Nagajyothi, M., John, J.C., Sural, S., Vaidya, J., Atluri, V.: Meeting cardinality constraints in role mining. IEEE Trans. Dependable Secur. Comput. (TDSC) 12(1), 71–84 (2015)

    CrossRef  Google Scholar 

  32. Hingankar, M., Sural, S.: Towards role mining with restricted user-role assignment. In: Proceedings of 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace Electronic Systems Technology (Wireless VITAE), pp. 1–5, February 2011

    Google Scholar 

  33. Hu, J., Khan, K.M., Bai, Y., Zhang, Y.: Constraint-enhanced role engineering via answer set programming. In: Proceedings of 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 73–74, May 2012

    Google Scholar 

  34. Hu, V.C., et al.: Guide to Attribute-Based Access Control (ABAC) definition and considerations. Technical report, NIST Special Publication 800-162, January 2014. http://nvlpubs.nist.gov/nistpubs/-specialpublications/NIST.sp.800-162.pdf

  35. Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. National Institute of Standards and Technology Special Publication (2014)

    Google Scholar 

  36. Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. Computer (IEEE) 48(2), 85–88 (2015)

    CrossRef  Google Scholar 

  37. Huang, C., Sun, J., Wang, X., Si, Y., Wu, D.: Preprocessing the noise in legacy user permission assignment data for role mining - an industrial practice. In: Proceedings of 25th IEEE International Conference on Software Maintenance (ICSM), pp. 403–406, September 2009

    Google Scholar 

  38. Huang, H., Shang, F., Liu, J., Du, H.: Handling least privilege problem and role mining in RBAC. J. Comb. Optim. 30(1), 63–86 (2015)

    MathSciNet  CrossRef  Google Scholar 

  39. Huang, H., Shang, F., Zhang, J.: Approximation algorithms for minimizing the number of roles and administrative assignments in RBAC. In: Proceedings of 36th Annual IEEE Computer Software and Applications Conference Workshops (COMPSAC), pp. 427–432, July 2012

    Google Scholar 

  40. Jafarian, J.H., Takabi, H., Touati, H., Hesamifard, E., Shehab, M.: Towards a general framework for optimal role mining: a constraint satisfaction approach. In: Proceedings of 20th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 211–220, June 2015

    Google Scholar 

  41. Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31540-4_4

    CrossRef  Google Scholar 

  42. John, J.C., Sural, S., Atluri, V., Vaidya, J.S.: Role mining under role-usage cardinality constraint. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 150–161. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_13

    CrossRef  Google Scholar 

  43. Kern, A., Kuhlmann, M., Schaad, A., Moffett, J.: Observations on the role life-cycle in the context of enterprise security management. In: Proceedings of 7th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 43–51, June 2002

    Google Scholar 

  44. Krautsevich, L., Lazouski, A., Martinelli, F., Yautsiukhin, A.: Towards policy engineering for attribute-based access control. In: Bloem, R., Lipp, P. (eds.) INTRUST 2013. LNCS, vol. 8292, pp. 85–102. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03491-1_6

    CrossRef  Google Scholar 

  45. Kuhlmann, M., Shohat, D., Schimpf, G.: Role mining - revealing business roles for security administration using data mining technology. In: Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 179–186, June 2003

    Google Scholar 

  46. Kumar, R., Sural, S., Gupta, A.: Mining RBAC roles under cardinality constraint. In: Proceedings of 6th International Conference on Information Systems Security (ICISS), pp. 171–185, December 2010

    CrossRef  Google Scholar 

  47. Krautsevich, L., Lazouski, A., Martinelli, F., Yautsiukhin, A.: Towards attribute-based access control policy engineering using risk. In: Bauer, T., Großmann, J., Seehusen, F., Stølen, K., Wendland, M.-F. (eds.) RISK 2013. LNCS, vol. 8418, pp. 80–90. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07076-6_6

    CrossRef  Google Scholar 

  48. Lin, D., Rao, P., Bertino, E., Lobo, J.: An approach to evaluate policy similarity. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 1–10 (2007)

    Google Scholar 

  49. Lin, D., Rao, P., Ferrini, P., Bertino, E., Lobo, J.: A similarity measure for comparing XACML policies. IEEE Trans. Knowl. Data Eng. 25, 1946–1959 (2013)

    CrossRef  Google Scholar 

  50. Lu, H., Hong, Y., Yang, Y., Duan, L., Badar, N.: Towards user-oriented RBAC model. In: Proceedings of 27th International Conference on Data and Applications Security and Privacy (DBSec), pp. 81–96, July 2013

    Google Scholar 

  51. Lu, H., Hong, Y., Yang, Y., Duan, L., Badar, N.: Towards user-oriented RBAC model. J. Comput. Secur. (JCS) 23(1), 107–129 (2015)

    CrossRef  Google Scholar 

  52. Lu, H., Vaidya, J., Atluri, V.: Optimal Boolean matrix decomposition: application to role engineering. In: Proceedings of 24th IEEE International Conference on Data Engineering (ICDE), pp. 297–306, April 2008

    Google Scholar 

  53. Lu, H., Vaidya, J., Atluri, V.: An optimization framework for role mining. J. Comput. Secur. (JCS) 22(1), 1–31 (2014)

    CrossRef  Google Scholar 

  54. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19, 461–471 (1976)

    CrossRef  Google Scholar 

  55. Ma, X., Li, R., Lu, Z.: Role mining based on weights. In: Proceedings of 15th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 65–74, June 2010

    Google Scholar 

  56. Miettinen, P., Mielikäinen, T., Gionis, A., Das, G., Mannila, H.: The discrete basis problem. In: Fürnkranz, J., Scheffer, T., Spiliopoulou, M. (eds.) PKDD 2006. LNCS (LNAI), vol. 4213, pp. 335–346. Springer, Heidelberg (2006). https://doi.org/10.1007/11871637_33

    CrossRef  Google Scholar 

  57. Mitra, B., Sural, S., Atluri, V., Vaidya, J.: Toward mining of temporal roles. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 65–80. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39256-6_5

    CrossRef  Google Scholar 

  58. Mitra, B., Sural, S., Atluri, V., Vaidya, J.: The generalized temporal role mining problem. J. Comput. Secur. 23(1), 31–58 (2015)

    CrossRef  Google Scholar 

  59. Mitra, B., Sural, S., Vaidya, J., Atluri, V.: Mining temporal roles using many-valued concepts. Comput. Secur. 60, 79–94 (2016)

    CrossRef  Google Scholar 

  60. Mitra, B., Sural, S., Vaidya, J., Atluri, V.: Migrating from RBAC to temporal RBAC. IET Inf. Secur. 11, 294–300 (2017)

    CrossRef  Google Scholar 

  61. Mocanu, D.C., Turkmen, F., Liotta, A.: Towards ABAC policy mining from logs with deep learning. In: International Multiconference (2015)

    Google Scholar 

  62. Molloy, I., et al.: Mining roles with semantic meanings. In: Proceedings of 13th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 21–30, June 2008

    Google Scholar 

  63. Molloy, I., et al.: Mining roles with multiple objectives. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(4), 36:1–36:35 (2010)

    CrossRef  Google Scholar 

  64. Molloy, I., Li, N., Qi, Y.A., Lobo, J., Dickens, L.: Mining roles with noisy data. In: Proceedings of 15th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 45–54, June 2010

    Google Scholar 

  65. Molloy, I., Park, Y., Chari, S.: Generative models for access control policies: applications to role mining over logs with attribution. In: Proceedings of 17th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 45–56, June 2012

    Google Scholar 

  66. Narouei, M., Khanpour, H., Takabi, H., Parde, N., Nielsen, R.: Towards a top-down policy engineering framework for attribute-based access control. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 103–114 (2017)

    Google Scholar 

  67. Narouei, M., Takabi, H.: Towards an automatic top-down role engineering approach using natural language processing techniques. In: Proceedings of 20th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 157–160, June 2015

    Google Scholar 

  68. Neumann, G., Strembeck, M.: A scenario-driven role engineering process for functional RBAC roles. In: Proceedings of 7th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 33–42, June 2002

    Google Scholar 

  69. O’Connor, A.C., Loomis, R.J.: 2010 economic analysis of Role-Based Access Control. RTI International report for NIST (2010)

    Google Scholar 

  70. Roeckle, H., Schimpf, G., Weidinger, R.: Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. In: Proceedings of 5th ACM Workshop on Role-Based Access Control (RBAC), pp. 103–110, July 2000

    Google Scholar 

  71. Saenko, I., Kotenko, I.: Genetic algorithms for role mining problem. In: Proceedings of 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 646–650, February 2011

    Google Scholar 

  72. Saenko, I., Kotenko, I.: Design and performance evaluation of improved genetic algorithm for role mining problem. In: Proceedings of 20th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 269–274, February 2012

    Google Scholar 

  73. Sandhu, R.S.: Lattice-based access control models. Computer 26(11), 9–19 (1993)

    CrossRef  Google Scholar 

  74. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)

    CrossRef  Google Scholar 

  75. Sarana, P., Roy, A., Sural, S., Vaidya, J., Atluri, V.: Role mining in the presence of separation of duty constraints. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2015. LNCS, vol. 9478, pp. 98–117. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26961-0_7

    CrossRef  Google Scholar 

  76. Shin, D., Ahn, G., Cho, S., Jin, S.: On modeling system-centric information for role engineering. In: Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 169–178, June 2003

    Google Scholar 

  77. Smolensky, P.: Information processing in dynamical systems: foundations of harmony theory. In: Parallel Distributed Processing, pp. 194–281 (1987)

    Google Scholar 

  78. Strembeck, M.: Scenario-driven role engineering. IEEE Secur. Priv. 8(1), 28–35 (2010)

    CrossRef  Google Scholar 

  79. Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: finding a minimal descriptive set of roles. In: Proceedings of 12th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 175–184, June 2007

    Google Scholar 

  80. Vaidya, J., Atluri, V., Guo, Q.: The role mining problem: a formal perspective. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(3), 27:1–27:31 (2010)

    CrossRef  Google Scholar 

  81. Vaidya, J., Atluri, V., Guo, Q., Lu, H.: Edge-RMP: minimizing administrative assignments for role-based access control. J. Comput. Secur. (JCS) 17(2), 211–235 (2009)

    CrossRef  Google Scholar 

  82. Vaidya, J., Atluri, V., Warner, J.: Role miner: mining roles using subset enumeration. In: Proceedings of 13th ACM Conference on Computer and Communications Security (CCS), pp. 144–153, October 2006

    Google Scholar 

  83. Vaidya, J., Atluri, V., Warner, J., Guo, Q.: Role engineering via prioritized subset enumeration. IEEE Trans. Dependable Secur. Comput. (TDSC) 7(3), 300–314 (2010)

    CrossRef  Google Scholar 

  84. Vaidya, J., Shafiq, B., Atluri, V., Lorenzi, D.: A framework for policy similarity evaluation and migration based on change detection. Network and System Security. LNCS, vol. 9408, pp. 191–205. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25645-0_13

    CrossRef  Google Scholar 

  85. Verde, N.V., Vaidya, J., Atluri, V., Colantonio, A.: Role engineering: from theory to practice. In: Proceedings of 2nd ACM Conference on Data and Application Security and Privacy (CODASPY), pp. 181–191, February 2012

    Google Scholar 

  86. Xu, Z., Stoller, S.D.: Algorithms for mining meaningful roles. In: Proceedings of 17th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 57–66, June 2012

    Google Scholar 

  87. Xu, Z., Stoller, S.: Mining attribute-based access control policies from logs. Computing Research Repository - arXiv (2014)

    Google Scholar 

  88. Xu, Z., Stoller, S.: Mining attribute-based access control policies. IEEE Trans. Dependable Secur. Comput. (TDSC) 12, 533–545 (2015)

    CrossRef  Google Scholar 

  89. Zhang, D., Ramamohanarao, K., Ebringer, T.: Role engineering using graph optimisation. In: Proceedings of 14th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 139–144, June 2007

    Google Scholar 

  90. Zhang, D., Ramamohanarao, K., Ebringer, T.: Permission set mining: discovering practical and useful roles. In: Proceedings of 24th Annual Computer Security Applications Conference (ACSAC), pp. 247–256, December 2008

    Google Scholar 

  91. Zhang, W., Chen, Y., Gunter, C., Liebovitz, D., Malin, B.: Evolving role definitions through permission invocation patterns. In: Proceedings of 18th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 37–48, June 2013

    Google Scholar 

Download references

Acknowledgements

Research reported in this publication was supported by the National Institutes of Health under award R01GM118574. The work is also supported in part by the National Science Foundation under grant CNS-1624503. The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, IIT Kharagpur, Kharagpur, India

    Saptarshi Das & Shamik Sural

  2. Department of CSIS, BITS Pilani Hyderabad Campus, Hyderabad, India

    Barsha Mitra

  3. MSIS Department, Rutgers University, Newark, USA

    Vijayalakshmi Atluri & Jaideep Vaidya

Authors
  1. Saptarshi Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Barsha Mitra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vijayalakshmi Atluri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jaideep Vaidya
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Shamik Sural
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vijayalakshmi Atluri .

Editor information

Editors and Affiliations

  1. Università degli Studi di Milano, Milano, Italy

    Pierangela Samarati

  2. Colorado State University, Fort Collins, CO, USA

    Indrajit Ray

  3. Colorado State University, Fort Collins, CO, USA

    Dr. Indrakshi Ray

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this chapter

Verify currency and authenticity via CrossMark

Cite this chapter

Das, S., Mitra, B., Atluri, V., Vaidya, J., Sural, S. (2018). Policy Engineering in RBAC and ABAC. In: Samarati, P., Ray, I., Ray, I. (eds) From Database to Cyber Security. Lecture Notes in Computer Science(), vol 11170. Springer, Cham. https://doi.org/10.1007/978-3-030-04834-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-04834-1_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-04833-4

  • Online ISBN: 978-3-030-04834-1

  • eBook Packages: Computer ScienceComputer Science (R0)