Abstract

Relationship-based access control (ReBAC) provides a high level of expressiveness and flexibility that promotes security and information sharing. We formulate ReBAC as an object-oriented extension of attribute-based access control (ABAC) in which relationships are expressed using fields that refer to other objects, and path expressions are used to follow chains of relationships between objects. ReBAC policy mining algorithms have potential to significantly reduce the cost of migration from legacy access control systems to ReBAC, by partially automating the development of a ReBAC policy from an existing access control policy and attribute data. This paper presents two algorithms for mining ReBAC policies from access control lists (ACLs) and attribute data represented as an object model: a greedy algorithm guided by heuristics, and a grammar-based evolutionary algorithm. An evaluation of the algorithms on four sample policies and two large case studies demonstrates their effectiveness.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Mining Relationship-Based Access Control Policies
Thang Bui ... Scott D Stoller
-
Thang Bui, et. al.Thang Bui ... Scott D Stoller
07 Jun 2017
Mining Relationship-Based Access Control Policies from Incomplete and Noisy Data
Thang Bui ... Jiajie Li
-
Thang Bui, et. al.Thang Bui ... Jiajie Li
01 Jan 2019
A Decision Tree Learning Approach for Mining Relationship-Based Access Control Policies
Thang Bui ... Scott D Stoller
-
Thang Bui, et. al.Thang Bui ... Scott D Stoller
10 Jun 2020
Learning Attribute-Based and Relationship-Based Access Control Policies with Unknown Values
Thang Bui ... Scott D Stoller
-
Thang Bui, et. al.Thang Bui ... Scott D Stoller
01 Jan 2020
View more papers

More From: Computers & Security

Paper Title
Journal
Date
Author
Multi-perspective API call sequence behavior analysis and fusion for malware classification
Peng Wu ... Li Pan
Computers & Security | VOL. -
Peng Wu, et. al.Peng Wu ... Li Pan
01 Oct 2024
A large-scale analysis of the effectiveness of publicly reported security patches
Seunghoon Woo ... Heejo Lee
Computers & Security | VOL. -
Seunghoon Woo, et. al.Seunghoon Woo ... Heejo Lee
01 Oct 2024
Adversarial attacks based on time-series features for traffic detection
Hongyu Lu ... Jiazhong Lu
Computers & Security | VOL. -
Hongyu Lu, et. al.Hongyu Lu ... Jiazhong Lu
01 Oct 2024
Encoder decoder-based Virtual Physically Unclonable Function for Internet of Things device authentication using split-learning
Raviha Khan ... Sami Muhaidat
Computers & Security | VOL. -
Raviha Khan, et. al.Raviha Khan ... Sami Muhaidat
01 Oct 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.