Resolving rule redundancy error in ABA C policies using individual domain and subset detection method

Abstract

Access control models play an important role in the security mechanism. The intrusion detection and prevention system implements the access control models to identify whether authorized or illegal access. The access control model has a set of policies where each policy consists of a set of rules. The role of the access control model is to decide whether allow or deny the access request based on the security rules. The attribute-based access control model (ABAC) is the promising model than the other access control model due to its flexibility and efficiency. The anomalies or errors in the ABAC security rules or policies cause serious security issues. Thus policy validation is an important task and is usually done in the cluster of rules instead of validating every rule to reduce the time and complexity of the task. Rule redundancy is one of the policy errors thus one rule is a subset of one or more rules. Despite all anomalies are validated by verifying every cluster of rules, rule redundancy error can be solved before clustering or at the time of clustering. This results in reducing the size of each cluster and leads to better policy validation of rule redundancy and other errors. This paper proposed an approach to detect and resolve the rule redundancy error at the time of clustering. We used individual domains for each attribute of rules to avoid the heterogeneous data sets and to found the proper and accurate subset of rules. This work will help the researchers in implementing efficient policy validation and access control models.