Towards a Top-down Policy Engineering Framework for Attribute-based Access Control

Abstract

Attribute-based access control (ABAC) is a logical access control methodology where authorization to perform a set of operations is based on attributes of the user, the objects being accessed, the environment, and a number of other attribute sources that may be relevant to the current request. Once fully implemented within an enterprise, ABAC promotes information sharing while maintaining control of the information. However, the cost of developing ABAC policies can be a significant obstacle for organizations to migrate from traditional access control models to ABAC. Most organizations have high-level requirement specifications that define security policies and include a set of access control policies. Taking advantage of this rich source of information, we introduce a top-down policy engineering framework for ABAC that aims to automatically extract policies from unrestricted natural language documents and then, we present our methodology to extract policy related information using deep neural networks. We first create an annotated dataset comprised of 2660 sentences from real-world policy documents. We then train a deep recurrent neural network (RNN) to identify sentences containing access control policies (ACP) from irrelevant content. We applied the RNN to our new dataset as well as to five other, smaller datasets that have been employed in prior work on this task, and show that our model outperforms the state-of-the-art and leads to a performance improvement of 5.58% over the previously reported results.