Maryem Ait El Hadj, A. Khoumsi, Yahya Benkaouz, M. Erradi
{"title":"ABAC策略聚类时检测和解决异常的形式化方法","authors":"Maryem Ait El Hadj, A. Khoumsi, Yahya Benkaouz, M. Erradi","doi":"10.4108/eai.13-7-2018.156003","DOIUrl":null,"url":null,"abstract":"In big data environments with big number of users and high volume of data, we need to manage the corresponding huge number of security policies. Using Attribute-Based Access Control (ABAC) model to ensure access control might become complex and hard to manage. Moreover, ABAC policies may be aggregated from multiple parties. Therefore, they may contain several anomalies such as conflicts and redundancies, resulting in safety and availability problems. Several policy analysis and design methods have been proposed. However, most of these methods do not preserve the original policy semantics. In this paper, we present an ABAC anomaly detection and resolution method based on the access domain concept, while preserving the policy semantics. To make the suggested method scalable for large policies, we decompose the policy into clusters of rules, then the method is applied to each cluster. We prove correctness of the method and evaluate its computational complexity. Experimental results are given and discussed. Received on 11 October 2018; accepted on 16 November 2018; published on 03 December 2018","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"106 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Formal Approach to Detect and Resolve Anomalies while Clustering ABAC Policies\",\"authors\":\"Maryem Ait El Hadj, A. Khoumsi, Yahya Benkaouz, M. Erradi\",\"doi\":\"10.4108/eai.13-7-2018.156003\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In big data environments with big number of users and high volume of data, we need to manage the corresponding huge number of security policies. Using Attribute-Based Access Control (ABAC) model to ensure access control might become complex and hard to manage. Moreover, ABAC policies may be aggregated from multiple parties. Therefore, they may contain several anomalies such as conflicts and redundancies, resulting in safety and availability problems. Several policy analysis and design methods have been proposed. However, most of these methods do not preserve the original policy semantics. In this paper, we present an ABAC anomaly detection and resolution method based on the access domain concept, while preserving the policy semantics. To make the suggested method scalable for large policies, we decompose the policy into clusters of rules, then the method is applied to each cluster. We prove correctness of the method and evaluate its computational complexity. Experimental results are given and discussed. Received on 11 October 2018; accepted on 16 November 2018; published on 03 December 2018\",\"PeriodicalId\":335727,\"journal\":{\"name\":\"EAI Endorsed Trans. Security Safety\",\"volume\":\"106 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-12-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"EAI Endorsed Trans. Security Safety\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4108/eai.13-7-2018.156003\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"EAI Endorsed Trans. Security Safety","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/eai.13-7-2018.156003","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Formal Approach to Detect and Resolve Anomalies while Clustering ABAC Policies
In big data environments with big number of users and high volume of data, we need to manage the corresponding huge number of security policies. Using Attribute-Based Access Control (ABAC) model to ensure access control might become complex and hard to manage. Moreover, ABAC policies may be aggregated from multiple parties. Therefore, they may contain several anomalies such as conflicts and redundancies, resulting in safety and availability problems. Several policy analysis and design methods have been proposed. However, most of these methods do not preserve the original policy semantics. In this paper, we present an ABAC anomaly detection and resolution method based on the access domain concept, while preserving the policy semantics. To make the suggested method scalable for large policies, we decompose the policy into clusters of rules, then the method is applied to each cluster. We prove correctness of the method and evaluate its computational complexity. Experimental results are given and discussed. Received on 11 October 2018; accepted on 16 November 2018; published on 03 December 2018
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
