基于属性的访问控制策略挖掘的可行性研究

2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI) Pub Date : 2019-07-01 DOI:10.1109/IRI.2019.00047

Shuvra Chakraborty, R. Sandhu, R. Krishnan

{"title":"基于属性的访问控制策略挖掘的可行性研究","authors":"Shuvra Chakraborty, R. Sandhu, R. Krishnan","doi":"10.1109/IRI.2019.00047","DOIUrl":null,"url":null,"abstract":"As the technology of attribute-based access control (ABAC) matures and begins to supplant earlier models such as role-based or discretionary access control, it becomes necessary to convert from already deployed access control systems to ABAC. Several variations of this general problem can be defined, some of which have been studied by researchers. In particular the ABAC policy mining problem assumes that attribute values for various entities such as users and objects in the system are given, in addition to the authorization state, from which the ABAC policy needs to be discovered. In this paper, we formalize the ABAC RuleSet Existence problem in this context and develop an algorithm and complexity analysis for its solution. We further introduce the notion of ABAC RuleSet Infeasibility Correction along with an algorithm for its solution.","PeriodicalId":295028,"journal":{"name":"2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI)","volume":"162 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"On the Feasibility of Attribute-Based Access Control Policy Mining\",\"authors\":\"Shuvra Chakraborty, R. Sandhu, R. Krishnan\",\"doi\":\"10.1109/IRI.2019.00047\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As the technology of attribute-based access control (ABAC) matures and begins to supplant earlier models such as role-based or discretionary access control, it becomes necessary to convert from already deployed access control systems to ABAC. Several variations of this general problem can be defined, some of which have been studied by researchers. In particular the ABAC policy mining problem assumes that attribute values for various entities such as users and objects in the system are given, in addition to the authorization state, from which the ABAC policy needs to be discovered. In this paper, we formalize the ABAC RuleSet Existence problem in this context and develop an algorithm and complexity analysis for its solution. We further introduce the notion of ABAC RuleSet Infeasibility Correction along with an algorithm for its solution.\",\"PeriodicalId\":295028,\"journal\":{\"name\":\"2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI)\",\"volume\":\"162 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IRI.2019.00047\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IRI.2019.00047","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

摘要

随着基于属性的访问控制(ABAC)技术的成熟，并开始取代早期的模型，如基于角色或自由支配的访问控制，有必要从已经部署的访问控制系统转换为ABAC。这个一般问题的几个变体可以被定义，其中一些已经被研究人员研究过。特别是ABAC策略挖掘问题，假设除了授权状态之外，还给出了系统中各种实体(如用户和对象)的属性值，需要从中发现ABAC策略。本文在此背景下形式化了ABAC规则集存在性问题，并给出了求解该问题的算法和复杂度分析。我们进一步介绍了ABAC规则集不可行性校正的概念，并给出了解决该问题的算法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

On the Feasibility of Attribute-Based Access Control Policy Mining

As the technology of attribute-based access control (ABAC) matures and begins to supplant earlier models such as role-based or discretionary access control, it becomes necessary to convert from already deployed access control systems to ABAC. Several variations of this general problem can be defined, some of which have been studied by researchers. In particular the ABAC policy mining problem assumes that attribute values for various entities such as users and objects in the system are given, in addition to the authorization state, from which the ABAC policy needs to be discovered. In this paper, we formalize the ABAC RuleSet Existence problem in this context and develop an algorithm and complexity analysis for its solution. We further introduce the notion of ABAC RuleSet Infeasibility Correction along with an algorithm for its solution.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 IEEE 20th International Conference on Information Reuse and Integration for Data Science (IRI)

自引率

0.00%

发文量