research-article

Towards an Automatic Top-down Role Engineering Approach Using Natural Language Processing Techniques

Authors:

Masoud Narouei,

Hassan TakabiAuthors Info & Claims

SACMAT '15: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies

Pages 157 - 160

https://doi.org/10.1145/2752952.2752958

Published: 01 June 2015 Publication History

Get Access

Abstract

Role Based Access Control (RBAC) is the most widely used model for access control due to the ease of administration as well as economic benefits it provides. In order to deploy an RBAC system, one requires to first identify a complete set of roles. This process, known as role engineering, has been identified as one of the costliest tasks in migrating to RBAC. In this paper, we propose a top-down role engineering approach and take the first steps towards using natural language processing techniques to extract policies from unrestricted natural language documents. Most organizations have high-level requirement specifications that include a set of access control policies which describes allowable operations for the system. However, it is very time consuming, labor-intensive, and error-prone to manually sift through these natural language documents to identify and extract access control policies. Our goal is to automate this process to reduce manual efforts and human errors. We apply natural language processing techniques, more specifically semantic role labeling to automatically extract access control policies from unrestricted natural language documents, define roles, and build an RBAC model. Our preliminary results are promising and by applying semantic role labeling to automatically identify predicate-argument structure, and a set of predefined rules on the extracted arguments, we were able correctly identify access control policies with a precision of 75%, recall of 88%, and F1 score of 80%.

References

[1]

Collobert, R., Weston. J., Bottou, L., Karlen, M., Kavukcuoglu. K., and Kuksa P. 2011. Natural Language Processing (Almost) from Scratch, Journal of Machine Learning Research (JMLR), 2011.

Digital Library

Google Scholar

[2]

Federal information security management act of 2002, 2002. Title III of the E-Government Act of 2002.

Google Scholar

[3]

Meneely, A., Smith, B., Williams, L., 2011. iTrust Electronic Health Care System: A Case Study. Software System Traceability.

Google Scholar

[4]

Takabi, H. and Joshi, J., StateMiner: an efficient similarity-based approach for optimal mining of role hierarchy. In Proceedings of the 15th ACM symposium on Access control models and technologies (SACMAT '10). ACM, New York, NY, USA, 55--64.

Digital Library

Google Scholar

[5]

Multilingual Information Extraction and Summarization. T. Poibeau, eds. Springer Berlin Heidelberg. 23--50.

Google Scholar

[6]

Sinha, A., Sutton, Jr, S. M., and Paradkar, A. 2010. Text2test: Automated inspection of natural language use cases. In Proc. ICST, pages 155--164, 2010.

Digital Library

Google Scholar

[7]

Slankas, j., Xiao, X., Williams, L., and Xie, T. 2014. Relation Extraction for Inferring Access Control Rules from Natural Language Artifacts. In Proceedings of the of 2014 Annual Computer Security Applications Conference (ACSAC 2014), New Orleans, LA.

Digital Library

Google Scholar

[8]

Socher, R., Bauer, J., Manning, C. D., Y. Ng. A, 2013. Parsing with Compositional Vector Grammars. In Proc. ACL. (2013).

Google Scholar

[9]

Xiao, X., Paradkar, A., Thummalapenta, S., and Xie. T. 2012 Automated extraction of security policies from natural-language software documents. In Proc. 20th FSE, November 2012.

Digital Library

Google Scholar

Cited By

View all

Zhu FYang CZhu LZuo HGu J(2024)MFC-RMA (Matrix Factorization and Constraints- Role Mining Algorithm): An Optimized Role Mining AlgorithmSymmetry10.3390/sym1608100816:8(1008)Online publication date: 7-Aug-2024
https://doi.org/10.3390/sym16081008
Ma LYang ZBu ZLao QYang W(2023)Statement Recognition of Access Control Policies in IoT NetworksSensors10.3390/s2318793523:18(7935)Online publication date: 16-Sep-2023
https://doi.org/10.3390/s23187935
Shen ZGao NLiu ZLi MWang C(2021)Using Chinese Natural Language to Configure Authorization Policies in Attribute-Based Access Control SystemScience of Cyber Security10.1007/978-3-030-89137-4_8(110-125)Online publication date: 10-Oct-2021
https://doi.org/10.1007/978-3-030-89137-4_8
Show More Cited By

Index Terms

Towards an Automatic Top-down Role Engineering Approach Using Natural Language Processing Techniques

Recommendations

Automatic Top-Down Role Engineering Framework Using Natural Language Processing Techniques
Information Security Theory and Practice
Abstract
A challenging problem in managing large networks is the complexity of security administration. Role Based Access Control (RBAC) is the most well-known access control model in diverse enterprises of all sizes because of its ease of administration ...
The ARBAC97 model for role-based administration of roles
Special issue on role-based access control

In role-based access control (RBAC), permissions are associated with roles' and users are made members of roles, thereby acquiring the roles; permissions. RBAC's motivation is to simplify administration of authorizations. An appealing possibility is to ...
Practical Role-Based Access Control

This article presents access control from a general and a role-based perspective. The article's focus is role based Access Control from a practical vice a theoretical perspective. The article starts with some access control definitions and two secure ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SACMAT '15: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies

June 2015

242 pages

ISBN:9781450335560

DOI:10.1145/2752952

General Chair:
Edgar Weippl
SBA Research, Austria
,
Program Chairs:
Florian Kerschbaum
SAP, Germany
,
Adam J. Lee
University of Pittsburgh, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 June 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '15

Sponsor:

SIGSAC

SACMAT '15: 20th ACM Symposium on Access Control Models and Technologies

June 1 - 3, 2015

Vienna, Austria

Acceptance Rates

SACMAT '15 Paper Acceptance Rate 17 of 59 submissions, 29%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
257
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zhu FYang CZhu LZuo HGu J(2024)MFC-RMA (Matrix Factorization and Constraints- Role Mining Algorithm): An Optimized Role Mining AlgorithmSymmetry10.3390/sym1608100816:8(1008)Online publication date: 7-Aug-2024
https://doi.org/10.3390/sym16081008
Ma LYang ZBu ZLao QYang W(2023)Statement Recognition of Access Control Policies in IoT NetworksSensors10.3390/s2318793523:18(7935)Online publication date: 16-Sep-2023
https://doi.org/10.3390/s23187935
Shen ZGao NLiu ZLi MWang C(2021)Using Chinese Natural Language to Configure Authorization Policies in Attribute-Based Access Control SystemScience of Cyber Security10.1007/978-3-030-89137-4_8(110-125)Online publication date: 10-Oct-2021
https://doi.org/10.1007/978-3-030-89137-4_8
Alohaly MTakabi D(2021)A Hybrid Policy Engineering Approach for Attribute-Based Access Control (ABAC)Proceedings of the 12th International Conference on Soft Computing and Pattern Recognition (SoCPaR 2020)10.1007/978-3-030-73689-7_80(847-857)Online publication date: 16-Apr-2021
https://doi.org/10.1007/978-3-030-73689-7_80
Liu ADu XWang N(2020)Access Control Role Evolution Mechanism for Open Computing EnvironmentElectronics10.3390/electronics90305179:3(517)Online publication date: 21-Mar-2020
https://doi.org/10.3390/electronics9030517
Jia JGuan JWang L(2020)Role Mining: Survey and Suggestion on Role Mining in Access ControlMobile Internet Security10.1007/978-981-15-9609-4_4(34-50)Online publication date: 2-Nov-2020
https://doi.org/10.1007/978-981-15-9609-4_4
Sun WSu HLiu H(2019)Role-Engineering Optimization with Cardinality Constraints and User-Oriented Mutually Exclusive ConstraintsInformation10.3390/info1011034210:11(342)Online publication date: 4-Nov-2019
https://doi.org/10.3390/info10110342
Sun WWei SGuo HLiu H(2019)Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for AuthorizationsFuture Internet10.3390/fi1109020111:9(201)Online publication date: 19-Sep-2019
https://doi.org/10.3390/fi11090201
Alohaly MTakabi HBlanco E(2019)Automated extraction of attributes from natural language attribute-based access control (ABAC) PoliciesCybersecurity10.1186/s42400-018-0019-22:1Online publication date: 21-Jan-2019
https://doi.org/10.1186/s42400-018-0019-2
Narouei MTakabi H(2019)A Nature-Inspired Framework for Optimal Mining of Attribute-Based Access Control PoliciesSecurity and Privacy in Communication Networks10.1007/978-3-030-37231-6_29(489-506)Online publication date: 11-Dec-2019
https://doi.org/10.1007/978-3-030-37231-6_29
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Automatic Top-Down Role Engineering Framework Using Natural Language Processing Techniques

The ARBAC97 model for role-based administration of roles

Practical Role-Based Access Control