research-article

The Next 700 Policy Miners: A Universal Method for Building Policy Miners

Authors:

Carlos Cotrini,

David BasinAuthors Info & Claims

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 95 - 112

https://doi.org/10.1145/3319535.3354196

Published: 06 November 2019 Publication History

Abstract

A myriad of access control policy languages have been and continue to be proposed. The design of policy miners for each such language is a challenging task that has required specialized machine learning and combinatorial algorithms. We present an alternative method, universal access control policy mining (Unicorn). We show how this method streamlines the design of policy miners for a wide variety of policy languages including ABAC, RBAC, RBAC with user-attribute constraints, RBAC with spatio-temporal constraints, and an expressive fragment of XACML. For the latter two, there were no known policy miners until now. To design a policy miner using Unicorn, one needs a policy language and a metric quantifying how well a policy fits an assignment of permissions to users. From these, one builds the policy miner as a search algorithm that computes a policy that best fits the given permission assignment. We experimentally evaluate the policy miners built with Unicorn on logs from Amazon and access control matrices from other companies. Despite the genericity of our method, our policy miners are competitive with and sometimes even better than specialized state-of-the-art policy miners. The true positive rates of policies we mined differ by only 5% from the policies mined by the state of the art and the false positive rates are always below 5%. In the case of ABAC, it even outperforms the state of the art.

Supplementary Material

WEBM File (p95-cotrini.webm)

Download
121.60 MB

References

[1]

Subhendu Aich, Shamik Sural, and Arun K Majumdar. 2007. STARBAC: Spatiotemporal Role Based Access Control. In OTM Confederated International Conferences" On the Move to Meaningful Internet Systems". Springer, 1567--1582.

[2]

Elaine Angelino, Nicholas Larus-Stone, Daniel Alabi, Margo Seltzer, and Cynthia Rudin. 2017. Learning Certifiably Optimal Rule Lists. In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 35--44.

Digital Library

[3]

Konstantine Arkoudas, Ritu Chadha, and Jason Chiang. 2014. Sophisticated Access Control via SMT and Logical Frameworks. ACM Transactions on Information and System Security (TISSEC), Vol. 16, 4 (2014), 17.

Digital Library

[4]

Ameni Ben Fadhel, Domenico Bianculli, and Lionel Briand. 2016a. GemRBAC-DSL: a High-level Specification Language for Role-based Access Control Policies. In Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies. ACM, 179--190.

Digital Library

[5]

Ameni Ben Fadhel, Domenico Bianculli, Lionel Briand, and Benjamin Hourte. 2016b. A Model-driven Approach to Representing and Checking RBAC Contextual Policies. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy. ACM, 243--253.

[6]

Elisa Bertino, Piero Andrea Bonatti, and Elena Ferrari. 2001. TRBAC: A temporal Role-based Access Control Model. ACM Transactions on Information and System Security (TISSEC), Vol. 4, 3 (2001), 191--233.

Digital Library

[7]

Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2017. ABAC with Group Attributes and Attribute Hierarchies Utilizing the Policy Machine. In Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control. ACM, 17--28.

Digital Library

[8]

Rafae Bhatti, Arif Ghafoor, Elisa Bertino, and James BD Joshi. 2005. X-GTRBAC: an XML-based Policy Specification Framework and Architecture for Enterprise-wide Access Control. ACM Transactions on Information and System Security (TISSEC), Vol. 8, 2 (2005), 187--227.

Digital Library

[9]

Christopher M Bishop. 2006. Pattern recognition and machine learning .springer.

[10]

Prosunjit Biswas, Ravi Sandhu, and Ram Krishnan. 2016. Label-based Access Control: an ABAC Model with Enumerated Authorization Policy. In Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control. ACM, 1--12.

Digital Library

[11]

David M Blei, Alp Kucukelbir, and Jon D McAuliffe. 2017. Variational Inference: A Review for Statisticians. J. Amer. Statist. Assoc., Vol. 112, 518 (2017), 859--877.

[12]

Thang Bui, Scott D Stoller, and Jiajie Li. 2017. Mining Relationship-Based Access Control Policies. arXiv preprint arXiv:1708.04749 (2017).

[13]

Suroop Mohan Chandran and James BD Joshi. 2005. LoT-RBAC: a Location and Time-based RBAC Model. In International Conference on Web Information Systems Engineering. Springer, 361--375.

Digital Library

[14]

Suresh N Chari and Ian M Molloy. 2016. Generation of Attribute Based Access Control Policy from Existing Authorization System. US Patent 9,264,451.

[15]

Liang Chen and Jason Crampton. 2008. On Spatio-temporal Constraints and Inheritance in Role-based Access Control. In Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security. ACM, 205--216.

Digital Library

[16]

Yuan Cheng, Khalid Bijon, and Ravi Sandhu. 2016. Extended ReBAC Administrative Models with Cascading Revocation and Provenance Support. In Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies (SACMAT '16). ACM, New York, NY, USA, 161--170. https://doi.org/10.1145/2914642.2914655

Digital Library

[17]

Peter Clark and Robin Boswell. 1991. Rule Induction with CN2: Some Recent Improvements. In European Working Session on Learning. Springer, 151--163.

[18]

Carlos Cotrini, Thilo Weghorn, and David Basin. 2018. Mining ABAC Rules from Sparse Logs. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE.

[19]

Carlos Cotrini, Thilo Weghorn, David Basin, and Manuel Clavel. 2015. Analyzing First-order Role Based Access Control. In Computer Security Foundations Symposium (CSF), 2015 IEEE 28th. IEEE, 3--17.

[20]

Xiutao Cui, Yuliang Chen, and Junzhong Gu. 2007. Ex-RBAC: an Extended Role Based Access Control Model for Location-aware Mobile Collaboration System. In Internet Monitoring and Protection, 2007. ICIMP 2007. Second International Conference on. IEEE, 36--36.

Digital Library

[21]

Massimiliano de Leoni and Wil MP van der Aalst. 2013. Data-aware Process Mining: Discovering Decisions in Processes Using Alignments. In Proceedings of the 28th annual ACM Symposium on Applied Computing. ACM, 1454--1461.

[22]

AG D'yakonov. 2015. Solution Methods for Classification Problems with Categorical Attributes. Computational Mathematics and Modeling, Vol. 26, 3 (2015), 408--428.

Digital Library

[23]

H-D Ebbinghaus, Jörg Flum, and Wolfgang Thomas. 2013. Mathematical logic .Springer Science & Business Media.

[24]

Herbert Enderton and Herbert B Enderton. 2001. A mathematical introduction to logic .Elsevier.

[25]

Alina Ene, William Horne, Nikola Milosavljevic, Prasad Rao, Robert Schreiber, and Robert E Tarjan. 2008. Fast exact and heuristic methods for role minimization problems. In Proceedings of the 13th ACM symposium on Access control models and technologies. ACM, 1--10.

Digital Library

[26]

David F Ferraiolo, Ravi Sandhu, Serban Gavrila, D Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), Vol. 4, 3 (2001), 224--274.

Digital Library

[27]

Kathi Fisler, Shriram Krishnamurthi, Leo A Meyerovich, and Michael Carl Tschantz. 2005. Verification and change-impact analysis of access-control policies. In Proceedings of the 27th International Conference on Software Engineering. ACM, 196--205.

[28]

Philip WL Fong. 2011. Relationship-based access control: protection model and policy language. In Proceedings of the first ACM conference on Data and application security and privacy. ACM, 191--202.

Digital Library

[29]

Mario Frank, Joachim M Buhmann, and David Basin. 2010. On the definition of role mining. In Proceedings of the 15th ACM symposium on Access control models and technologies. ACM, 35--44.

Digital Library

[30]

Mario Frank, Joachim M Buhmann, and David Basin. 2013. Role mining with probabilistic models. ACM Transactions on Information and System Security (TISSEC), Vol. 15, 4 (2013), 15.

Digital Library

[31]

Mario Frank, Andreas P Streich, David Basin, and Joachim M Buhmann. 2009. A probabilistic approach to hybrid role mining. In Proceedings of the 16th ACM conference on Computer and communications security. ACM, 101--111.

Digital Library

[32]

Jerome Friedman, Trevor Hastie, and Robert Tibshirani. 2001. The elements of statistical learning. Vol. 1. Springer series in statistics New York, NY, USA:.

[33]

Mayank Gautam, Sadhana Jha, Shamik Sural, Jaideep Vaidya, and Vijayalakshmi Atluri. 2017. Poster: Constrained Policy Mining in Attribute Based Access Control. In Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies. ACM, 121--123.

Digital Library

[34]

Simon Godik and Tim Moses. 2002. Oasis extensible access control markup language (XACML). OASIS Committee Secification CS-XACML-specification-1.0 (2002).

[35]

Qi Guo, Jaideep Vaidya, and Vijayalakshmi Atluri. 2008. The role hierarchy mining problem: Discovery of optimal role hierarchies. In Computer Security Applications Conference, 2008. ACSAC 2008. Annual. IEEE, 237--246.

Digital Library

[36]

Thomas Hofmann and Joachim M Buhmann. 1997. Pairwise data clustering by deterministic annealing. IEEE transactions on pattern analysis and machine intelligence, Vol. 19, 1 (1997), 1--14.

Digital Library

[37]

Vincent C Hu, David Ferraiolo, Rick Kuhn, Arthur R Friedman, Alan J Lang, Margaret M Cogdell, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone, et al. 2013. Guide to attribute based access control (ABAC) definition and considerations (draft). NIST special publication, Vol. 800, 162 (2013).

[38]

IEEE. 2012. 2012 IEEE International workshop on machine learning for signal processing. Amazon data science competition. http://mlsp2012.conwiz.dk/index.php?id=43

[39]

Edwin T Jaynes. 1957. Information theory and statistical mechanics. Physical review, Vol. 106, 4 (1957), 620.

[40]

Sadhana Jha, Shamik Sural, Jaideep Vaidya, and Vijayalakshmi Atluri. 2014. Security analysis of temporal RBAC under an administrative model. Computers & Security, Vol. 46 (2014), 154--172.

[41]

James BD Joshi. 2004. Access-control language for multidomain environments. IEEE Internet Computing, Vol. 8, 6 (2004), 40--50.

Digital Library

[42]

Viktor Jovanoski and Nada Lavravc. 2001. Classification rule learning with APRIORI-C. In Portuguese Conference on Artificial Intelligence. Springer, 44--51.

[43]

Kaggle. 2013. Amazon.com -- Employee access challenge. http://www.kaggle.com/c/amazon-employee-access-challenge

[44]

Branko Kavvs ek and Nada Lavravc. 2006. APRIORI-SD: Adapting association rule learning to subgroup discovery. Applied Artificial Intelligence, Vol. 20, 7 (2006), 543--583.

[45]

HK Kesavan and JN Kapur. 1990. Maximum Entropy and Minimum Cross-Entropy Principles: Need for a Broader Perspective. In Maximum Entropy and Bayesian Methods. Springer, 419--432.

[46]

Scott Kirkpatrick, C Daniel Gelatt, and Mario P Vecchi. 1983. Optimization by simulated annealing. science, Vol. 220, 4598 (1983), 671--680.

[47]

Shriram Krishnamurthi. 2003. The CONTINUE server (or, How I administered PADL 2002 and 2003). In Practical aspects of declarative languages. Springer, 2--16.

[48]

Martin Kuhlmann, Dalia Shohat, and Gerhard Schimpf. 2003. Role mining-revealing business roles for security administration using data mining technology. In Proceedings of the eighth ACM symposium on Access control models and technologies. ACM, 179--186.

Digital Library

[49]

Mahendra Kumar and Richard E Newman. 2006. STRBAC--An approach towards spatio-temporal role-based access control. In Communication, Network, and Information Security. 150--155.

[50]

M. Lichman. 2013. UCI Machine Learning Repository. Amazon Access Samples Data Set. http://archive.ics.uci.edu/ml/datasets/Amazon+Access+Samples

[51]

Haibing Lu, Jaideep Vaidya, and Vijayalakshmi Atluri. 2008. Optimal boolean matrix decomposition: Application to role engineering. In Data Engineering, 2008. ICDE 2008. IEEE 24th International Conference on. IEEE, 297--306.

Digital Library

[52]

Barsha Mitra, Shamik Sural, Vijayalakshmi Atluri, and Jaideep Vaidya. 2013. Towards mining of temporal roles. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 65--80.

[53]

Barsha Mitra, Shamik Sural, Vijayalakshmi Atluri, and Jaideep Vaidya. 2015. The generalized temporal role mining problem. Journal of Computer Security, Vol. 23, 1 (2015), 31--58.

Digital Library

[54]

Barsha Mitra, Shamik Sural, Jaideep Vaidya, and Vijayalakshmi Atluri. 2016a. Mining temporal roles using many-valued concepts. Computers & Security, Vol. 60 (2016), 79--94.

Digital Library

[55]

Barsha Mitra, Shamik Sural, Jaideep Vaidya, and Vijayalakshmi Atluri. 2016b. A survey of role mining. ACM Computing Surveys (CSUR), Vol. 48, 4 (2016), 50.

Digital Library

[56]

Ian Molloy, Youngja Park, and Suresh Chari. 2012. Generative models for access control policies: applications to role mining over logs with attribution. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies. ACM, 45--56.

Digital Library

[57]

Subhojeet Mukherjee, Indrakshi Ray, Indrajit Ray, Hossein Shirazi, Toan Ong, and Michael G. Kahn. 2017. Attribute Based Access Control for Healthcare Resources. In Proceedings of the 2Nd ACM Workshop on Attribute-Based Access Control (ABAC '17). ACM, New York, NY, USA, 29--40. https://doi.org/10.1145/3041048.3041055

[58]

Adam Paszke, Sam Gross, Soumith Chintala, Gregory Chanan, Edward Yang, Zachary DeVito, Zeming Lin, Alban Desmaison, Luca Antiga, and Adam Lerer. 2017. Automatic differentiation in pytorch. (2017).

[59]

David Martin Powers. 2011. Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation. (2011).

[60]

Indrakshi Ray and Manachai Toahchoodee. 2007. A spatio-temporal role-based access control model. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 211--226.

[61]

Kenneth Rose. 1998. Deterministic annealing for clustering, compression, classification, regression, and related optimization problems. Proc. IEEE, Vol. 86, 11 (1998), 2210--2239.

[62]

Kenneth Rose, Eitan Gurewitz, and Geoffrey C Fox. 1992. Vector quantization by deterministic annealing. IEEE Transactions on Information theory, Vol. 38, 4 (1992), 1249--1257.

Digital Library

[63]

Jürgen Schlegelmilch and Ulrike Steffens. 2005. Role mining with ORCA. In Proceedings of the tenth ACM symposium on Access control models and technologies. ACM, 168--176.

Digital Library

[64]

Scikit-learn. 2007--2017. Tuning the hyper-parameters of an estimator. http://scikit-learn.org/stable/modules/grid_search.html

[65]

Dan Steinberg and Phillip Colla. 2009. CART: classification and regression trees. The top ten algorithms in data mining, Vol. 9 (2009), 179.

[66]

Scott D Stoller and Thang Bui. 2016. Mining hierarchical temporal roles with multiple metrics. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 79--95.

[67]

Andreas P Streich, Mario Frank, David Basin, and Joachim M Buhmann. 2009. Multi-assignment clustering for Boolean data. In Proceedings of the 26th annual international conference on machine learning. ACM, 969--976.

Digital Library

[68]

Y Tikochinsky, NZ Tishby, and Raphael David Levine. 1984. Alternative approach to maximum-entropy inference. Physical Review A, Vol. 30, 5 (1984), 2638.

[69]

Manachai Toahchoodee, Indrakshi Ray, Kyriakos Anastasakis, Geri Georg, and Behzad Bordbar. 2009. Ensuring spatio-temporal access control for real-world applications. In Proceedings of the 14th ACM symposium on Access control models and technologies. ACM, 13--22.

Digital Library

[70]

Petar Tsankov, Srdjan Marinovic, Mohammad Torabi Dashti, and David Basin. 2014. Decentralized composite access control. In International Conference on Principles of Security and Trust. Springer, 245--264.

[71]

Fatih Turkmen, Jerry den Hartog, Silvio Ranise, and Nicola Zannone. 2015. Analysis of XACML policies with SMT. In International Conference on Principles of Security and Trust. Springer, 115--134.

Digital Library

[72]

Jaideep Vaidya, Vijayalakshmi Atluri, and Qi Guo. 2007. The role mining problem: finding a minimal descriptive set of roles. In Proceedings of the 12th ACM symposium on Access control models and technologies. ACM, 175--184.

Digital Library

[73]

Jaideep Vaidya, Vijayalakshmi Atluri, and Qi Guo. 2010. The role mining problem: A formal perspective. ACM Transactions on Information and System Security (TISSEC), Vol. 13, 3 (2010), 27.

Digital Library

[74]

Jaideep Vaidya, Vijayalakshmi Atluri, and Janice Warner. 2006. RoleMiner: mining roles using subset enumeration. In Proceedings of the 13th ACM conference on Computer and communications security. ACM, 144--153.

Digital Library

[75]

Zhongyuan Xu and Scott D Stoller. 2012. Algorithms for mining meaningful roles. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies. ACM, 57--66.

Digital Library

[76]

Zhongyuan Xu and Scott D Stoller. 2014. Mining Attribute-Based Access Control Policies from Logs. In Data and Applications Security and Privacy XXVIII. Springer, 276--291.

[77]

Zhongyuan Xu and Scott D Stoller. 2015. Mining attribute-based access control policies. IEEE Transactions on Dependable and Secure Computing, Vol. 12, 5 (2015), 533--545.

Digital Library

[78]

Kan Yang, Zhen Liu, Xiaohua Jia, and Xuemin Sherman Shen. 2016. Time-domain attribute-based access control for cloud-based video content sharing: A cryptographic approach. IEEE Transactions on Multimedia, Vol. 18, 5 (2016), 940--950.

Digital Library

[79]

Qiang Yang, Haining Henry Zhang, and Tianyi Li. 2001. Mining web logs for prediction models in WWW caching and prefetching. In Proceedings of the seventh ACM SIGKDD international conference on Knowledge discovery and data mining. ACM, 473--478.

Digital Library

[80]

Dana Zhang, Kotagiri Ramamohanarao, and Tim Ebringer. 2007. Role engineering using graph optimisation. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. ACM, 139--144.

Digital Library

Cited By

Bamberger AFernández MGupta MAbdelsalam MPritom MAwaysheh F(2024)Automated Generation and Update of Structured ABAC PoliciesProceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3643650.3658608(31-40)Online publication date: 21-Jun-2024
https://dl.acm.org/doi/10.1145/3643650.3658608
Guo YWang XYu MLi FPang ZFang L(2024)An on-the-fly framework for usable access control policy miningComputers & Security10.1016/j.cose.2024.104211(104211)Online publication date: Nov-2024
https://doi.org/10.1016/j.cose.2024.104211
Shang SWang XLiu A(2024)ABAC policy mining method based on hierarchical clustering and relationship extractionComputers and Security10.1016/j.cose.2024.103717139:COnline publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103717
Show More Cited By

Index Terms

The Next 700 Policy Miners: A Universal Method for Building Policy Miners
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Supervised learning
        Supervised learning by classification
2. Security and privacy
  1. Security services
    1. Access control

Recommendations

Mining Positive and Negative Attribute-Based Access Control Policy Rules
SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies

Mining access control policies can reduce the burden of adopting more modern access control models by automating the process of generating policies based on existing authorization information in a system. Previous work in this area has focused on mining ...
Formal Analysis of ReBAC Policy Mining Feasibility
CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy

Relationship-Based Access Control (ReBAC) expresses authorization in terms of various direct and indirect relationships amongst entities, most commonly between users. The need for ReBAC policy mining arises when an existing access control system is ...
Mining a high level access control policy in a network with multiple firewalls

A policy mining approach that aims to automatically extract a high level of abstraction policy from the rules configured on a firewall has been recently proposed (Hachana et al., 2013). This technique is likely to considerably facilitate firewall ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

November 2019

2755 pages

ISBN:9781450367479

DOI:10.1145/3319535

General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 11 - 15, 2019

London, United Kingdom

Acceptance Rates

CCS '19 Paper Acceptance Rate 149 of 934 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
616
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)6

Reflects downloads up to 23 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bamberger AFernández MGupta MAbdelsalam MPritom MAwaysheh F(2024)Automated Generation and Update of Structured ABAC PoliciesProceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3643650.3658608(31-40)Online publication date: 21-Jun-2024
https://dl.acm.org/doi/10.1145/3643650.3658608
Guo YWang XYu MLi FPang ZFang L(2024)An on-the-fly framework for usable access control policy miningComputers & Security10.1016/j.cose.2024.104211(104211)Online publication date: Nov-2024
https://doi.org/10.1016/j.cose.2024.104211
Shang SWang XLiu A(2024)ABAC policy mining method based on hierarchical clustering and relationship extractionComputers and Security10.1016/j.cose.2024.103717139:COnline publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103717
Chiquito ABodin USchelén O(2023)Automated Management of Attribute-Based Policies for Access Control Using Tag-MatchingIECON 2023- 49th Annual Conference of the IEEE Industrial Electronics Society10.1109/IECON51785.2023.10312150(1-8)Online publication date: 16-Oct-2023
https://doi.org/10.1109/IECON51785.2023.10312150
Parkinson SKhan S(2022)A Survey on Empirical Security Analysis of Access Control Systems: A Real-World PerspectiveACM Computing Surveys10.1145/3533703Online publication date: 27-Apr-2022
https://doi.org/10.1145/3533703
Iyer PMasoumzadeh A(2022)Learning Relationship-Based Access Control Policies from Black-Box SystemsACM Transactions on Privacy and Security10.1145/351712125:3(1-36)Online publication date: 19-May-2022
https://dl.acm.org/doi/10.1145/3517121
Davari MZulkernine M(2022)Mining Attribute-Based Access Control PoliciesInformation Systems Security10.1007/978-3-031-23690-7_11(186-201)Online publication date: 11-Dec-2022
https://doi.org/10.1007/978-3-031-23690-7_11
Li CLi FHao ZYin LSun ZWang C(2021)An IoT Crossdomain Access Decision‐Making Method Based on Federated LearningWireless Communications and Mobile Computing10.1155/2021/80057692021:1Online publication date: 27-Dec-2021
https://doi.org/10.1155/2021/8005769
Bui TStoller SLobo JStoller SLiu P(2020)A Decision Tree Learning Approach for Mining Relationship-Based Access Control PoliciesProceedings of the 25th ACM Symposium on Access Control Models and Technologies10.1145/3381991.3395619(167-178)Online publication date: 10-Jun-2020
https://dl.acm.org/doi/10.1145/3381991.3395619
Lobo JBertino ERussos ALobo JStoller SLiu P(2020)On Security Policy MigrationsProceedings of the 25th ACM Symposium on Access Control Models and Technologies10.1145/3381991.3395613(179-188)Online publication date: 10-Jun-2020
https://dl.acm.org/doi/10.1145/3381991.3395613
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents