Using Gini Impurity to Mine Attribute-based Access Control Policies with Environment Attributes

In Attribute-based Access Control (ABAC) systems, utilizing environment attributes along with the subject and object attributes introduces a dynamic nature to the access decisions. The inclusion of environment attributes helps in achieving a more fine-grained access control. In this paper, we present an ABAC policy mining algorithm that considers the environment attributes and their associated values while forming the rules. Furthermore, we use gini impurity to form the rules. This helps to minimize the number of rules in the generated policy. The experimental evaluation shows that our approach is quite effective in practice.

[1]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[2]  Vijayalakshmi Atluri,et al.  Meeting Cardinality Constraints in Role Mining , 2015, IEEE Transactions on Dependable and Secure Computing.

[3]  Scott D. Stoller,et al.  Mining Attribute-Based Access Control Policies , 2013, IEEE Transactions on Dependable and Secure Computing.

[4]  Leo Breiman,et al.  Technical note: Some properties of splitting criteria , 2004, Machine Learning.

[5]  Vijayalakshmi Atluri,et al.  Poster: Constrained Policy Mining in Attribute Based Access Control , 2017, SACMAT.

[6]  Sylvia L. Osborn,et al.  Current Research and Open Problems in Attribute-Based Access Control , 2017, ACM Comput. Surv..

[7]  Marek Cygan,et al.  Exponential-time approximation of weighted set cover , 2009, Inf. Process. Lett..

[8]  Bernd Freisleben,et al.  Work in Progress: K-Nearest Neighbors Techniques for ABAC Policies Clustering , 2016, ABAC '16.

[9]  Vijayalakshmi Atluri,et al.  Efficient Bottom-Up Mining of Attribute Based Access Control Policies , 2017, 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC).