Poster: Constrained Policy Mining in Attribute Based Access Control

In practical access control systems, it is important to enforce an upper bound on the time taken to respond to an access request. This response time is directly influenced by the size (often called the weight) of each of the underlying access control rules. We present a constrained policy mining algorithm which takes an access control matrix as input and generates a set of attribute based access control (ABAC) rules, such that the weight of each rule is not more than a specified value and the sum of weights of all the rules is minimized. Our initial experiments show encouraging results.

[1]  Sylvia L. Osborn,et al.  Current Research and Open Problems in Attribute-Based Access Control , 2017, ACM Comput. Surv..

[2]  Marek Cygan,et al.  Exponential-time approximation of weighted set cover , 2009, Inf. Process. Lett..

[3]  Bernd Freisleben,et al.  Work in Progress: K-Nearest Neighbors Techniques for ABAC Policies Clustering , 2016, ABAC '16.

[4]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[5]  Vijayalakshmi Atluri,et al.  Meeting Cardinality Constraints in Role Mining , 2015, IEEE Transactions on Dependable and Secure Computing.

[6]  Scott D. Stoller,et al.  Mining Attribute-Based Access Control Policies , 2013, IEEE Transactions on Dependable and Secure Computing.