short-paper

Generalized Mining of Relationship-Based Access Control Policies in Evolving Systems

Authors:

Padmavathi Iyer,

Amirreza MasoumzadehAuthors Info & Claims

SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

Pages 135 - 140

https://doi.org/10.1145/3322431.3325419

Published: 28 May 2019 Publication History

Abstract

Relationship-based access control (ReBAC) provides a flexible approach to specify policies based on relationships between system entities, which makes them a natural fit for many modern information systems, beyond online social networks. In this paper we are concerned with the problem of mining ReBAC policies from lower-level authorization information. Mining ReBAC policies can address transforming access control paradigms to ReBAC, reformulating existing ReBAC policies as more information becomes available, as well as inferring potentially unknown policies. Particularly, we propose a systematic algorithm for mining ReBAC authorization policies, and a first of its kind approach to mine graph transition policies that govern the evolution of ReBAC systems. Experimental evaluation manifests efficiency of the proposed approaches.

References

[1]

M. Berlingerio, F. Bonchi, B. Bringmann, and A. Gionis. Mining graph evolution rules. In joint European conference on machine learning and knowledge discovery in databases, pages 115--130. Springer, 2009.

[2]

B. Bringmann, M. Berlingerio, F. Bonchi, and A. Gionis. Learning and Predicting the Evolution of Social Networks. IEEE Intelligent Systems, 25(4):26--35, July 2010. issn: 1541--1672.

[3]

T. Bui, S. D. Stoller, and J. Li. Greedy and evolutionary algorithms for mining relationship-based access control policies. Computers & Security, 80: 317--333,2019.

[4]

T. Bui, S. D. Stoller, and J. Li. Mining Relationship-Based Access Control Policies. In Proceedings of the 22Nd ACM on Symposium on Access Control Models and Technologies, SACMAT '17 Abstracts, pages 239--246. ACM, 2017.

Digital Library

[5]

J. Cendrowska. PRISM: An algorithm for inducing modular rules. International Journal of Man-Machine Studies, 27(4):349--370, Oct. 1, 1987. issn: 0020--7373.

[6]

Y. Chi, Y. Xia, Y. Yang, and R. R. Muntz. Mining closed and maximal frequent subtrees from databases of labeled rooted trees. IEEE Transactions on Knowledge and Data Engineering, 17(2):190--202, Feb. 2005. issn: 1041--4347.

Digital Library

[7]

J. Crampton and J. Sellwood. ARPPM: Administration in the RPPM Model. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, CODASPY '16, pages 219--230. ACM, 2016.

Digital Library

[8]

J. Crampton and J. Sellwood. Path Conditions and Principal Matching: A New Approach to Access Control. In Proceedings of the 19th ACM Symposium on Access Control Models and Technologies, SACMAT '14, pages 187--198. ACM, 2014.

Digital Library

[9]

M. Decat, J. Bogaerts, B. Lagaisse, and W. Joosen. The work force management case study: functional analysis and access control requirements. CW Reports, volume CW655, 40, 2014.

[10]

P. W. Fong. Relationship-based access control: protection model and policy language. In Proc. CODASPY '11, pages 191--202. ACM, 2011.

Digital Library

[11]

P. W. Fong and I. Siahaan. Relationship-based access control policies and their policy languages. In Proc. 16th ACM Symposium on Access Control Models and Technologies, SACMAT '11, pages 51--60. ACM, 2011.

Digital Library

[12]

P. Iyer and A. Masoumzadeh. Mining Positive and Negative Attribute-Based Access Control Policy Rules. In Proceedings of the 23Nd ACM on Symposiumon Access Control Models and Technologies, SACMAT '18, pages 161--172. ACM, 2018.

Digital Library

[13]

M. Kuramochi and G. Karypis. Finding frequent patterns in a large sparse graph. In Proceedings of the 2004 SIAM International Conference on Data Mining, pages 345--356. SIAM, 2004.

[14]

A. Masoumzadeh. Inferring unknown privacy control policies in a social networking system. In Proceedings of the 14th ACM Workshop on Privacy in the Electronic Society, pages 21--25. ACM, 2015.

Digital Library

[15]

E. Medvet, A. Bartoli, B. Carminati, and E. Ferrari. Evolutionary inference of attribute-based access control policies. In International Conference on Evolutionary Multi-Criterion Optimization, pages 351--365. Springer, 2015.

[16]

B. Mitra, S. Sural, J. Vaidya, and V. Atluri. A Survey of Role Mining. ACM Comput. Surv., 48(4):50:1--50:37, Feb. 2016.issn: 0360-0300.

Digital Library

[17]

I. Molloy, N. Li, Y. A. Qi, J. Lobo, and L. Dickens. Mining roles with noisy data. In Proceedings of the 15th ACM symposium on Access control models and technologies, pages 45--54. ACM, 2010.

Digital Library

[18]

S. Z. R. Rizvi, P. W. Fong, J. Crampton, and J. Sellwood. Relationship-Based Access Control for an Open-Source Medical Records System. In Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, SACMAT'15, pages 113--124. ACM, 2015.

Digital Library

[19]

S. D. Stoller. An Administrative Model for Relationship-Based Access Control. In Springer Link. IFIP Annual Conference on Data and Applications Security and Privacy, pages 53--68. Springer, Cham, July 13, 2015.

[20]

Z. Xu and S. D. Stoller. Mining Attribute-Based Access Control Policies.IEEE Transactions on Dependable and Secure Computing, 12(5): 533--545, Sept. 2015. issn: 1545--5971.

[21]

X. Yan, H. Cheng, J. Han, and P. S. Yu. Mining Significant Graph Patterns by Leap Search. In Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, SIGMOD '08, pages 433--444. ACM, 2008.

Digital Library

[22]

X. Yan and J. Han. Gspan: graph-based substructure pattern mining. In 2002 IEEE International Conference on Data Mining, 2002. Proceedings. Pages 721--724. IEEE, 2002.

Digital Library

Cited By

Ruiz JNarendran PMasoumzadeh AIyer PNiu JVaidya J(2024)Converting Rule-Based Access Control Policies: From Complemented Conditions to Deny RulesProceedings of the 29th ACM Symposium on Access Control Models and Technologies10.1145/3649158.3657040(159-169)Online publication date: 24-Jun-2024
https://dl.acm.org/doi/10.1145/3649158.3657040
Farhadighalati NBarata JNikghadam-Hojjati SMarchetti E(2024)Behavioral and Human-Centric Access Control Model in XACML Reference Architecture: Design and Implementation of EHR Case StudyTechnological Innovation for Human-Centric Systems10.1007/978-3-031-63851-0_13(192-203)Online publication date: 28-Jun-2024
https://doi.org/10.1007/978-3-031-63851-0_13
Iyer PMasoumzadeh ARanise SCarbone RTakabi D(2023)Towards Automated Learning of Access Control Policies Enforced by Web ApplicationsProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3594743(163-168)Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1145/3589608.3594743
Show More Cited By

Index Terms

Generalized Mining of Relationship-Based Access Control Policies in Evolving Systems
1. Security and privacy
  1. Security services
    1. Access control

Recommendations

Mining Relationship-Based Access Control Policies
SACMAT '17 Abstracts: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies

Relationship-based access control (ReBAC) provides a high level of expressiveness and flexibility that promotes security and information sharing. We formulate ReBAC as an object-oriented extension of attribute-based access control (ABAC) in which ...
Mining Positive and Negative Attribute-Based Access Control Policy Rules
SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies

Mining access control policies can reduce the burden of adopting more modern access control models by automating the process of generating policies based on existing authorization information in a system. Previous work in this area has focused on mining ...
A Decision Tree Learning Approach for Mining Relationship-Based Access Control Policies
SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies

Relationship-based access control (ReBAC) provides a high level of expressiveness and flexibility that promotes security and information sharing, by allowing policies to be expressed in terms of chains of relationships between entities. ReBAC policy ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

May 2019

243 pages

ISBN:9781450367530

DOI:10.1145/3322431

General Chair:
Florian Kerschbaum
University of Waterloo, Canada
,
Program Chairs:
Atefeh Mashatan
Ryerson University, Canada
,
Jianwei Niu
University of Texas at San Antonio, USA
,
Adam J. Lee
University of Pittsburgh, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 May 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

SACMAT '19

Sponsor:

SIGSAC

SACMAT '19: The 24th ACM Symposium on Access Control Models and Technologies

June 3 - 6, 2019

Toronto ON, Canada

Acceptance Rates

SACMAT '19 Paper Acceptance Rate 12 of 52 submissions, 23%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
215
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)8

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ruiz JNarendran PMasoumzadeh AIyer PNiu JVaidya J(2024)Converting Rule-Based Access Control Policies: From Complemented Conditions to Deny RulesProceedings of the 29th ACM Symposium on Access Control Models and Technologies10.1145/3649158.3657040(159-169)Online publication date: 24-Jun-2024
https://dl.acm.org/doi/10.1145/3649158.3657040
Farhadighalati NBarata JNikghadam-Hojjati SMarchetti E(2024)Behavioral and Human-Centric Access Control Model in XACML Reference Architecture: Design and Implementation of EHR Case StudyTechnological Innovation for Human-Centric Systems10.1007/978-3-031-63851-0_13(192-203)Online publication date: 28-Jun-2024
https://doi.org/10.1007/978-3-031-63851-0_13
Iyer PMasoumzadeh ARanise SCarbone RTakabi D(2023)Towards Automated Learning of Access Control Policies Enforced by Web ApplicationsProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3594743(163-168)Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1145/3589608.3594743
Abu Jabal ABertino ELobo JVerma DCalo SRusso AShehab MFernandez MLi N(2023)FLAP - A Federated Learning Framework for Attribute-based Access Control PoliciesProceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy10.1145/3577923.3583641(263-272)Online publication date: 24-Apr-2023
https://dl.acm.org/doi/10.1145/3577923.3583641
Baumer TMüller MPernul G(2023)System for Cross-Domain Identity Management (SCIM): Survey and Enhancement With RBACIEEE Access10.1109/ACCESS.2023.330427011(86872-86894)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3304270
Arora CRizvi SFong PDietrich SChowdhury OTakabi D(2022)Higher-Order Relationship-Based Access Control: A Temporal Instantiation with IoT ApplicationsProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535026(223-234)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535026
Iyer PMasoumzadeh ADietrich SChowdhury OTakabi D(2022)Effective Evaluation of Relationship-Based Access Control Policy MiningProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535022(127-138)Online publication date: 7-Jun-2022
https://dl.acm.org/doi/10.1145/3532105.3535022
Talegaon SBatra GAtluri VSural SVaidya JDietrich SChowdhury OTakabi D(2022)Contemporaneous Update and Enforcement of ABAC PoliciesProceedings of the 27th ACM on Symposium on Access Control Models and Technologies10.1145/3532105.3535021(31-42)Online publication date: 8-Jun-2022
https://doi.org/10.1145/3532105.3535021
Iyer PMasoumzadeh A(2022)Learning Relationship-Based Access Control Policies from Black-Box SystemsACM Transactions on Privacy and Security10.1145/351712125:3(1-36)Online publication date: 19-May-2022
https://dl.acm.org/doi/10.1145/3517121
Chakraborty SSandhu RJoshi ACarminati BVerma R(2021)Formal Analysis of ReBAC Policy Mining FeasibilityProceedings of the Eleventh ACM Conference on Data and Application Security and Privacy10.1145/3422337.3447828(197-207)Online publication date: 26-Apr-2021
https://dl.acm.org/doi/10.1145/3422337.3447828
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents