Related papers: An Automatic Attribute Based Access Control Policy Extraction from Access Logs

An Automatic Attribute Based Access Control Policy Extraction from Access Logs

URL: http://arxiv.org/abs/2003.07270v4
Date: Sat, 30 Jan 2021 17:43:34 GMT
Title: An Automatic Attribute Based Access Control Policy Extraction from Access Logs
Authors: Leila Karimi, Maryam Aldairi, James Joshi, Mai Abdelhakim
Abstract summary: An attribute-based access control (ABAC) model provides a more flexible approach for addressing the authorization needs of complex and dynamic systems. We present a methodology for automatically learning ABAC policy rules from access logs of a system to simplify the policy development process.
Score: 5.142415132534397
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: With the rapid advances in computing and information technologies, traditional access control models have become inadequate in terms of capturing fine-grained, and expressive security requirements of newly emerging applications. An attribute-based access control (ABAC) model provides a more flexible approach for addressing the authorization needs of complex and dynamic systems. While organizations are interested in employing newer authorization models, migrating to such models pose as a significant challenge. Many large-scale businesses need to grant authorization to their user populations that are potentially distributed across disparate and heterogeneous computing environments. Each of these computing environments may have its own access control model. The manual development of a single policy framework for an entire organization is tedious, costly, and error-prone. In this paper, we present a methodology for automatically learning ABAC policy rules from access logs of a system to simplify the policy development process. The proposed approach employs an unsupervised learning-based algorithm for detecting patterns in access logs and extracting ABAC authorization rules from these patterns. In addition, we present two policy improvement algorithms, including rule pruning and policy refinement algorithms to generate a higher quality mined policy. Finally, we implement a prototype of the proposed approach to demonstrate its feasibility.

Related papers

Access control in a distributed micro-cloud environment [0.0]
Attribute-Based Access Control models come at the cost of high policy management complexity. We propose an ABAC model that incorporates user and object hierarchies. We develop a policy engine that supports the model and present a distributed cloud use case.
arXiv Detail & Related papers (2024-10-26T21:09:09Z)
RAGent: Retrieval-based Access Control Policy Generation [1.2016264781280588]
RAGent is a novel retrieval-based access control policy generation framework based on language models. RAGent identifies access requirements from high-level requirement specifications with an average state-of-the-art F1 score of 87.9%. Unlike existing frameworks, RAGent generates policies with complex components like purposes and conditions, in addition to subjects, actions, and resources.
arXiv Detail & Related papers (2024-09-08T00:23:37Z)
Probabilistic Reach-Avoid for Bayesian Neural Networks [71.67052234622781]
We show that an optimal synthesis algorithm can provide more than a four-fold increase in the number of certifiable states. The algorithm is able to provide more than a three-fold increase in the average guaranteed reach-avoid probability.
arXiv Detail & Related papers (2023-10-03T10:52:21Z)
Sparsity-Aware Intelligent Massive Random Access Control in Open RAN: A Reinforcement Learning Based Approach [61.74489383629319]
Massive random access of devices in the emerging Open Radio Access Network (O-RAN) brings great challenge to the access control and management. reinforcement-learning (RL)-assisted scheme of closed-loop access control is proposed to preserve sparsity of access requests. Deep-RL-assisted SAUD is proposed to resolve highly complex environments with continuous and high-dimensional state and action spaces.
arXiv Detail & Related papers (2023-03-05T12:25:49Z)
Distributed-Training-and-Execution Multi-Agent Reinforcement Learning for Power Control in HetNet [48.96004919910818]
We propose a multi-agent deep reinforcement learning (MADRL) based power control scheme for the HetNet. To promote cooperation among agents, we develop a penalty-based Q learning (PQL) algorithm for MADRL systems. In this way, an agent's policy can be learned by other agents more easily, resulting in a more efficient collaboration process.
arXiv Detail & Related papers (2022-12-15T17:01:56Z)
Toward Deep Learning Based Access Control [3.2511618464944547]
This paper proposes Deep Learning Based Access Control (DLBAC) by leveraging significant advances in deep learning technology. DLBAC could complement and, in the long-term, has the potential to even replace, classical access control models with a neural network. We demonstrate the feasibility of the proposed approach by addressing issues related to accuracy, generalization, and explainability.
arXiv Detail & Related papers (2022-03-28T22:05:11Z)
Learning Robust Policy against Disturbance in Transition Dynamics via State-Conservative Policy Optimization [63.75188254377202]
Deep reinforcement learning algorithms can perform poorly in real-world tasks due to discrepancy between source and target environments. We propose a novel model-free actor-critic algorithm to learn robust policies without modeling the disturbance in advance. Experiments in several robot control tasks demonstrate that SCPO learns robust policies against the disturbance in transition dynamics.
arXiv Detail & Related papers (2021-12-20T13:13:05Z)
Policy Search for Model Predictive Control with Application to Agile Drone Flight [56.24908013905407]
We propose a policy-search-for-model-predictive-control framework for MPC. Specifically, we formulate the MPC as a parameterized controller, where the hard-to-optimize decision variables are represented as high-level policies. Experiments show that our controller achieves robust and real-time control performance in both simulation and the real world.
arXiv Detail & Related papers (2021-12-07T17:39:24Z)
Adaptive ABAC Policy Learning: A Reinforcement Learning Approach [2.5997274006052544]
We propose an adaptive ABAC policy learning approach to automate the authorization management task. In particular, we propose a contextual bandit system, in which an authorization engine adapts an ABAC model through a feedback control loop. We focus on developing an adaptive ABAC policy learning model for a home IoT environment as a running example.
arXiv Detail & Related papers (2021-05-18T15:18:02Z)
Learning High-Level Policies for Model Predictive Control [54.00297896763184]
Model Predictive Control (MPC) provides robust solutions to robot control tasks. We propose a self-supervised learning algorithm for learning a neural network high-level policy. We show that our approach can handle situations that are difficult for standard MPC.
arXiv Detail & Related papers (2020-07-20T17:12:34Z)

This list is automatically generated from the titles and abstracts of the papers in this site.