Um Método para Extração e Refinamento de Políticas de Acesso baseado em Árvore de Decisão e Algoritmo Genético
Abstract
Attribute-Based Access control (ABAC) is becoming more and more popular. However, its adoption comes with a series of challenges that we must face off. Among them, the definition and maintenance of access policies are presented as one of the most complex challenges cause it is a time-demanding and challenging task. In this paper, we propose a method to mining access policies in access logs to simplify the definition and maintenance of access policies. Our proposal utilizes a supervised learning algorithm to create a decision tree that will be used to identify access patterns and build access policies. In this paper, we also propose a refinement method of the generated policies. Our refinement method uses a genetic algorithm to insert controlled distortions on the policy to get better results. Our evaluation uses synthetic and real data. The results show that our method creates valid policies, with an accuracy 10% higher than a similar method presented in the literature.
References
Amazon (2013). Amazon.com Employee Access Challenge. https://www.kaggle.com/c/amazon-employee-access-challenge/. [Último acesso em 21/02/2021].
Bui, T. and Stoller, S. D. (2020). Learning attribute-based and relationship-based access control policies with unknown values. In Int. Conf. on Information Systems Security, pages 23–44.
Cotrini, C., Weghorn, T., and Basin, D. (2018). Mining abac rules from sparse logs. In IEEE European Symposium on Security and Privacy (EuroS&P), pages 31–46.
Ding, S. and Ma, M. (2021). An attribute-based access control mechanism for blockchain-enabled internet of vehicles. In Advances in Computer, Communication and Computational Sciences.
Hu, V. C., Ferraiolo, D., Kuhn, R., Friedman, A. R., Lang, A. J., Cogdell, M. M., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K., et al. (2013). Guide to attribute based access control (abac) denition and considerations (draft). NIST special publication, 800(162).
Iyer, P. and Masoumzadeh, A. (2018). Mining positive and negative attribute-based access control policy rules. In ACM on Symposium on Access Control Models and Technologies.
Kramer, O. (2017). Genetic algorithms. In Genetic algorithm essentials, pages 11–19. Springer. Lu, H., Vaidya, J., and Atluri, V. (2008). Optimal boolean matrix decomposition: Application to role engineering. In IEEE 24th Int. Conf. on Data Engineering, pages 297–306.
Medvet, E., Bartoli, A., Carminati, B., and Ferrari, E. (2015). Evolutionary inference of attributebased access control policies. In Int. Conf. on Evolutionary Multi-Criterion Optimization.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., et al. (2011). Scikit-learn: Machine learning in python. the Journal of machine Learning research, 12:2825–2830.
Qiu, J., Tian, Z., Du, C., Zuo, Q., Su, S., and Fang, B. (2020). A survey on access control in the age of internet of things. IEEE Internet of Things Journal, 7(6):4682–4696.
Samarati, P. and de Vimercati, S. C. (2000). Access control: Policies, models, and mechanisms. In International School on Foundations of Security Analysis and Design, pages 137–196. Springer.
Talukdar, T., Batra, G., Vaidya, J., Atluri, V., and Sural, S. (2017). Efficient bottom-up mining of attribute based access control policies. In Int. Conf. on Collaboration and Internet Computing.
Thengade, A. and Dondal, R. (2012). Genetic algorithm–survey paper. In MPGI.
Umadevi, S. and Marseline, K. J. (2017). A survey on data mining classification algorithms. In Int. Conf. on Signal Processing and Communication, pages 264–268.
Xu, Z. and Stoller, S. D. (2014). Mining attribute-based access control policies. IEEE Transactions on Dependable and Secure Computing, 12(5):533–545.
Zhu, Y., Huang, D., Hu, C.-J., and Wang, X. (2014). From rbac to abac: constructing exible data access control for cloud storage services. IEEE Transactions on Services Computing.
