Policy adaptation in hierarchical attribute-based access control systems

Saptarshi Das; Shamik Sural; Jaideep Vaidya; Vijayalakshmi Atluri

doi:10.1145/3323233

Policy adaptation in hierarchical attribute-based access control systems

Saptarshi Das, Shamik Sural, Jaideep Vaidya, Vijayalakshmi Atluri

Rutgers Business School, Management & Information Systems

Research output: Contribution to journal › Article › peer-review

5 Scopus citations

Abstract

In Attribute-Based Access Control (ABAC), access to resources is given based on the attributes of subjects, objects, and environment. There is an imminent need for the development of efficient algorithms that enable migration to ABAC. However, existing policy mining approaches do not consider possible adaptation to the policy of a similar organization. In this article, we address the problem of automatically determining an optimal assignment of attribute values to subjects for enabling the desired accesses to be granted while minimizing the number of ABAC rules used by each subject or other appropriate metrics. We show the problem to be NP-Complete and propose a heuristic solution.

Original language	English (US)
Article number	40
Journal	ACM Transactions on Internet Technology
Volume	19
Issue number	3
DOIs	https://doi.org/10.1145/3323233
State	Published - Oct 2019

All Science Journal Classification (ASJC) codes

Computer Networks and Communications

Keywords

ABAC policy
Attribute value hierarchy
Policy adaptation

Access to Document

10.1145/3323233

Cite this

@article{dbfca9e7027d4069a572759653d3dc4e,

title = "Policy adaptation in hierarchical attribute-based access control systems",

abstract = "In Attribute-Based Access Control (ABAC), access to resources is given based on the attributes of subjects, objects, and environment. There is an imminent need for the development of efficient algorithms that enable migration to ABAC. However, existing policy mining approaches do not consider possible adaptation to the policy of a similar organization. In this article, we address the problem of automatically determining an optimal assignment of attribute values to subjects for enabling the desired accesses to be granted while minimizing the number of ABAC rules used by each subject or other appropriate metrics. We show the problem to be NP-Complete and propose a heuristic solution.",

keywords = "ABAC policy, Attribute value hierarchy, Policy adaptation",

author = "Saptarshi Das and Shamik Sural and Jaideep Vaidya and Vijayalakshmi Atluri",

note = "Funding Information: Research reported in this publication was supported by the National Institutes of Health under award R01GM118574, and by the National Science Foundation under awards CNS-1564034, CNS-1624503 and CNS-1747728. The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research. Authors{\textquoteright} addresses: S. Das and S. Sural, Dept. of Computer Science & Engineering, Indian Institute of Technology Kharag-pur, West Bengal, 721302, India; emails: saptarshidas13@iitkgp.ac.in, shamik@cse.iitkgp.ac.in; J. Vaidya and V. Atluri, MSIS Department, Rutgers University, 1 Washington Park Newark, NJ 07102-1803 USA; emails: jsvaidya@business.rutgers.edu, atluri@rutgers.edu. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. {\textcopyright} 2019 Association for Computing Machinery. 1533-5399/2019/08-ART40 $15.00 https://doi.org/10.1145/3323233 Publisher Copyright: {\textcopyright} 2019 Association for Computing Machinery.",

year = "2019",

month = oct,

doi = "10.1145/3323233",

language = "English (US)",

volume = "19",

journal = "ACM Transactions on Internet Technology",

issn = "1533-5399",

publisher = "Association for Computing Machinery (ACM)",

number = "3",

}

TY - JOUR

T1 - Policy adaptation in hierarchical attribute-based access control systems

AU - Das, Saptarshi

AU - Sural, Shamik

AU - Vaidya, Jaideep

AU - Atluri, Vijayalakshmi

N1 - Funding Information: Research reported in this publication was supported by the National Institutes of Health under award R01GM118574, and by the National Science Foundation under awards CNS-1564034, CNS-1624503 and CNS-1747728. The content is solely the responsibility of the authors and does not necessarily represent the official views of the agencies funding the research. Authors’ addresses: S. Das and S. Sural, Dept. of Computer Science & Engineering, Indian Institute of Technology Kharag-pur, West Bengal, 721302, India; emails: saptarshidas13@iitkgp.ac.in, shamik@cse.iitkgp.ac.in; J. Vaidya and V. Atluri, MSIS Department, Rutgers University, 1 Washington Park Newark, NJ 07102-1803 USA; emails: jsvaidya@business.rutgers.edu, atluri@rutgers.edu. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. © 2019 Association for Computing Machinery. 1533-5399/2019/08-ART40 $15.00 https://doi.org/10.1145/3323233 Publisher Copyright: © 2019 Association for Computing Machinery.

PY - 2019/10

Y1 - 2019/10

N2 - In Attribute-Based Access Control (ABAC), access to resources is given based on the attributes of subjects, objects, and environment. There is an imminent need for the development of efficient algorithms that enable migration to ABAC. However, existing policy mining approaches do not consider possible adaptation to the policy of a similar organization. In this article, we address the problem of automatically determining an optimal assignment of attribute values to subjects for enabling the desired accesses to be granted while minimizing the number of ABAC rules used by each subject or other appropriate metrics. We show the problem to be NP-Complete and propose a heuristic solution.

AB - In Attribute-Based Access Control (ABAC), access to resources is given based on the attributes of subjects, objects, and environment. There is an imminent need for the development of efficient algorithms that enable migration to ABAC. However, existing policy mining approaches do not consider possible adaptation to the policy of a similar organization. In this article, we address the problem of automatically determining an optimal assignment of attribute values to subjects for enabling the desired accesses to be granted while minimizing the number of ABAC rules used by each subject or other appropriate metrics. We show the problem to be NP-Complete and propose a heuristic solution.

KW - ABAC policy

KW - Attribute value hierarchy

KW - Policy adaptation

UR - http://www.scopus.com/inward/record.url?scp=85074842387&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85074842387&partnerID=8YFLogxK

U2 - 10.1145/3323233

DO - 10.1145/3323233

M3 - Article

AN - SCOPUS:85074842387

SN - 1533-5399

VL - 19

JO - ACM Transactions on Internet Technology

JF - ACM Transactions on Internet Technology

IS - 3

M1 - 40

ER -

Policy adaptation in hierarchical attribute-based access control systems

Abstract

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this