Papers
Topics
Authors
Recent
2000 character limit reached

Quantifying Policy Administration Cost in an Active Learning Framework (2401.00086v1)

Published 29 Dec 2023 in cs.CR and cs.LG

Abstract: This paper proposes a computational model for policy administration. As an organization evolves, new users and resources are gradually placed under the mediation of the access control model. Each time such new entities are added, the policy administrator must deliberate on how the access control policy shall be revised to reflect the new reality. A well-designed access control model must anticipate such changes so that the administration cost does not become prohibitive when the organization scales up. Unfortunately, past Access Control research does not offer a formal way to quantify the cost of policy administration. In this work, we propose to model ongoing policy administration in an active learning framework. Administration cost can be quantified in terms of query complexity. We demonstrate the utility of this approach by applying it to the evolution of protection domains. We also modelled different policy administration strategies in our framework. This allowed us to formally demonstrate that domain-based policies have a cost advantage over access control matrices because of the use of heuristic reasoning when the policy evolves. To the best of our knowledge, this is the first work to employ an active learning framework to study the cost of policy deliberation and demonstrate the cost advantage of heuristic policy administration.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. D. Angluin. Learning regular sets from queries and counterexamples. Inf. Comput., 75(2):87–106, 1987.
  2. D. Angluin and J. Chen. Learning a hidden graph using O(log n) queries per edge. J. Comput. Syst. Sci., 74(4):546–556, 2008.
  3. Practical domain and type enforcement for UNIX. In Proceedings of S&P, pages 66–77. IEEE Computer Society, 1995.
  4. Efficient and extensible policy mining for relationship-based access control. In Proceedings of SACMAT, pages 161–172. ACM, 2019.
  5. Mining relationship-based access control policies. In Proceedings of SACMAT, pages 239–246. ACM, 2017.
  6. Greedy and evolutionary algorithms for mining relationship-based access control policies. Comput. Secur., 80:317–333, 2019.
  7. Introduction to Algorithms, 3rd Edition. MIT Press, 2009.
  8. Mining ABAC rules from sparse logs. In Proceedings of EuroS&P, pages 31–46. IEEE, 2018.
  9. Role mining with probabilistic models. ACM Trans. Inf. Syst. Secur., 15(4):15:1–15:28, 2013.
  10. A probabilistic approach to hybrid role mining. In Proceedings of CCS, pages 101–111. ACM, 2009.
  11. Brokering policies and execution monitors for IoT middleware. In Proceedings of SACMAT, pages 49–60. ACM, 2019.
  12. Protection: principles and practice. In Proceedings of AFIPS Spring Joint Computer Conference, volume 40 of AFIPS Conference Proceedings, pages 417–429. AFIPS, 1972.
  13. Rethinking access control and authentication for the home internet of things (IoT). In W. Enck and A. P. Felt, editors, Proceedings of USENIX, pages 255–272. USENIX Association, 2018.
  14. P. Hell and J. Nešetřil. The core of a graph. Discret. Math., 109(1-3):117–126, 1992.
  15. Attribute-based access control. Computer, 48(2):85–88, 2015.
  16. E. Ippoliti. Heuristic logic. a kernel. In D. Danks and E. Ippoliti, editors, Building Theories: Heuristics and Hypotheses in Sciences, pages 191–211. Springer, 2018.
  17. P. Iyer and A. Masoumzadeh. Mining positive and negative attribute-based access control policy rules. In Proceedings of SACMAT, pages 161–172. ACM, 2018.
  18. P. Iyer and A. Masoumzadeh. Generalized mining of relationship-based access control policies in evolving systems. In Proceedings of SACMAT, pages 135–140. ACM, 2019.
  19. P. Iyer and A. Masoumzadeh. Active learning of relationship-based access control policies. In Proceedings of SACMAT, pages 155–166. ACM, 2020.
  20. L. Karimi and J. Joshi. An unsupervised learning based approach for mining attribute based access control policies. In Proceedings of BigData, pages 1427–1436. IEEE, 2018.
  21. An Introduction to Computational Learning Theory. MIT Press, 1994.
  22. Evolutionary inference of attribute-based access control policies. In Proceedings of EMO, volume 9018 of Lecture Notes in Computer Science, pages 351–365. Springer, 2015.
  23. A survey of role mining. ACM Comput. Surv., 48(4):50:1–50:37, 2016.
  24. Mining roles with noisy data. In Proceedings of SACMAT, pages 45–54. ACM, 2010.
  25. Administration of machine learning based access control. In Proceedings of ESORICS, volume 13555 of Lecture Notes in Computer Science, pages 189–210. Springer, 2022.
  26. L. Reyzin and N. Srivastava. Learning and verifying graphs using queries with a focus on edge counting. In Proceedings of ALT, volume 4754 of Lecture Notes in Computer Science, pages 285–297. Springer, 2007.
  27. S. Ross. A first course in probability, 9th Edition. Pearson, 2012.
  28. Role-based access control models. Computer, 29(2):38–47, 1996.
  29. J. Schickore. Scientific Discovery. In E. N. Zalta and U. Nodelman, editors, The Stanford Encyclopedia of Philosophy. Metaphysics Research Lab, Stanford University, Winter 2022 edition, 2022.
  30. B. Settles. Active Learning. Synthesis Lectures on Artificial Intelligence and Machine Learning. Morgan & Claypool Publishers, 2012.
  31. The role mining problem: finding a minimal descriptive set of roles. In Proceedings of SACMAT, pages 175–184. ACM, 2007.
  32. Z. Xu and S. D. Stoller. Algorithms for mining meaningful roles. In Proceedings of SACMAT, pages 57–66. ACM, 2012.
  33. Z. Xu and S. D. Stoller. Mining parameterized role-based policies. In Proceedings of CODASPY, pages 255–266. ACM, 2013.
  34. Z. Xu and S. D. Stoller. Mining attribute-based access control policies. IEEE Trans. Dependable Secur. Comput., 12(5):533–545, 2015.
  35. S. Zhang and P. W. L. Fong. Mining domain-based policies. arXiv:2312.15596, Dec. 2023.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now

Whiteboard

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up