7 research outputs found
Efficient and Extensible Policy Mining for Relationship-Based Access Control
Relationship-based access control (ReBAC) is a flexible and expressive
framework that allows policies to be expressed in terms of chains of
relationship between entities as well as attributes of entities. ReBAC policy
mining algorithms have a potential to significantly reduce the cost of
migration from legacy access control systems to ReBAC, by partially automating
the development of a ReBAC policy. Existing ReBAC policy mining algorithms
support a policy language with a limited set of operators; this limits their
applicability. This paper presents a ReBAC policy mining algorithm designed to
be both (1) easily extensible (to support additional policy language features)
and (2) scalable. The algorithm is based on Bui et al.'s evolutionary algorithm
for ReBAC policy mining algorithm. First, we simplify their algorithm, in order
to make it easier to extend and provide a methodology that extends it to handle
new policy language features. However, extending the policy language increases
the search space of candidate policies explored by the evolutionary algorithm,
thus causes longer running time and/or worse results. To address the problem,
we enhance the algorithm with a feature selection phase. The enhancement
utilizes a neural network to identify useful features. We use the result of
feature selection to reduce the evolutionary algorithm's search space. The new
algorithm is easy to extend and, as shown by our experiments, is more efficient
and produces better policies