1 research outputs found
Learning Attribute-Based and Relationship-Based Access Control Policies with Unknown Values
Attribute-Based Access Control (ABAC) and Relationship-based access control
(ReBAC) provide a high level of expressiveness and flexibility that promote
security and information sharing, by allowing policies to be expressed in terms
of attributes of and chains of relationships between entities. Algorithms for
learning ABAC and ReBAC policies from legacy access control information have
the potential to significantly reduce the cost of migration to ABAC or ReBAC.
This paper presents the first algorithms for mining ABAC and ReBAC policies
from access control lists (ACLs) and incomplete information about entities,
where the values of some attributes of some entities are unknown. We show that
the core of this problem can be viewed as learning a concise three-valued logic
formula from a set of labeled feature vectors containing unknowns, and we give
the first algorithm (to the best of our knowledge) for that problem.Comment: arXiv admin note: text overlap with arXiv:1909.1209