Abstract
Attribute-based access control (ABAC) represents a generic model of access control that provides a high level of flexibility and promotes information and security sharing. Since ABAC considers a large set of attributes for access decisions, using it might get very complicated for large systems. Hence, it is interesting to offer techniques to reduce the number of rules in ABAC policies without affecting the final decision. In this paper, we present an approach based on K-nearest neighbors algorithms for clustering ABAC policies. To the best of our knowledge, it is the first approach that aims to reduce the number of policy rules based on similarity computations. Our evaluation results demonstrate the efficiency of the suggested approach. For instance, the reduction rate can reach up to 10% for an ABAC policy with more than 9000 rules.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Al-Kahtani, M.A., Sandhu, R.: Induced role hierarchies with attribute-based RBAC. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 142–148. ACM (2003)
Amato, G., Falchi, F.: kNN based image classification relying on local feature similarity. In: Proceedings of the Third International Conference on SImilarity Search and APplications, pp. 101–108. ACM (2010)
Balana: Open source xacml 3.0 implementation (2012). http://xacmlinfo.org/2012/08/16/balana-the-open-source-xacml-3-0-implementation/
Benkaouz, Y., Erradi, M., Freisleben, B.: Work in progress: K-nearest neighbors techniques for ABAC policies clustering. In: Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, pp. 72–75. ACM (2016)
Bhatia, N., et al.: Survey of nearest neighbor techniques. arXiv preprint arXiv:1007.0085 (2010)
Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for web-services. Distrib. Parallel Databases 18(1), 83–105 (2005)
Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 1–10. ACM (2008)
Guo, G., Wang, H., Bell, D., Bi, Y., Greer, K.: KNN model-based approach in classification. In: Meersman, R., Tari, Z., Schmidt, D.C. (eds.) OTM 2003. LNCS, vol. 2888, pp. 986–996. Springer, Heidelberg (2003). doi:10.1007/978-3-540-39964-3_62
Guo, S.: Analysis and evaluation of similarity metrics in collaborative filtering recommender system. Master’s thesis. Lapland University of Applied Sciences (2014)
Hu, V.C., Ferraiolo, D., Kuhn, D.R.: Assessment of access control systems. US Department of Commerce, National Institute of Standards and Technology (2006)
Lin, D., Rao, P., Ferrini, R., Bertino, E., Lobo, J.: A similarity measure for comparing XACML policies. IEEE Trans. Knowl. Data Eng. 25(9), 1946–1959 (2013)
Lowe, D.G.: Distinctive image features from scale-invariant keypoints. Int. J. Comput. Vis. 60(2), 91–110 (2004)
Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with semantic meanings. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 21–30. ACM (2008)
Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with multiple objectives. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(4), 36 (2010)
Ni, Q., Lobo, J., Calo, S., Rohatgi, P., Bertino, E.: Automating role-based provisioning by learning from examples. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 75–84. ACM (2009)
Oh, S., Park, S.: Task-role-based access control model. Inf. Syst. 28(6), 533–562 (2003)
Pan, R., Dolog, P., Xu, G.: KNN-based clustering for improving social recommender systems. In: Cao, L., Zeng, Y., Symeonidis, A.L., Gorodetsky, V.I., Yu, P.S., Singh, M.P. (eds.) ADMI 2012. LNCS, vol. 7607, pp. 115–125. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36288-0_11
Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role-based access control models yz. IEEE Comput. 29(2), 38–47 (1996)
Vaidya, J., Atluri, V., Guo, Q., Adam, N.: Migrating to optimal RBAC with minimal perturbation. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 11–20. ACM (2008)
Xu, Z., Stoller, S.D.: Algorithms for mining meaningful roles. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 57–66. ACM (2012)
Xu, Z., Stoller, S.D.: Mining attribute-based access control policies from RBAC policies. In: 2013 10th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT 2013), pp. 1–6. IEEE (2013)
Xu, Z., Stoller, S.D.: Mining parameterized role-based policies. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 255–266. ACM (2013)
Xu, Z., Stoller, S.D.: Mining attribute-based access control policies from logs. In: Atluri, V., Pernul, G. (eds.) DBSec 2014. LNCS, vol. 8566, pp. 276–291. Springer, Heidelberg (2014). doi:10.1007/978-3-662-43936-4_18
Xu, Z., Stoller, S.D.: Mining attribute-based access control policies. IEEE Trans. Dependable Secure Comput. 12(5), 533–545 (2015)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services (ICWS 2005). IEEE (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Ait El Hadj, M., Benkaouz, Y., Freisleben, B., Erradi, M. (2017). ABAC Rule Reduction via Similarity Computation. In: El Abbadi, A., Garbinato, B. (eds) Networked Systems. NETYS 2017. Lecture Notes in Computer Science(), vol 10299. Springer, Cham. https://doi.org/10.1007/978-3-319-59647-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-59647-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59646-4
Online ISBN: 978-3-319-59647-1
eBook Packages: Computer ScienceComputer Science (R0)