Skip to main content
SpringerLink
Log in
Book cover

International Conference on Networked Systems

NETYS 2017: Networked Systems pp 86–100Cite as

ABAC Rule Reduction via Similarity Computation

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10299))

Abstract

Attribute-based access control (ABAC) represents a generic model of access control that provides a high level of flexibility and promotes information and security sharing. Since ABAC considers a large set of attributes for access decisions, using it might get very complicated for large systems. Hence, it is interesting to offer techniques to reduce the number of rules in ABAC policies without affecting the final decision. In this paper, we present an approach based on K-nearest neighbors algorithms for clustering ABAC policies. To the best of our knowledge, it is the first approach that aims to reduce the number of policy rules based on similarity computations. Our evaluation results demonstrate the efficiency of the suggested approach. For instance, the reduction rate can reach up to 10% for an ABAC policy with more than 9000 rules.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Al-Kahtani, M.A., Sandhu, R.: Induced role hierarchies with attribute-based RBAC. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 142–148. ACM (2003)

    Google Scholar 

  2. Amato, G., Falchi, F.: kNN based image classification relying on local feature similarity. In: Proceedings of the Third International Conference on SImilarity Search and APplications, pp. 101–108. ACM (2010)

    Google Scholar 

  3. Balana: Open source xacml 3.0 implementation (2012). http://xacmlinfo.org/2012/08/16/balana-the-open-source-xacml-3-0-implementation/

  4. Benkaouz, Y., Erradi, M., Freisleben, B.: Work in progress: K-nearest neighbors techniques for ABAC policies clustering. In: Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, pp. 72–75. ACM (2016)

    Google Scholar 

  5. Bhatia, N., et al.: Survey of nearest neighbor techniques. arXiv preprint arXiv:1007.0085 (2010)

  6. Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for web-services. Distrib. Parallel Databases 18(1), 83–105 (2005)

    Article  Google Scholar 

  7. Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E.: Fast exact and heuristic methods for role minimization problems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 1–10. ACM (2008)

    Google Scholar 

  8. Guo, G., Wang, H., Bell, D., Bi, Y., Greer, K.: KNN model-based approach in classification. In: Meersman, R., Tari, Z., Schmidt, D.C. (eds.) OTM 2003. LNCS, vol. 2888, pp. 986–996. Springer, Heidelberg (2003). doi:10.1007/978-3-540-39964-3_62

    Chapter  Google Scholar 

  9. Guo, S.: Analysis and evaluation of similarity metrics in collaborative filtering recommender system. Master’s thesis. Lapland University of Applied Sciences (2014)

    Google Scholar 

  10. Hu, V.C., Ferraiolo, D., Kuhn, D.R.: Assessment of access control systems. US Department of Commerce, National Institute of Standards and Technology (2006)

    Google Scholar 

  11. Lin, D., Rao, P., Ferrini, R., Bertino, E., Lobo, J.: A similarity measure for comparing XACML policies. IEEE Trans. Knowl. Data Eng. 25(9), 1946–1959 (2013)

    Article  Google Scholar 

  12. Lowe, D.G.: Distinctive image features from scale-invariant keypoints. Int. J. Comput. Vis. 60(2), 91–110 (2004)

    Article  Google Scholar 

  13. Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with semantic meanings. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 21–30. ACM (2008)

    Google Scholar 

  14. Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J.: Mining roles with multiple objectives. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(4), 36 (2010)

    Article  Google Scholar 

  15. Ni, Q., Lobo, J., Calo, S., Rohatgi, P., Bertino, E.: Automating role-based provisioning by learning from examples. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 75–84. ACM (2009)

    Google Scholar 

  16. Oh, S., Park, S.: Task-role-based access control model. Inf. Syst. 28(6), 533–562 (2003)

    Article  MATH  Google Scholar 

  17. Pan, R., Dolog, P., Xu, G.: KNN-based clustering for improving social recommender systems. In: Cao, L., Zeng, Y., Symeonidis, A.L., Gorodetsky, V.I., Yu, P.S., Singh, M.P. (eds.) ADMI 2012. LNCS, vol. 7607, pp. 115–125. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36288-0_11

    Chapter  Google Scholar 

  18. Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role-based access control models yz. IEEE Comput. 29(2), 38–47 (1996)

    Article  Google Scholar 

  19. Vaidya, J., Atluri, V., Guo, Q., Adam, N.: Migrating to optimal RBAC with minimal perturbation. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 11–20. ACM (2008)

    Google Scholar 

  20. Xu, Z., Stoller, S.D.: Algorithms for mining meaningful roles. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 57–66. ACM (2012)

    Google Scholar 

  21. Xu, Z., Stoller, S.D.: Mining attribute-based access control policies from RBAC policies. In: 2013 10th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT 2013), pp. 1–6. IEEE (2013)

    Google Scholar 

  22. Xu, Z., Stoller, S.D.: Mining parameterized role-based policies. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 255–266. ACM (2013)

    Google Scholar 

  23. Xu, Z., Stoller, S.D.: Mining attribute-based access control policies from logs. In: Atluri, V., Pernul, G. (eds.) DBSec 2014. LNCS, vol. 8566, pp. 276–291. Springer, Heidelberg (2014). doi:10.1007/978-3-662-43936-4_18

    Google Scholar 

  24. Xu, Z., Stoller, S.D.: Mining attribute-based access control policies. IEEE Trans. Dependable Secure Comput. 12(5), 533–545 (2015)

    Article  Google Scholar 

  25. Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services (ICWS 2005). IEEE (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Networking and Distributed Systems Research Group, TIES, SIME Lab, ENSIAS, Mohammed V University in Rabat, Rabat, Morocco

    Maryem Ait El Hadj & Mohammed Erradi

  2. Conception and Systems Laboratory, FSR, Mohammed V University in Rabat, Rabat, Morocco

    Yahya Benkaouz

  3. Department of Mathematics and Computer Science, Philipps-Universität Marburg, Marburg, Germany

    Bernd Freisleben

Authors
  1. Maryem Ait El Hadj
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yahya Benkaouz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bernd Freisleben
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohammed Erradi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maryem Ait El Hadj .

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of California, Santa Barbara, Santa Barbara, California, USA

    Amr El Abbadi

  2. Université de Lausanne, Lausanne, Switzerland

    Benoît Garbinato

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Ait El Hadj, M., Benkaouz, Y., Freisleben, B., Erradi, M. (2017). ABAC Rule Reduction via Similarity Computation. In: El Abbadi, A., Garbinato, B. (eds) Networked Systems. NETYS 2017. Lecture Notes in Computer Science(), vol 10299. Springer, Cham. https://doi.org/10.1007/978-3-319-59647-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59647-1_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59646-4

  • Online ISBN: 978-3-319-59647-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation