Javier Martínez Llamas
ABSTRACT
As technological systems grow in complexity, the task of managing authorisation and access control within distributed systems becomes increasingly daunting. Machine learning (ML) emerges as a solution capable of adapting to this intricate landscape by drawing insights from historical data and swiftly determining who should be granted access to specific resources. While the incorporation of machine learning into authorisation and access control yields numerous benefits, it also introduces concerns surrounding how to safeguard the integrity of these ML models that are deployed and utilised in a distributed setting. These challenges represent the focal point of this doctoral research endeavour. The primary objective of this study is to delve into the dynamics of attacks and defences within an hybrid access control middleware, which combines conventional rule-based policies with ML-based classifiers. Additionally, this research will explore managerial aspects essential for enabling dynamic and adaptive authorisation measures.
- Leila Karimi, Mai Abdelhakim, and James Joshi. 2021. Adaptive ABAC Policy Learning: A Reinforcement Learning Approach. arXiv:2105.08587 [cs.LG]Google Scholar
- Aodi Liu, Xuehui Du, and Na Wang. 2021. Efficient access control permission decision engine based on machine learning. Security and Communication Networks 2021 (2021), 1--11.Google Scholar
- Javier Martínez Llamas, Davy Preuveneers, and Wouter Joosen. 2023. Effective Machine Learning-based Access Control Administration through Unlearning. In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). 50--57. https://doi.org/10.1109/EuroSPW59978.2023.00011Google ScholarCross Ref
- Mohammad Nur Nobi, Ram Krishnan, Yufei Huang, and Ravi Sandhu. 2022. Administration of Machine Learning Based Access Control. In Computer Security -- ESORICS 2022, Vijayalakshmi Atluri, Roberto Di Pietro, Christian D. Jensen, and Weizhi Meng (Eds.). Springer Nature Switzerland, Cham, 189--210.Google ScholarDigital Library
- Mohammad Nur Nobi, Ram Krishnan, Yufei Huang, Mehrnoosh Shakarami, and Ravi Sandhu. 2022. Toward Deep Learning Based Access Control. In Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy (Baltimore, MD, USA) (CODASPY '22). Association for Computing Machinery, New York, NY, USA, 143--154. https://doi.org/10.1145/3508398.3511497Google ScholarDigital Library
- Mohammad Nur Nobi, Ram Krishnan, and Ravi Sandhu. 2022. Adversarial Attacks in Machine Learning Based Access Control. In Proceedings of the 1st Italian Conference on Big Data and Data Science (ITADATA 2022). 3--14. https://ceur-ws.org/Vol-3340/Google Scholar
- Daniel Servos and Sylvia L Osborn. 2017. Current research and open problems in attribute-based access control. ACM Computing Surveys (CSUR) 49, 4 (2017), 1--45.Google ScholarDigital Library
Index Terms
- Attacks and Defences for ML-enhanced Access Control
Recommendations
Hardware-enhanced distributed access enforcement for role-based access control
SACMAT '14: Proceedings of the 19th ACM symposium on Access control models and technologiesThe protection of information in enterprise and cloud platforms is growing more important and complex with increasing numbers of users who need to access resources with distinct permissions. Role-based access control (RBAC) eases administrative ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Domain Administration of Task-role Based Access Control for Process Collaboration Environments
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and ...
Comments