首页> 外文学位 >文献详情
【24h】

Mining Meaningful Role-Based and Attribute-Based Access Control Policies.

机译:挖掘有意义的基于角色和基于属性的访问控制策略。

获取原文
获取原文并翻译 | 示例

摘要

Advanced models of access control, such as role-based access control (RBAC) and attribute-based access control (ABAC), offer important advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC or ABAC can be a major obstacle to adoption of RBAC or ABAC. Policy mining algorithms partially automate the construction of advanced access control policies from ACL policies and possibly other information, such as user and resource attributes. These algorithms can greatly reduce the cost of migration to RBAC or ABAC. This dissertation presents several new policy mining algorithms.;First, this dissertation considers mining of role-based policies from ACL policies and possibly other information. The dissertation presents new and flexible algorithms for this problem. The algorithms can easily be used to optimize a variety of RBAC policy quality metrics, including metrics based on policy size, metrics based on interpretability of the roles with respect to user attribute data, and compound metrics that consider size and interpretability. In experiments with publicly available access control policies, one of our algorithms achieves significantly better results than previous work.;Next, this dissertation considers mining of parameterized role based policies. Parameterization significantly enhances the scalability of RBAC, by allowing more concise policies. This dissertation defined a parameterized RBAC (PRBAC) framework, in which users and permissions have attributes that are implicit parameters of roles and can be used in role definitions. Algorithms are presented for mining PRBAC policies from ACLs and attribute data. To the best of our knowledge, this is the first PRBAC policy mining algorithm. Evaluation on three small but non-trivial case studies demonstrates the effectiveness of our algorithm.;Finally, this dissertation considers mining of attribute-based policies. ABAC allows policies to be written in a concise, flexible, and high-level way. Three versions of the ABAC policy mining problem are considered, differing in the input: (1) mining ABAC policies from ACLs and attribute data, (2) mining ABAC policies from RBAC policies and attribute data, and (3) mining ABAC policies from operation logs and attribute data. Algorithms are presented for all three versions of the problem. Extensions of the algorithms to identify suspected noise in the input data are also described. To the best of our knowledge, these are the first ABAC policy mining algorithms. Evaluations on sample policies and synthetic policies demonstrate the effectiveness of our algorithms.
机译:诸如基于角色的访问控制(RBAC)和基于属性的访问控制(ABAC)之类的访问控制高级模型相对于诸如访问控制列表(ACL)之类的低级访问控制策略表示形式具有重要优势。但是,大型组织从ACL迁移到RBAC或ABAC所需的工作可能成为采用RBAC或ABAC的主要障碍。策略挖掘算法会根据ACL策略以及可能的其他信息(例如用户和资源属性)部分地自动构建高级访问控制策略。这些算法可以大大降低迁移到RBAC或ABAC的成本。本文提出了几种新的策略挖掘算法。首先,本文考虑了从ACL策略以及其他信息中挖掘基于角色的策略。本文提出了针对该问题的新型灵活算法。该算法可轻松用于优化各种RBAC策略质量指标,包括基于策略大小的指标,基于角色相对于用户属性数据的可解释性的指标以及考虑规模和可解释性的复合指标。在公开访问控制策略的实验中,我们的算法之一比以前的工作取得了明显更好的结果。其次,本文考虑了基于参数化角色的策略的挖掘。通过允许更简洁的策略,参数化显着增强了RBAC的可伸缩性。本文定义了一个参数化的RBAC(PRBAC)框架,其中用户和权限的属性是角色的隐式参数,可以在角色定义中使用。提出了用于从ACL和属性数据中挖掘PRBAC策略的算法。据我们所知,这是第一个PRBAC策略挖掘算法。通过对三个小的但不平凡的案例研究的评估,证明了我们算法的有效性。最后,本文考虑了基于属性的策略的挖掘。 ABAC允许以简洁,灵活和高级的方式编写策略。考虑了三个版本的ABAC策略挖掘问题,它们的输入有所不同:(1)从ACL和属性数据中挖掘ABAC策略,(2)从RBAC策略和属性数据中挖掘ABAC策略,以及(3)从操作中挖掘ABAC策略日志和属性数据。提供了针对该问题的所有三个版本的算法。还描述了识别输入数据中可疑噪声的算法扩展。据我们所知,这是第一个ABAC策略挖掘算法。对样本策略和综合策略的评估证明了我们算法的有效性。

著录项

  • 作者

    Xu, Zhongyuan.;

  • 作者单位

    State University of New York at Stony Brook.;

  • 授予单位 State University of New York at Stony Brook.;
  • 学科 Computer Science.
  • 学位 Ph.D.
  • 年度 2014
  • 页码 136 p.
  • 总页数 136
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

联系方式:18141920177 (微信同号)

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号