TY - GEN
T1 - VisMAP
T2 - 15th International Conference on Information Systems Security, ICISS 2019
AU - Das, Saptarshi
AU - Sural, Shamik
AU - Vaidya, Jaideep
AU - Atluri, Vijayalakshmi
AU - Rigoll, Gerhard
N1 - Publisher Copyright:
© 2019, Springer Nature Switzerland AG.
PY - 2019
Y1 - 2019
N2 - Policy mining has been identified as one of the most challenging tasks towards deployment of Attribute-Based Access Control (ABAC) in any organization. This work introduces a novel approach for visual mining of ABAC policies. The fundamental objective is to graphically portray the existing accesses to facilitate visual elucidation and mining of meaningful authorization rules. We represent the existing accesses in the form of a binary matrix and formulate the problem of finding the best representation of the binary matrix as a minimization problem. The authorization rules are then extracted from the visual representation of the access control matrix in such a way that the number of rules required to satisfy all the existing accesses is minimum. The problem is shown to be NP-Complete and hence, heuristic solution is proposed. We experimentally evaluate our proposed approach on a number of synthetically generated data sets to study its robustness and scalability in a variety of situations.
AB - Policy mining has been identified as one of the most challenging tasks towards deployment of Attribute-Based Access Control (ABAC) in any organization. This work introduces a novel approach for visual mining of ABAC policies. The fundamental objective is to graphically portray the existing accesses to facilitate visual elucidation and mining of meaningful authorization rules. We represent the existing accesses in the form of a binary matrix and formulate the problem of finding the best representation of the binary matrix as a minimization problem. The authorization rules are then extracted from the visual representation of the access control matrix in such a way that the number of rules required to satisfy all the existing accesses is minimum. The problem is shown to be NP-Complete and hence, heuristic solution is proposed. We experimentally evaluate our proposed approach on a number of synthetically generated data sets to study its robustness and scalability in a variety of situations.
KW - Attribute-Based Access Control
KW - Policy mining
KW - Visual policy representation
UR - http://www.scopus.com/inward/record.url?scp=85076913281&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-36945-3_5
DO - 10.1007/978-3-030-36945-3_5
M3 - Conference contribution
AN - SCOPUS:85076913281
SN - 9783030369446
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 79
EP - 98
BT - Information Systems Security - 15th International Conference, ICISS 2019, Proceedings
A2 - Garg, Deepak
A2 - Kumar, N. V.
A2 - Shyamasundar, Rudrapatna K.
PB - Springer
Y2 - 16 December 2019 through 20 December 2019
ER -