Policy Engineering in ABAC

In computer security, access control is one of the most fundamental challenges and access control policies (ACPs) are critical to the security of organizations. Although higher-level policy frameworks such as attribute-based access control (ABAC) promise long-term cost savings through reduced management effort, defining proper ABAC policies is very challenging, especially in large organizations. Manual development of initial policies can be difficult, expensive, labor-intensive, and error prone. Thus, an automatic or semi-automatic approach to developing ABAC policies from existing resources and available data would be greatly beneficial and can significantly reduce the cost of migration to ABAC. In this project, we aim to provide powerful comprehensive environment for efficient and effective development of trustworthy ABAC policies. This includes a hybrid policy engineering framework that combines top-down and bottom-up approaches to radically reduce manual efforts, human errors, and the development and maintenance costs of ABAC policies. The top-down portion includes a set of techniques and algorithms based on natural language processing (NLP) and machine learning (ML) to extract ABAC policies from unrestricted natural language documents. The bottom-up portion includes a set of techniques and algorithms to mine ABAC policies from existing policies (e.g. ACLs, RBAC) and operational data.

Related Publications:

  • Manar Alohaly, Hassan Takabi, and Eduardo Blanco. (2018). A Deep Learning Approach for Extracting Attributes of ABAC Policies. Conference Proceedings of the 23rd ACM on Symposium on Access Control Models and Technologies Publisher, ACM. [PDF]  [Bibtex]
  • Masoud Narouei, Hassan Takabi, and Rodney Nielsen, 2018. Automatic Extraction of Access Control Policies from Natural Language Documents. IEEE Transactions on Dependable and Secure Computing. [PDF]  [Bibtex]
  • Manar Alohaly and Hassan Takabi. When do changes induce software vulnerabilities? In 3rd IEEE International Conference on Collaboration and Internet Computing, CIC 2017, San Jose, CA, USA, October 15-17, 2017, pages 59–66. [PDF]  [Bibtex]
  • Masoud Narouei, Hamed Khanpour, and Hassan Takabi. (2017). Identification of access control policy sentences from natural language policy documents. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10359 LNCS). [PDF]  [Bibtex]
  • Masoud Narouei, Hamed Khanpour,, Hassan Takabi, Natalie Parde, and Rodney Nielsen. (2017). Towards a Top-down Policy Engineering Framework for Attribute-based Access Control. In Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies - SACMAT ’17 Abstracts (pp. 103–114). [PDF]  [Bibtex]
  • Manar Alohaly and Hassan Takabi. (2016). If you can’t measure it, you can’t manage it: Towards quantification of privacy policies. In 2nd IEEE International Conference on Collaboration and Internet Computing, CIC 2016, Pittsburgh, PA, USA, November 1-3, 2016, pages 539–545[PDF]  [Bibtex]
  • Manar Alohaly and Hassan Takabi. (2016). Better privacy indicators: A new approach to quantification of privacy policies. In Workshop on Privacy Indicators, WPI@SOUPS 2016, Denver, CO, USA, June 22, 2016. [PDF]  [Bibtex]
  • Masoud Narouei, Mansour Ahmadi, Giorgio Giacinto, Hassan Takabi, and Ashkan Sami. (2015). DLLMiner: Structural mining for malware detection. Security and Communication Networks, 8(18), 3311–3322. [PDF]  [Bibtex]
  • Masoud Narouei, and Hassan Takabi. (2015). Automatic Top-Down Role Engineering Framework Using Natural Language Processing Techniques. Information Security Theory and Practice. 2015. Springer International Publishing. pp 137--152. [PDF]  [Bibtex]
  • Jafar Haadi Jafarian, Hassan Takabi, Hakim Touati, Ehsan Hesamifard, and Mohamed Shehab. (2015). Towards a general framework for optimal role mining: A constraint satisfaction approach. In Proceedings of ACM Symposium on Access Control Models and Technologies (pp. 211–220). [PDF]  [Bibtex]
  • Masoud Narouei, and Hassan Takabi. (2015). Towards an automatic top-down role engineering approach using natural language processing techniques. In Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT (Vol. 2015–June). [PDF]  [Bibtex]