Sie befinden Sich nicht im Netzwerk der Universität Paderborn. Der Zugriff auf elektronische Ressourcen ist gegebenenfalls nur via VPN oder Shibboleth (DFN-AAI) möglich. mehr Informationen...
An Attribute-Based Access Control (ABAC) model provides a flexible and promising approach for large, dynamic systems/applications and helps overcome the limitations of other prevalent AC approaches. However, the cost of migrating to an ABAC based system is a significant obstacle for organizations. Many large enterprises/applications need to grant access privileges to a huge number of users distributed across disparate computing environments and applications including legacy systems. Each of these applications may have its own access control model. Manual development of a single access control policy through a set of attribute-based policy rules is expensive and time consuming. In this paper, we present a methodology for automatically learning ABAC policy rules from access logs in a system to facilitate the AC policy development process. The proposed approach uses an unsupervised learning-based technique for detecting patterns in a set of access records and extracting ABAC policy rules from these patterns. We present two algorithms, rule pruning, and policy refinement, to improve the quality of the mined policy. Policy refinement algorithms are useful in ABAC policy maintenance, as well. We evaluate our proposed approach on three different sample policies as well as a randomly synthesized policy to show its effectiveness.