Handling Incomplete Information in Policy Evaluation using Attribute Similarity

Sowmya Ravidas; Indrakshi Ray; Nicola Zannone

doi:10.1109/TPS-ISA50397.2020.00021

Handling Incomplete Information in Policy Evaluation using Attribute Similarity

Sowmya Ravidas, Indrakshi Ray, Nicola Zannone

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Recent years have seen a growing interest in Attribute-based Access Control (ABAC) because it can provide fine-grained, domain independent authorizations suitable for a wide range of applications. One important issue that arises with the evaluation of ABAC policies is that complete information may be unavailable and, thus, the policy decision point may have to reason with and make access decisions based on missing attributes. In this paper, we explore the use of attribute similarity to exploit the available information for decision making. Our approach relies on an attribute graph encoding the relationships and semantic closeness between attributes to compute the similarity between attributes and encompasses a novel probabilistic policy evaluation function to compute a likelihood estimation of reaching a certain decision based on attribute similarity. Determining the applicability of policies based on attribute similarity, however, can introduce the risks of wrongly granting/denying access. To this end, we show how such risks can be quantified and accounted for to reach a conclusive decision.

Original language	English
Title of host publication	Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020
Publisher	Institute of Electrical and Electronics Engineers
Pages	79-88
Number of pages	10
ISBN (Electronic)	9781728185439
DOIs	https://doi.org/10.1109/TPS-ISA50397.2020.00021
Publication status	Published - Oct 2020
Event	2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020 - Virtual, Atlanta, United States Duration: 1 Dec 2020 → 3 Dec 2020

Conference

Conference	2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020
Country	United States
City	Virtual, Atlanta
Period	1/12/20 → 3/12/20

Keywords

ABAC
Attribute Similarity
Policy Evaluation
Risk-based Access Control

Access to Document

10.1109/TPS-ISA50397.2020.00021

Link to publication in Scopus

Fingerprint Dive into the research topics of 'Handling Incomplete Information in Policy Evaluation using Attribute Similarity'. Together they form a unique fingerprint.

Cite this

Ravidas, S., Ray, I., & Zannone, N. (2020). Handling Incomplete Information in Policy Evaluation using Attribute Similarity. In Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020 (pp. 79-88). [9325357] Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/TPS-ISA50397.2020.00021

@inproceedings{2d1ecc80c39d456db0d065753a687bb1,

title = "Handling Incomplete Information in Policy Evaluation using Attribute Similarity",

abstract = "Recent years have seen a growing interest in Attribute-based Access Control (ABAC) because it can provide fine-grained, domain independent authorizations suitable for a wide range of applications. One important issue that arises with the evaluation of ABAC policies is that complete information may be unavailable and, thus, the policy decision point may have to reason with and make access decisions based on missing attributes. In this paper, we explore the use of attribute similarity to exploit the available information for decision making. Our approach relies on an attribute graph encoding the relationships and semantic closeness between attributes to compute the similarity between attributes and encompasses a novel probabilistic policy evaluation function to compute a likelihood estimation of reaching a certain decision based on attribute similarity. Determining the applicability of policies based on attribute similarity, however, can introduce the risks of wrongly granting/denying access. To this end, we show how such risks can be quantified and accounted for to reach a conclusive decision.",

keywords = "ABAC, Attribute Similarity, Policy Evaluation, Risk-based Access Control",

author = "Sowmya Ravidas and Indrakshi Ray and Nicola Zannone",

year = "2020",

month = oct,

doi = "10.1109/TPS-ISA50397.2020.00021",

language = "English",

pages = "79--88",

booktitle = "Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

note = "2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020 ; Conference date: 01-12-2020 Through 03-12-2020",

}

Ravidas, S, Ray, I & Zannone, N 2020, Handling Incomplete Information in Policy Evaluation using Attribute Similarity. in Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020., 9325357, Institute of Electrical and Electronics Engineers, pp. 79-88, 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020, Virtual, Atlanta, United States, 1/12/20. https://doi.org/10.1109/TPS-ISA50397.2020.00021

Handling Incomplete Information in Policy Evaluation using Attribute Similarity. / Ravidas, Sowmya; Ray, Indrakshi; Zannone, Nicola.

Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020. Institute of Electrical and Electronics Engineers, 2020. p. 79-88 9325357.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Handling Incomplete Information in Policy Evaluation using Attribute Similarity

AU - Ravidas, Sowmya

AU - Ray, Indrakshi

AU - Zannone, Nicola

PY - 2020/10

Y1 - 2020/10

N2 - Recent years have seen a growing interest in Attribute-based Access Control (ABAC) because it can provide fine-grained, domain independent authorizations suitable for a wide range of applications. One important issue that arises with the evaluation of ABAC policies is that complete information may be unavailable and, thus, the policy decision point may have to reason with and make access decisions based on missing attributes. In this paper, we explore the use of attribute similarity to exploit the available information for decision making. Our approach relies on an attribute graph encoding the relationships and semantic closeness between attributes to compute the similarity between attributes and encompasses a novel probabilistic policy evaluation function to compute a likelihood estimation of reaching a certain decision based on attribute similarity. Determining the applicability of policies based on attribute similarity, however, can introduce the risks of wrongly granting/denying access. To this end, we show how such risks can be quantified and accounted for to reach a conclusive decision.

AB - Recent years have seen a growing interest in Attribute-based Access Control (ABAC) because it can provide fine-grained, domain independent authorizations suitable for a wide range of applications. One important issue that arises with the evaluation of ABAC policies is that complete information may be unavailable and, thus, the policy decision point may have to reason with and make access decisions based on missing attributes. In this paper, we explore the use of attribute similarity to exploit the available information for decision making. Our approach relies on an attribute graph encoding the relationships and semantic closeness between attributes to compute the similarity between attributes and encompasses a novel probabilistic policy evaluation function to compute a likelihood estimation of reaching a certain decision based on attribute similarity. Determining the applicability of policies based on attribute similarity, however, can introduce the risks of wrongly granting/denying access. To this end, we show how such risks can be quantified and accounted for to reach a conclusive decision.

KW - ABAC

KW - Attribute Similarity

KW - Policy Evaluation

KW - Risk-based Access Control

UR - http://www.scopus.com/inward/record.url?scp=85100373600&partnerID=8YFLogxK

U2 - 10.1109/TPS-ISA50397.2020.00021

DO - 10.1109/TPS-ISA50397.2020.00021

M3 - Conference contribution

AN - SCOPUS:85100373600

SP - 79

EP - 88

BT - Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020

PB - Institute of Electrical and Electronics Engineers

T2 - 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020

Y2 - 1 December 2020 through 3 December 2020

ER -

Ravidas S, Ray I, Zannone N. Handling Incomplete Information in Policy Evaluation using Attribute Similarity. In Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020. Institute of Electrical and Electronics Engineers. 2020. p. 79-88. 9325357 https://doi.org/10.1109/TPS-ISA50397.2020.00021