Handling Incomplete Information in Policy Evaluation using Attribute Similarity

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

Recent years have seen a growing interest in Attribute-based Access Control (ABAC) because it can provide fine-grained, domain independent authorizations suitable for a wide range of applications. One important issue that arises with the evaluation of ABAC policies is that complete information may be unavailable and, thus, the policy decision point may have to reason with and make access decisions based on missing attributes. In this paper, we explore the use of attribute similarity to exploit the available information for decision making. Our approach relies on an attribute graph encoding the relationships and semantic closeness between attributes to compute the similarity between attributes and encompasses a novel probabilistic policy evaluation function to compute a likelihood estimation of reaching a certain decision based on attribute similarity. Determining the applicability of policies based on attribute similarity, however, can introduce the risks of wrongly granting/denying access. To this end, we show how such risks can be quantified and accounted for to reach a conclusive decision.

Original languageEnglish
Title of host publicationProceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020
PublisherInstitute of Electrical and Electronics Engineers
Pages79-88
Number of pages10
ISBN (Electronic)9781728185439
DOIs
Publication statusPublished - Oct 2020
Event2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020 - Virtual, Atlanta, United States
Duration: 1 Dec 20203 Dec 2020

Conference

Conference2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020
CountryUnited States
CityVirtual, Atlanta
Period1/12/203/12/20

Keywords

  • ABAC
  • Attribute Similarity
  • Policy Evaluation
  • Risk-based Access Control

Fingerprint Dive into the research topics of 'Handling Incomplete Information in Policy Evaluation using Attribute Similarity'. Together they form a unique fingerprint.

Cite this