TY - GEN
T1 - On Attribute Retrieval in ABAC
AU - Morisset, Charles
AU - Ravidas, Sowmya
AU - Zannone, Nicola
PY - 2020/1/1
Y1 - 2020/1/1
N2 - Despite the growing interest in Attribute-Based Access Control (ABAC) and the large amount of research devoted to the specification and evaluation of ABAC policies, to date only little work has addressed the issue of attribute management and retrieval. In many modern systems, the attributes needed for policy evaluation are often retrieved from external sources (e.g., sensors, access points). This poses concerns on the correctness of policy evaluation as the policy decision point can be provided with incorrect attribute values, which can potentially yield incorrect decisions. In this paper, we investigate the problem of selecting mechanisms for attribute retrieval and its relation with the accuracy of policy evaluation. We first introduce the notion of policy evaluation under error rate and use this notion to compute the evaluation accuracy of a policy. We formulate the Attribute Retrieval Mechanism Selection Problem (ARMSP) in terms of evaluation accuracy and show that ARMSP is exponential in the number of attribute values. To overcome this computation limitation, we investigate approaches to estimate the evaluation accuracy of a policy while maintaining the computation feasible.
AB - Despite the growing interest in Attribute-Based Access Control (ABAC) and the large amount of research devoted to the specification and evaluation of ABAC policies, to date only little work has addressed the issue of attribute management and retrieval. In many modern systems, the attributes needed for policy evaluation are often retrieved from external sources (e.g., sensors, access points). This poses concerns on the correctness of policy evaluation as the policy decision point can be provided with incorrect attribute values, which can potentially yield incorrect decisions. In this paper, we investigate the problem of selecting mechanisms for attribute retrieval and its relation with the accuracy of policy evaluation. We first introduce the notion of policy evaluation under error rate and use this notion to compute the evaluation accuracy of a policy. We formulate the Attribute Retrieval Mechanism Selection Problem (ARMSP) in terms of evaluation accuracy and show that ARMSP is exponential in the number of attribute values. To overcome this computation limitation, we investigate approaches to estimate the evaluation accuracy of a policy while maintaining the computation feasible.
UR - http://www.scopus.com/inward/record.url?scp=85083969600&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-45371-8_14
DO - 10.1007/978-3-030-45371-8_14
M3 - Conference contribution
AN - SCOPUS:85083969600
SN - 9783030453701
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 225
EP - 241
BT - Foundations and Practice of Security - 12th International Symposium, FPS 2019, Revised Selected Papers
A2 - Benzekri, Abdelmalek
A2 - Laborde, Romain
A2 - Barbeau, Michel
A2 - Gong, Guang
A2 - Garcia-Alfaro, Joaquin
PB - Springer
T2 - 12th International Symposium on Foundations and Practice of Security, FPS 2019
Y2 - 5 November 2019 through 7 November 2019
ER -