Handling Incomplete Information in Policy Evaluation using Attribute Similarity

Sowmya Ravidas; Indrakshi Ray; Nicola Zannone

doi:10.1109/TPS-ISA50397.2020.00021

Handling Incomplete Information in Policy Evaluation using Attribute Similarity

Sowmya Ravidas
, Indrakshi Ray
, Nicola Zannone

Security

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

5 Citaten (Scopus)

Samenvatting

Recent years have seen a growing interest in Attribute-based Access Control (ABAC) because it can provide fine-grained, domain independent authorizations suitable for a wide range of applications. One important issue that arises with the evaluation of ABAC policies is that complete information may be unavailable and, thus, the policy decision point may have to reason with and make access decisions based on missing attributes. In this paper, we explore the use of attribute similarity to exploit the available information for decision making. Our approach relies on an attribute graph encoding the relationships and semantic closeness between attributes to compute the similarity between attributes and encompasses a novel probabilistic policy evaluation function to compute a likelihood estimation of reaching a certain decision based on attribute similarity. Determining the applicability of policies based on attribute similarity, however, can introduce the risks of wrongly granting/denying access. To this end, we show how such risks can be quantified and accounted for to reach a conclusive decision.

Originele taal-2	Engels
Titel	Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020
Uitgeverij	Institute of Electrical and Electronics Engineers
Pagina's	79-88
Aantal pagina's	10
ISBN van elektronische versie	9781728185439
DOI's	https://doi.org/10.1109/TPS-ISA50397.2020.00021
Status	Gepubliceerd - okt. 2020
Evenement	2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020 - Virtual, Atlanta, Verenigde Staten van Amerika Duur: 1 dec. 2020 → 3 dec. 2020

Congres

Congres	2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020
Land/Regio	Verenigde Staten van Amerika
Stad	Virtual, Atlanta
Periode	1/12/20 → 3/12/20

Financiering

This work is supported by the H2020-ECSEL programme of the European Commission through the SECREDAS project (grant no. 783119) and also by NIST under Contract Number 60NANB18D204, by funds from NSF under Award Number CNS 1650573, CNS 1822118, and funds from AFRL, American Megatrends Inc., SecureNok, Furuno Electric Company, CableLabs, Cyber Risk Research, and Statnett.

Financiers	Financiernummer
National Science Foundation(NSF)	CNS 1650573, CNS 1822118, 1822118
National Institute of Standards and Technology	60NANB18D204
Air Force Research Laboratory
European Commission	783119

Toegang tot document

10.1109/TPS-ISA50397.2020.00021

Andere bestanden en links

Link to publication in Scopus

Citeer dit

Ravidas, S., Ray, I., & Zannone, N. (2020). Handling Incomplete Information in Policy Evaluation using Attribute Similarity. In Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020 (blz. 79-88). Artikel 9325357 Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/TPS-ISA50397.2020.00021

@inproceedings{2d1ecc80c39d456db0d065753a687bb1,

title = "Handling Incomplete Information in Policy Evaluation using Attribute Similarity",

abstract = "Recent years have seen a growing interest in Attribute-based Access Control (ABAC) because it can provide fine-grained, domain independent authorizations suitable for a wide range of applications. One important issue that arises with the evaluation of ABAC policies is that complete information may be unavailable and, thus, the policy decision point may have to reason with and make access decisions based on missing attributes. In this paper, we explore the use of attribute similarity to exploit the available information for decision making. Our approach relies on an attribute graph encoding the relationships and semantic closeness between attributes to compute the similarity between attributes and encompasses a novel probabilistic policy evaluation function to compute a likelihood estimation of reaching a certain decision based on attribute similarity. Determining the applicability of policies based on attribute similarity, however, can introduce the risks of wrongly granting/denying access. To this end, we show how such risks can be quantified and accounted for to reach a conclusive decision.",

keywords = "ABAC, Attribute Similarity, Policy Evaluation, Risk-based Access Control",

author = "Sowmya Ravidas and Indrakshi Ray and Nicola Zannone",

year = "2020",

month = oct,

doi = "10.1109/TPS-ISA50397.2020.00021",

language = "English",

pages = "79--88",

booktitle = "Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

note = "2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020 ; Conference date: 01-12-2020 Through 03-12-2020",

}

Ravidas, S, Ray, I & Zannone, N 2020, Handling Incomplete Information in Policy Evaluation using Attribute Similarity. in Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020., 9325357, Institute of Electrical and Electronics Engineers, blz. 79-88, 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020, Virtual, Atlanta, Verenigde Staten van Amerika, 1/12/20. https://doi.org/10.1109/TPS-ISA50397.2020.00021

Handling Incomplete Information in Policy Evaluation using Attribute Similarity. / Ravidas, Sowmya; Ray, Indrakshi; Zannone, Nicola.
Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020. Institute of Electrical and Electronics Engineers, 2020. blz. 79-88 9325357.

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

TY - GEN

T1 - Handling Incomplete Information in Policy Evaluation using Attribute Similarity

AU - Ravidas, Sowmya

AU - Ray, Indrakshi

AU - Zannone, Nicola

PY - 2020/10

Y1 - 2020/10

N2 - Recent years have seen a growing interest in Attribute-based Access Control (ABAC) because it can provide fine-grained, domain independent authorizations suitable for a wide range of applications. One important issue that arises with the evaluation of ABAC policies is that complete information may be unavailable and, thus, the policy decision point may have to reason with and make access decisions based on missing attributes. In this paper, we explore the use of attribute similarity to exploit the available information for decision making. Our approach relies on an attribute graph encoding the relationships and semantic closeness between attributes to compute the similarity between attributes and encompasses a novel probabilistic policy evaluation function to compute a likelihood estimation of reaching a certain decision based on attribute similarity. Determining the applicability of policies based on attribute similarity, however, can introduce the risks of wrongly granting/denying access. To this end, we show how such risks can be quantified and accounted for to reach a conclusive decision.

AB - Recent years have seen a growing interest in Attribute-based Access Control (ABAC) because it can provide fine-grained, domain independent authorizations suitable for a wide range of applications. One important issue that arises with the evaluation of ABAC policies is that complete information may be unavailable and, thus, the policy decision point may have to reason with and make access decisions based on missing attributes. In this paper, we explore the use of attribute similarity to exploit the available information for decision making. Our approach relies on an attribute graph encoding the relationships and semantic closeness between attributes to compute the similarity between attributes and encompasses a novel probabilistic policy evaluation function to compute a likelihood estimation of reaching a certain decision based on attribute similarity. Determining the applicability of policies based on attribute similarity, however, can introduce the risks of wrongly granting/denying access. To this end, we show how such risks can be quantified and accounted for to reach a conclusive decision.

KW - ABAC

KW - Attribute Similarity

KW - Policy Evaluation

KW - Risk-based Access Control

UR - https://www.scopus.com/pages/publications/85100373600

U2 - 10.1109/TPS-ISA50397.2020.00021

DO - 10.1109/TPS-ISA50397.2020.00021

M3 - Conference contribution

AN - SCOPUS:85100373600

SP - 79

EP - 88

BT - Proceedings - 2020 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020

PB - Institute of Electrical and Electronics Engineers

T2 - 2nd IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2020

Y2 - 1 December 2020 through 3 December 2020

ER -

Handling Incomplete Information in Policy Evaluation using Attribute Similarity

Samenvatting

Congres

Financiering

Toegang tot document

Andere bestanden en links

Vingerafdruk

Citeer dit