Qualitative Intention-aware Attribute-based Access Control Policy Refinement
dc.contributor.author
Mitani, Shohei
dc.contributor.author
Kwon, Jonghoon
dc.contributor.author
Ghate, Nakul
dc.contributor.author
Singh, Taniya
dc.contributor.author
Ueda, Hirofumi
dc.contributor.author
Perrig, Adrian
dc.date.accessioned
2023-06-20T12:46:26Z
dc.date.available
2023-06-17T03:46:50Z
dc.date.available
2023-06-20T12:46:26Z
dc.date.issued
2023-05
dc.identifier.isbn
979-8-4007-0173-3
en_US
dc.identifier.other
10.1145/3589608.3593841
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/617170
dc.description.abstract
Designing access control policies is often expensive and tedious due to the heterogeneous systems, services, and diverse user demands. Although ABAC policy and decision engine creation methods based on machine learning have been proposed, they cannot make good access decisions for applications and situations not envisioned by the decision-makers who provide training examples. It results in over-and under-permissiveness. In this paper, we propose a framework that refines pre-developed policies. It creates a decision engine that makes better decisions than those policies. Inspired by multiple criteria decision theory, our method uses the policy manager's qualitative intentions behind their judgments to guide access decisions so that more benefits are expected. In the evaluation, we prepare a coarse and relatively elaborate policy. We refine the coarse policy to obtain a decision engine that is compared for the similarity in access decisions with the elaborate policy using AUC as a measure. The results show that our method improves the coarse policy by a difference of 12-26% in AUC and outperforms the conventional machine learning methods by a difference of 3-11% in AUC.
en_US
dc.language.iso
en
en_US
dc.publisher
Association for Computing Machinery
en_US
dc.subject
actionable ai
en_US
dc.subject
decision theory
en_US
dc.subject
abac policy
en_US
dc.subject
machine learning
en_US
dc.title
Qualitative Intention-aware Attribute-based Access Control Policy Refinement
en_US
dc.type
Conference Paper
dc.date.published
2023-05-24
ethz.book.title
SACMAT '23: Proceedings of the 28th ACM Symposium on Access Control Models and Technologies
en_US
ethz.pages.start
201
en_US
ethz.pages.end
208
en_US
ethz.event
28th ACM Symposium on Access Control Models and Technologies (SACMAT 2023)
en_US
ethz.event.location
Trento, Italy
en_US
ethz.event.date
June 7-9, 2023
en_US
ethz.identifier.wos
ethz.identifier.scopus
ethz.publication.place
New York, NY
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03975 - Perrig, Adrian / Perrig, Adrian
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03975 - Perrig, Adrian / Perrig, Adrian
ethz.date.deposited
2023-06-17T03:46:52Z
ethz.source
SCOPUS
ethz.eth
yes
en_US
ethz.availability
Metadata only
en_US
ethz.rosetta.installDate
2023-06-20T12:46:27Z
ethz.rosetta.lastUpdated
2024-02-03T00:17:34Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Qualitative%20Intention-aware%20Attribute-based%20Access%20Control%20Policy%20Refinement&rft.date=2023-05&rft.spage=201&rft.epage=208&rft.au=Mitani,%20Shohei&Kwon,%20Jonghoon&Ghate,%20Nakul&Singh,%20Taniya&Ueda,%20Hirofumi&rft.isbn=979-8-4007-0173-3&rft.genre=proceeding&rft_id=info:doi/10.1145/3589608.3593841&rft.btitle=SACMAT%20'23:%20Proceedings%20of%20the%2028th%20ACM%20Symposium%20on%20Access%20Control%20Models%20and%20Technologies
Files in this item
Files | Size | Format | Open in viewer |
---|---|---|---|
There are no files associated with this item. |
Publication type
-
Conference Paper [35256]