Attribute-Based Access Control Policy Generation Approach from Access Logs Based on the CatBoost

Authors

  • Shan Quan College of Mathematics and System Science, Xinjiang University, China
  • Yongdan Zhao College of Mathematics and System Science, Xinjiang University, China
  • Nurmamat Helil College of Mathematics and System Science, Xinjiang University, China

DOI:

https://doi.org/10.31577/cai_2023_3_615

Keywords:

ABAC policy, access logs, policy mining, ensemble learning, CatBoost

Abstract

Attribute-based access control (ABAC) has higher flexibility and better scalability than traditional access control and can be used for fine-grained access control of large-scale information systems. Although ABAC can depict a dynamic, complex access control policy, it is costly, tedious, and error-prone to manually define. Therefore, it is worth studying how to construct an ABAC policy efficiently and accurately. This paper proposes an ABAC policy generation approach based on the CatBoost algorithm to automatically learn policies from historical access logs. First, we perform a weighted reconstruction of the attributes for the policy to be mined. Second, we provide an ABAC rule extraction algorithm, rule pruning algorithm, and rule optimization algorithm, among which the rule pruning and rule optimization algorithms are used to improve the accuracy of the generated policies. In addition, we present a new policy quality indicator to measure the accuracy and simplicity of the generated policies. Finally, the results of an experiment conducted to validate the approach verify its feasibility and effectiveness.

Downloads

Download data is not yet available.

Downloads

Published

2023-08-31

How to Cite

Quan, S., Zhao, Y., & Helil, N. (2023). Attribute-Based Access Control Policy Generation Approach from Access Logs Based on the CatBoost. Computing and Informatics, 42(3), 615–650. https://doi.org/10.31577/cai_2023_3_615