國立高雄大學圖資館 |

語系: 繁體中文

說明(常見問題)

圖資館首頁

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

Mining Meaningful Role-Based and Att...

State University of New York at Stony Brook.

Mining Meaningful Role-Based and Attribute-Based Access Control Policies.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Mining Meaningful Role-Based and Attribute-Based Access Control Policies.
作者:	Xu, Zhongyuan.
面頁冊數:	136 p.
附註:	Source: Dissertation Abstracts International, Volume: 76-03(E), Section: B.
附註:	Adviser: Scott D. Stoller.
Contained By:	Dissertation Abstracts International76-03B(E).
標題:	Computer science.
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3645454
ISBN:	9781321345995

Mining Meaningful Role-Based and Attribute-Based Access Control Policies.
Xu, Zhongyuan.

Mining Meaningful Role-Based and Attribute-Based Access Control Policies. - 136 p.

Source: Dissertation Abstracts International, Volume: 76-03(E), Section: B.

Thesis (Ph.D.)--State University of New York at Stony Brook, 2014.

This item must not be sold to any third party vendors.

Advanced models of access control, such as role-based access control (RBAC) and attribute-based access control (ABAC), offer important advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC or ABAC can be a major obstacle to adoption of RBAC or ABAC. Policy mining algorithms partially automate the construction of advanced access control policies from ACL policies and possibly other information, such as user and resource attributes. These algorithms can greatly reduce the cost of migration to RBAC or ABAC. This dissertation presents several new policy mining algorithms.

ISBN: 9781321345995Subjects--Topical Terms:

199325
Computer science.

Mining Meaningful Role-Based and Attribute-Based Access Control Policies.
LDR:03704nmm a2200313 4500 001 457739
005 20150805065229.5
008 150916s2014 ||||||||||||||||| ||eng d
020 $a 9781321345995
035 $a (MiAaPQ)AAI3645454
035 $a AAI3645454
040 $a MiAaPQ $c MiAaPQ
100 1 $a Xu, Zhongyuan. $3 708805
245 1 0 $a Mining Meaningful Role-Based and Attribute-Based Access Control Policies.
300 $a 136 p.
500 $a Source: Dissertation Abstracts International, Volume: 76-03(E), Section: B.
500 $a Adviser: Scott D. Stoller.
502 $a Thesis (Ph.D.)--State University of New York at Stony Brook, 2014.
506 $a This item must not be sold to any third party vendors.
520 $a Advanced models of access control, such as role-based access control (RBAC) and attribute-based access control (ABAC), offer important advantages over lower-level access control policy representations, such as access control lists (ACLs). However, the effort required for a large organization to migrate from ACLs to RBAC or ABAC can be a major obstacle to adoption of RBAC or ABAC. Policy mining algorithms partially automate the construction of advanced access control policies from ACL policies and possibly other information, such as user and resource attributes. These algorithms can greatly reduce the cost of migration to RBAC or ABAC. This dissertation presents several new policy mining algorithms.
520 $a First, this dissertation considers mining of role-based policies from ACL policies and possibly other information. The dissertation presents new and flexible algorithms for this problem. The algorithms can easily be used to optimize a variety of RBAC policy quality metrics, including metrics based on policy size, metrics based on interpretability of the roles with respect to user attribute data, and compound metrics that consider size and interpretability. In experiments with publicly available access control policies, one of our algorithms achieves significantly better results than previous work.
520 $a Next, this dissertation considers mining of parameterized role based policies. Parameterization significantly enhances the scalability of RBAC, by allowing more concise policies. This dissertation defined a parameterized RBAC (PRBAC) framework, in which users and permissions have attributes that are implicit parameters of roles and can be used in role definitions. Algorithms are presented for mining PRBAC policies from ACLs and attribute data. To the best of our knowledge, this is the first PRBAC policy mining algorithm. Evaluation on three small but non-trivial case studies demonstrates the effectiveness of our algorithm.
520 $a Finally, this dissertation considers mining of attribute-based policies. ABAC allows policies to be written in a concise, flexible, and high-level way. Three versions of the ABAC policy mining problem are considered, differing in the input: (1) mining ABAC policies from ACLs and attribute data, (2) mining ABAC policies from RBAC policies and attribute data, and (3) mining ABAC policies from operation logs and attribute data. Algorithms are presented for all three versions of the problem. Extensions of the algorithms to identify suspected noise in the input data are also described. To the best of our knowledge, these are the first ABAC policy mining algorithms. Evaluations on sample policies and synthetic policies demonstrate the effectiveness of our algorithms.
590 $a School code: 0771.
650 4 $a Computer science. $3 199325
690 $a 0984
710 2 $a State University of New York at Stony Brook. $b Computer Science. $3 708806
773 0 $t Dissertation Abstracts International $g 76-03B(E).
790 $a 0771
791 $a Ph.D.
792 $a 2014
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3645454