Synthesizing and analyzing attribute-based access control model generated from natural language policy statements

Abdelgawad, Mahmoud, author; Ray, Indrakshi, author; Alqurashi, Saja, author; Venkatesha, Videep, author; Shirazi, Hosein, author; ACM, publisher

Synthesizing and analyzing attribute-based access control model generated from natural language policy statements

Files

FACF_ACMOA_3589608.3593844.pdf (1.74 MB)

Date

2023-05-24

Authors

Abdelgawad, Mahmoud, author

Ray, Indrakshi, author

Alqurashi, Saja, author

Venkatesha, Videep, author

Shirazi, Hosein, author

ACM, publisher

Abstract

Access control policies (ACPs) are natural language statements that describe criteria under which users can access resources. We focus on constructing NIST Next Generation Access Control (NGAC) ABAC model from ACP statements. NGAC is more complex than RBAC or XACML ABAC as it supports dynamic, event-based policies, as well as prohibitions. We provide algorithms that use spaCy, a NLP library, to extract entities and relations from ACP sentences and convert them into the NGAC model. We then convert this NGAC model into Neo4j representation for the purpose of analysis. We apply the approach to various real-world ACP datasets to demonstrate the feasibility and assess scalability. We demonstrate that the approach is scalable and effectively extracts the NGAC ABAC model from large ACP datasets. We also show that redundancies and inconsistencies of ACP sentences are often found in unclean datasets.

Subject

cybersecurity

attribute-based access control (ABAC)

next generation access control (NGAC)

natural language processing (NLP)

URI

https://hdl.handle.net/10217/239534

Collections

Publications

Full item page

Synthesizing and analyzing attribute-based access control model generated from natural language policy statements

Files

Date

Authors

Journal Title

Journal ISSN

Volume Title

Abstract

Description

Rights Access

Subject

Citation

URI

Associated Publications

Collections