Mining And Black-Box Learning Of Relationship-Based Access Control Policies

Author

Ravishankar Padmavathi Iyer, University at Albany, State University of New YorkFollow

Date of Award

7-1-2023

Language

English

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

College/School/Department

Department of Computer Science

Dissertation/Thesis Chair

Amir Masoumzadeh

Committee Members

Paliath Narendran, Pradeep K. Atrey, Shaghayegh Sahebi

Keywords

Access Control, Black-Box Approach, Information Security, Policy Learning, Policy Mining

Subject Categories

Computer Sciences

Abstract

Information systems collect a huge volume of data about individuals such as social interactions, health/educational records, etc. To protect such data and mitigate privacy risks, access control policies specify what actions different users are authorized to perform in a system. It is important to obtain an accurate specification of the access control policy implemented in a system to 1) safely and effectively use the system as end-users and 2) ensure that it meets developers' expectations of security/privacy. Unfortunately, most systems today do not come with a clearly documented access control policy. Even worse, the access controls implemented in a system might not conform with the documented policy. There is a great deal of complexity involved in testing the correctness of policy implemented by a typical system comprising a large number of users and resources; such testing involves validating an excessive number of accesses.

Recommended Citation

Iyer, Ravishankar Padmavathi, "Mining And Black-Box Learning Of Relationship-Based Access Control Policies" (2023). Legacy Theses & Dissertations (2009 - 2024). 3155.
https://scholarsarchive.library.albany.edu/legacy-etd/3155