The purpose of this study is to propose a top-down policy engineering framework for attribute-based access control (ABAC) that aims to automatically extract ACPs from requirement specifications documents, and then, using the extracted policies, build or update an ABAC model. We specify a procedure that consists of three main components: 1) ACP sentence identification, 2) policy element extraction, and 3) ABAC model creation and update. ACP sentence identification processes unrestricted natural language documents and identify the sentences that carry ACP content. We propose and compare three different methodologies from different disciplines, namely deep recurrent neural networks (RNN-based), biological immune system (BIS-based), and a combination of multiple natural language processing techniques (PMI-based) in order to identify the proper methodology for extracting ACP sentences from irrelevant text. Our evaluation results improve the state-of-the-art by a margin of 5% F1-Measure. To aid future research, we also introduce a new dataset that includes 5000 sentences from real-world policy documents. ABAC policy extraction extracts ACP elements such as subject, object, and action from the identified ACPs. We use semantic roles and correctly identify ACP elements with an average F1 score of 75%, which bests the previous work by 15%. Furthermore, as SRL tools are often trained on publicly available corpora such as Wall Street Journal, we investigate the idea of improving SRL performance using domain-related knowledge. We utilize domain adaptation and semi-supervised learning techniques and improve the SRL performance by 2% using only a small amount of access control data. The third component, ABAC model creation and update, builds a new ABAC model or updates an existing one using the extracted ACP elements. For this purpose, we present an efficient methodology based on a particle swarm optimization algorithm for solving ABAC policy mining with minimal perturbation. Experimental results demonstrate that the proposed methodology generates much less complex policies than previous works using the same realistic case studies. Furthermore, we perform experiments on how to find an ABAC state as similar as possible to both the existing state and the optimal state. Part of the data utilized in this study was collected from the University of North Texas Policy Office, as well as policy documents from the university of North Texas Health Science Center, for the school years 2015-2016 through 2016-2017.
| Identifer | oai:union.ndltd.org:unt.edu/info:ark/67531/metadc1703379 |
| Date | 05 1900 |
| Creators | Narouei, Masoud |
| Contributors | Blanco, Eduardo, Takabi, Hassan, Nielsen, Rodney, Do, Hyunsook |
| Publisher | University of North Texas |
| Source Sets | University of North Texas |
| Language | English |
| Detected Language | English |
| Type | Thesis or Dissertation |
| Format | ix, 132 pages, Text |
| Rights | Public, Narouei, Masoud, Copyright, Copyright is held by the author, unless otherwise noted. All rights Reserved. |
Page generated in 0.0022 seconds