Mining Attribute-Based Access Control Policies from Logs
This addresses the need for efficient migration to ABAC in security systems, though it appears incremental as it builds on existing policy mining concepts.
The paper tackles the problem of automating the development of attribute-based access control (ABAC) policies by presenting the first algorithm for mining such policies from operation logs and attribute data, aiming to reduce migration costs.
Attribute-based access control (ABAC) provides a high level of flexibility that promotes security and information sharing. ABAC policy mining algorithms have potential to significantly reduce the cost of migration to ABAC, by partially automating the development of an ABAC policy from information about the existing access-control policy and attribute data. This paper presents an algorithm for mining ABAC policies from operation logs and attribute data. To the best of our knowledge, it is the first algorithm for this problem.