浏览全部资源
扫码关注微信
基于深度学习的ABAC访问控制策略自动化生成技术
ABAC access control policy generation technique based on deep learning
- 通信学报 2020年41卷第12期 页码:8-20
- 作者机构:
1. 信息工程大学,河南 郑州 450001
2. 河南省信息安全重点实验室,河南 郑州 450001
3. 周口师范学院,河南 周口 466001
- 作者简介:
[ "刘敖迪(1992- ),男,黑龙江伊春人,信息工程大学博士生,主要研究方向为大数据安全、访问控制技术。" ]
[ "杜学绘(1968- ),女,河南辉县人,博士,信息工程大学教授、博士生导师,主要研究方向为网络信息安全。" ]
[ "王娜(1980- ),女,河南济源人,博士,信息工程大学副教授、硕士生导师,主要研究方向为大数据安全。" ]
[ "乔蕊(1983- ),女,河南周口人,博士,周口师范学院教授,主要研究方向为区块链安全。" ]
- 基金信息:国家重点研发计划基金资助项目(2018YFB0803603);国家重点研发计划基金资助项目(2016YFB0501901);国家自然科学基金资助项目(61802436);国家自然科学基金资助项目(61902447)
DOI:10.11959/j.issn.1000-436X.2020212
中图分类号: TP309-
网络出版日期:2020-12,
纸质出版日期:2020-12-25
- 稿件说明:
移动端阅览
刘敖迪, 杜学绘, 王娜, 等. 基于深度学习的ABAC访问控制策略自动化生成技术[J]. 通信学报, 2020,41(12):8-20.
Aodi LIU, Xuehui DU, Na WANG, et al. ABAC access control policy generation technique based on deep learning[J]. Journal on communications, 2020, 41(12): 8-20.
刘敖迪, 杜学绘, 王娜, 等. 基于深度学习的ABAC访问控制策略自动化生成技术[J]. 通信学报, 2020,41(12):8-20. DOI: 10.11959/j.issn.1000-436X.2020212.
Aodi LIU, Xuehui DU, Na WANG, et al. ABAC access control policy generation technique based on deep learning[J]. Journal on communications, 2020, 41(12): 8-20. DOI: 10.11959/j.issn.1000-436X.2020212.
摘要
针对访问控制策略的自动化生成问题,提出了一种基于深度学习的ABAC访问控制策略生成框架,从自然语言文本中提取基于属性的访问控制策略,该技术能够显著降低访问控制策略生成的时间成本,为访问控制的实施提供有效支持。将策略生成问题分解为访问控制语句识别和访问控制属性挖掘两项核心任务,分别设计了 BiGRU-CNN-Attention和 AM-BiLSTM-CRF这 2个神经网络模型来实现访问控制策略语句识别和访问控制属性挖掘,从而生成可读、可执行的访问控制策略。实验结果表明,与基准方法相比,所提方法具有更好的性能。特别是在访问控制策略语句识别任务中平均F1-score指标能够达到0.941,比当前的state-of-the-art方法性能提高了4.1%。
Abstract
To solve the problem of automatic generation of access control policies
an access control policy generation framework based on deep learning was proposed.Access control policy based on attributes could be generated from natural language texts.This technology could significantly reduce the time cost of access control policy generation and provide effective support for the implementation of access control.The policy generation problem was decomposed into two core tasks
identification of access control policy sentence and access control attribute mining.Neural network models such as BiGRU-CNN-Attention and AM-BiLSTM-CRF were designed respectively to realize identification of access control policy sentence and access control attribute mining
so as to generate readable and executable access control policies.Experimental results show that the proposed method has better performance than the benchmark method.In particular
the average F1-score index can reach 0.941 in the identification task of access control policy sentence
which is 4.1% better than the current state-of-the-art method.
关键词
Keywords
references
冯登国 , 张敏 , 李昊 . 大数据安全与隐私保护 [J ] . 计算机学报 , 2014 , 37 ( 1 ): 246 - 258 .
FENG D G , ZHANG M , LI H . Big data security and privacy protection [J ] . Chinese Journal of Computers , 2014 , 37 ( 1 ): 246 - 258 .
房梁 , 殷丽华 , 郭云川 , 等 . 基于属性的访问控制关键技术研究综述 [J ] . 计算机学报 , 2017 , 40 ( 7 ): 1680 - 1698 .
FANG L , YIN L H , GUO Y C , et al . A survey of key technologies in attribute-based access control scheme [J ] . Chinese Journal of Computers , 2017 , 40 ( 7 ): 1680 - 1698 .
SERVOS D , OSBORN S L . Current research and open problems in attribute-based access control [J ] . ACM Computing Surveys , 2017 , 49 ( 4 ): 1 - 45 .
XIN J , KRISHNAN R , SANDHU R . A unified attribute-based access control model covering DAC,MAC and RBAC [C ] // Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy . Berlin:Springer , 2012 : 41 - 55 .
HU V , KUHN D , FERRAIOLO D . Attribute-based access control [J ] . Computer , 2015 , 48 ( 2 ): 85 - 88 .
BUI T , STOLLER S D , LI J . Greedy and evolutionary algorithms for mining relationship-based access control policies [J ] . Computers & Security , 2019 , 80 : 317 - 333 .
SANDERS M W , YUE C . Mining least privilege attribute based access control policies [C ] // Annual Computer Security Applications Conference . New York:ACM Press , 2019 : 404 - 416 .
VAIDYA J , ATLURI V , WARNER J , et al . Role engineering via prioritized subset enumeration [J ] . IEEE Transactions on Dependable & Secure Computing , 2010 , 7 ( 3 ): 300 - 314 .
BAUMGRASS A , STREMBECK M . Bridging the gap between role mining and role engineering via migration guides [J ] . Information Security Technical Report , 2013 , 17 ( 4 ): 148 - 172 .
HARIKA P , NAGAJYOTHI M , JOHN J C , et al . Meeting cardinality constraints in role mining [J ] . IEEE Transactions on Dependable &Secure Computing , 2015 , 12 ( 1 ): 71 - 84 .
NEUMANN G , STREMBECK M . A scenario-driven role engineering process for functional RBAC roles [C ] // Symposium on Access Control Models and Technologies . New York:ACM Press , 2002 : 33 - 42 .
DAS S , SURAL S , VAIDYA J , et al . VisMAP:visual mining of attribute-based access control policies [C ] // International Conference on Information Systems Security . Berlin:Springer , 2019 : 79 - 98 .
TALUKDAR T , BATRA G , VAIDYA J , et al . Efficient bottom-up mining of attribute based access control policies [C ] // IEEE 3rd International Conference on Collaboration and Internet Computing . Piscataway:IEEE Press , 2017 : 339 - 348 .
KARIMI L , JOSHI J . An unsupervised learning based approach for mining attribute based access control policies [C ] // International Conference on Big Data . Piscataway:IEEE Press , 2018 : 1427 - 1436 .
COTRINI C , WEGHORN T , BASIN D . Mining ABAC rules from sparse logs [C ] // IEEE European Symposium on Security and Privacy . Piscataway:IEEE Press , 2018 : 31 - 46 .
GAUTAM M , JHA S , SURAL S , et al . Poster:constrained policy mining in attribute based access control [C ] // Symposium on Access Control Models and Technologies . New York:ACM Press , 2017 : 121 - 123 .
IYER P , MASOUMZADEH A . Mining positive and negative attribute-based access control policy rules [C ] // Symposium on Access Control Models and technologies . New York:ACM Press , 2018 : 161 - 172 .
KUHLMANN M , SHOHAT D , SCHIMPF G , et al . Role mining-revealing business roles for security administration using data mining technology [C ] // Symposium on Access Control Models and Technologies . New York:ACM Press , 2003 : 179 - 186 .
NAROUEI M , KHANPOUR H , TAKABI H . Identification of access control policy sentences from natural language policy documents [C ] // IFIP Annual Conference on Data and Applications Security and Privacy . Berlin:Springer , 2017 : 82 - 100 .
NAROUEI M , TAKABI H , NIELSEN R D . Automatic extraction of access control policies from natural language documents [J ] . IEEE Transactions on Dependable and Secure Computing , 2018 , 17 ( 3 ): 1 .
XU Z , STOLLER S D . Mining attribute-based access control policies [J ] . IEEE Transactions on Dependable and Secure Computing , 2015 , 12 ( 5 ): 533 - 545 .
MOCANU D C , TURKMEN F , LIOTTA A . Towards ABAC policy mining from logs with deep learning [C ] // In Proceedings of International Multi Conference . Piscataway:IEEE Press , 2015 : 10 - 16 .
HE Q,ANTÓN A I . Requirements-based access control analysis and policy specification (ReCAPS) [J ] . Information & Software Technology , 2009 , 51 ( 6 ): 993 - 1009 .
SHI L L , CHADWICK D W . A controlled natural language interface for authoring access control policies [C ] // Applied Computing . New York:ACM Press , 2011 : 1524 - 1530 .
SCHWITTER R , . Controlled natural languages for knowledge representation [C ] // International Conference on Computational Linguistics . New York:ACM Press , 2010 : 1113 - 1121 .
XIAO X , PARADKAR A , THUMMALAPENTA S , et al . Automated extraction of security policies from natural-language software documents [C ] // ACM Sigsoft International Symposium on the Foundations of Software Engineering . New York:ACM Press , 2012 : 1 - 11 .
SLANKAS J , WILLIAMS L . Access control policy extraction from unconstrained natural language text [C ] // 2013 International Conference on Social Computing . New York:ACM Press , 2013 : 435 - 440 .
SLANKAS J , XIAO X , WILLIAMS L , et al . Relation extraction for inferring access control rules from natural language artifacts [C ] // Proceedings of the 30th Annual Computer Security Applications Conference . New York:ACM Press , 2014 : 366 - 375 .
NAROUEI M , TAKABI H . Automatic top-down role engineering framework using natural language processing techniques [C ] // International Conference Information Security Theory and Practice . New York:ACM Press , 2015 : 137 - 152 .
NAROUEI M , TAKABI H . Towards an automatic top-down role engineering approach using natural language processing techniques [C ] // Symposium on Access Control Models and Technologies . New York:ACM Press , 2015 : 157 - 160 .
NAROUEI M , KHANPOUR H , TAKABI H , et al . Towards a top-down policy engineering framework for attribute-based access control [C ] // Symposium on Access Control Models and Technologies . New York:ACM Press , 2017 : 103 - 114 .
ALOHALY M , TAKABI H , BLANCO E , et al . A deep learning approach for extracting attributes of ABAC policies [C ] // Symposium on Access Control models and Technologies . New York:ACM Press , 2018 : 137 - 148 .
ALOHALY M , TAKABI H , BLANCO E . Automated extraction of attributes from natural language attribute-based access control (ABAC) policies [J ] . Cybersecurity , 2019 , 2 ( 1 ): 2 - 12 .
BROSSARD D , GEBEL G , BERG M . A systematic approach to implementing ABAC [C ] // Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control . New York:ACM Press , 2017 : 53 - 59 .
DEVLIN J , CHANG M , LEE K , et al . BERT模型:pre-training of deep bidirectional transformers for language understanding [C ] // North American Chapter of the Association for Computational Linguistics . Virginia:NAACL , 2019 : 4171 - 4186 .
LUO X , ZHOU W , WANG W , et al . Attention-based relation extraction with bidirectional gated recurrent unit and highway network in the analysis of geological data [J ] . IEEE Access , 2018 , 6 : 5705 - 5715 .
0
浏览量
751
下载量
0
CSCD
- 网络PDF下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
AI问答
鸿云智能
中文
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:151733 今日访问量:2