|
\justifying Attribute-Based Access Control (ABAC) has been chosen to replace the traditional access control model due to its dynamics, flexibility and scalability recently. However, during the migration and deployment process of ABAC policies, the key issue is how to mine an accurate and concise access control policy collection and quickly evaluate the policies when an access request arrives. Previous studies have typically taken the problems of policy mining and policy evaluation separately. Policy mining primarily focuses on the compactness of the policy itself, while policy evaluation concentrates on assessing the performance of policy matching. The lack of coordination between policy mining and policy evaluation results in that the concise strategy obtained through policy mining cannot maximize the performance of policy evaluation. To trick this issue, this paper proposed a decision tree based ABAC policy mining and policy evaluation (DTAME) scheme that addresses both issues concurrently by introducing an ABAC policy mining and evaluation method based on the decision tree algorithm. On the other hand, some hotspot policy rules are frequently accessed in some scenarios. Therefore, to maximize evaluation performance, this paper also optimizes the algorithm based on access control logs. Experimental results show that the DTAME can enhance the performance of policy evaluation while ensuring that the mined policies remain compact and effective. |
|
Keywords:Computer Science and Technology; ABAC; Decision Tree; Policy Mining; Policy Evaluation |
|