Top

Published in:

2019 | OriginalPaper | Chapter

Towards an Automated Extraction of ABAC Constraints from Natural Language Policies

Authors : Manar Alohaly, Hassan Takabi, Eduardo Blanco

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Due to the recent trend towards attribute-based access control (ABAC), several studies have proposed constraints specification languages for ABAC. These formal languages enable security architects to express constraints in a precise mathematical notation. However, since manually formulating constraints involves analyzing multiple natural language policy documents in order to infer constraints-relevant information, constraints specification becomes a repetitive, time-consuming and error-prone task. To bridge the gap between the natural language expression of constraints and formal representations, we propose an automated framework to infer elements forming ABAC constraints from natural language policies. Our proposed approach is built upon recent advancements in natural language processing, specifically, sequence labeling. The experiments, using Bidirectional Long-Short Term Memory (BiLSTM), achieved an F1 score of 0.91 in detecting at least 75% of each constraint expression. The results suggest that the proposed approach holds promise for enabling this automation.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Fine-Grained Access Control in Industrial Internet of Things

next chapter Removing Problems in Rule-Based Policies

In these examples track, position and employmentType are attribute names. According to the constraints specification language, ABCL [2, 3], attributeName (OE(U)) is an expression that computes all possible values of the respective attribute while assignedEntities returns the entities that satisfy certain attribute values.

A token is usually defined as “an instance of a sequence of characters in some particular document that are grouped together as a useful semantic unit for processing.”

A noun phrase is a sequence of words consisting of a head noun and zero or more modifying adjectives and/or nouns.

A named entity is a real-world object, such as persons, locations, organizations, products, etc.

https://spacy.io/.

https://github.com/biplab-iitb/practNLPTools.

Alohaly, M., Takabi, H., Blanco, E.: A deep learning approach for extracting attributes of ABAC policies. In: Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies (2018)

Bijon, K.Z., Krishman, R., Sandhu, R.: Constraints specication in attribute based access control. Science 2(3), 131 (2013)

Bijon, K.Z., Krishnan, R., Sandhu, R.: Towards an attribute based constraints specification language. In: 2013 International Conference on Social Computing (SocialCom), pp. 108–113. IEEE (2013)

Chen, D., Manning, C.: A fast and accurate dependency parser using neural networks. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 740–750 (2014)

Fader, A., Soderland, S., Etzioni, O.: Identifying relations for open information extraction. In: Proceedings of the Conference on Empirical Methods in Natural Language Processing, pp. 1535–1545. Association for Computational Linguistics (2011)

Franzén, K., Eriksson, G., Olsson, F., Asker, L., Lidén, P., Cöster, J.: Protein names and how to find them. Int. J. Med. Inform. 67(1–3), 49–61 (2002)CrossRef

Helil, N., Rahman, K.: Attribute based access control constraint based on subject similarity. In: 2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA), pp. 226–229. IEEE (2014)

Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST special publication 800-162 (2013)

Huang, Z., Xu, W., Yu, K.: Bidirectional LSTM-CRF models for sequence tagging. arXiv preprint arXiv:1508.01991 (2015)

10.

Jha, S., Sural, S., Atluri, V., Vaidya, J.: Specification and verification of separation of duty constraints in attribute-based access control. IEEE Trans. Inf. Forensics Secur. 13(4), 897–911 (2018)CrossRef

11.

Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31540-4_4CrossRef

12.

Johansson, R., Nugues, P.: Dependency-based semantic role labeling of PropBank. In: Proceedings of the Conference on Empirical Methods in Natural Language Processing, EMNLP 2008, pp. 69–78. Association for Computational Linguistics, Stroudsburg (2008). http://dl.acm.org/citation.cfm?id=1613715.1613726

13.

Kang, T., Zhang, S., Xu, N., Wen, D., Zhang, X., Lei, J.: Detecting negation and scope in chinese clinical notes using character and word embedding. Comput. Methods Prog. Biomed. 140, 53–59 (2017)CrossRef

14.

Kübler, S., McDonald, R., Nivre, J.: Dependency Parsing. Morgan & Claypool Publishers, San Rafael (2009)CrossRef

15.

Lafferty, J., McCallum, A., Pereira, F.C.: Conditional random fields: probabilistic models for segmenting and labeling sequence data (2001)

16.

Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013)

17.

Miyao, Y., Butler, A., Yoshimoto, K., Tsujii, J.: A modular architecture for the wide-coverage translation of natural language texts into predicate logic formulas. In: Proceedings of the 24th Pacific Asia Conference on Language, Information and Computation (2010)

18.

Narouei, M., Khanpour, H., Takabi, H., Parde, N., Nielsen, R.: Towards a top-down policy engineering framework for attribute-based access control. In: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, pp. 103–114. ACM (2017)

19.

Narouei, M., Takabi, H.: Towards an automatic top-down role engineering approach using natural language processing techniques. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, pp. 157–160. ACM (2015)

20.

Pennington, J., Socher, R., Manning, C.: GloVe: global vectors for word representation. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 1532–1543 (2014)

21.

Singh, M.P.: AHCSABAC: attribute value hierarchies and constraints specification in attribute-based access control. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 35–41. IEEE (2016)

22.

Slankas, J., Williams, L.: Access control policy identification and extraction from project documentation. Acad. Sci. Eng. Sci. 2(3), 145–159 (2013)

23.

Slankas, J., Xiao, X., Williams, L., Xie, T.: Relation extraction for inferring access control rules from natural language artifacts. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 366–375. ACM (2014)

24.

Tjong Kim Sang, E.F., De Meulder, F.: Introduction to the CoNLL-2003 shared task: language-independent named entity recognition. In: Proceedings of the Seventh Conference on Natural Language Learning at HLT-NAACL 2003, vol. 4, pp. 142–147. Association for Computational Linguistics (2003)

25.

Xiao, X., Paradkar, A., Thummalapenta, S., Xie, T.: Automated extraction of security policies from natural-language software documents. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, p. 12. ACM (2012)

Title: Towards an Automated Extraction of ABAC Constraints from Natural Language Policies
Authors: Manar Alohaly
Hassan Takabi
Eduardo Blanco
Publisher: Springer International Publishing
Book: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-030-22311-3

Electronic ISBN: 978-3-030-22312-0

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-22312-0_8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner