Title :
Towards Policy Retrieval for Provenance Based Access Control Model
Author :
Jisheng Pei ; Xiaojun Ye
Author_Institution :
Sch. of Software, Tsinghua Univ., Beijing, China
Abstract :
Provenance Based Access Control (PBAC) is a new access control mechanism wherein the access control decisions are made based on a set of assertions about provenance traces. Manually designing a variety of provenance based security policies is not trivial work for big data applications with large amount of provenance entity types and complex provenance dependencies. Policy retrieval can reduce such manual labor by automatically "learning" policies from previous provenance traces. In this paper, we look into the composition of PBAC rules to determine the relevant knowledge that should be mined from provenance traces for policy retrieval. We propose a baseline retrieval approach which composes the mined knowledge into candidate rules and verifies them by feeding them into a decision-tree classifier as candidate classification features. We show the feasibility and limitations of the baseline approach with experimenting and thereby present suggestions about the future work for PBAC policy retrieval research.
Keywords :
Big Data; authorisation; information retrieval; PBAC policy retrieval research; PBAC rules; access control mechanism; baseline retrieval; big data applications; candidate classification features; candidate rules; decision tree classifier; provenance based access control model; provenance based security policies; provenance entity types; Access control; Big data; Data mining; Decision trees; Manuals; Training; Access Control; Big Data; Data Provenance; Policy Retrieval; Provenance Based Access Control;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on
Conference_Location :
Beijing
DOI :
10.1109/TrustCom.2014.101
