Pith. sign in

REVIEW

Mining Domain-Based Policies

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 2312.15596 v1 pith:S376BG6S submitted 2023-12-25 cs.CR

Mining Domain-Based Policies

classification cs.CR
keywords domain-basedpoliciesaccessminingcontroldbpmdomainproblem
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

Protection domains are one of the most enduring concepts in Access Control. Entities with identical access control characteristics are grouped under the same protection domain, and domain-based policies assign access privileges to the protection domain as a whole. With the advent of the Internet of Things (IoT), devices play the roles of both subjects and objects. Domain-based policies are particularly suited to support this symmetry of roles. This paper studies the mining of domain-based policies from incomplete access logs. We began by building a theory of domain-based policies, resulting in a polynomial-time algorithm that constructs the optimal domain-based policy out of a given access control matrix. We then showed that the problem of domain-based policy mining (DBPM) and the related problem of mining policies for domain and type enforcement (DTEPM) are both NP-complete. Next, we looked at the practical problem of using a MaxSAT solver to solve DBPM. We devised sophisticated encodings for this purpose, and empirically evaluated their relative performance. This paper thus lays the groundwork for future study of DBPM.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.