Next Article in Journal
Tourist Behaviour Analysis Based on Digital Pattern of Life—An Approach and Case Study
Previous Article in Journal
Digital Twin Conceptual Model within the Context of Internet of Things
Open AccessArticle

Policy-Engineering Optimization with Visual Representation and Separation-of-Duty Constraints in Attribute-Based Access Control

Center of Network Information and Computing, Xinyang Normal University, Xinyang 464000, China
*
Author to whom correspondence should be addressed.
Future Internet 2020, 12(10), 164; https://doi.org/10.3390/fi12100164
Received: 17 August 2020 / Revised: 22 September 2020 / Accepted: 24 September 2020 / Published: 27 September 2020
(This article belongs to the Section Cybersecurity)
Recently, attribute-based access control (ABAC) has received increasingly more attention and has emerged as the desired access control mechanism for many organizations because of its flexibility and scalability for authorization management, as well as its security policies, such as separation-of-duty constraints and mutually exclusive constraints. Policy-engineering technology is an effective approach for the construction of ABAC systems. However, most conventional methods lack interpretability, and their constructing processes are complex. Furthermore, they do not consider the separation-of-duty constraints. To address these issues in ABAC, this paper proposes a novel method called policy engineering optimization with visual representation and separation of duty constraints (PEO_VR&SOD). First, to enhance interpretability while mining a minimal set of rules, we use the visual technique with Hamming distance to reduce the policy mining scale and present a policy mining algorithm. Second, to verify whether the separation of duty constraints can be satisfied in a constructed policy engineering system, we use the method of SAT-based model counting to reduce the constraints and construct mutually exclusive constraints to implicitly enforce the given separation of duty constraints. The experiments demonstrate the efficiency and effectiveness of the proposed method and show encouraging results. View Full-Text
Keywords: attribute-based access control; policy engineering; visual authorization representation; separation-of-duty constraints attribute-based access control; policy engineering; visual authorization representation; separation-of-duty constraints
Show Figures

Figure 1

MDPI and ACS Style

Sun, W.; Su, H.; Xie, H. Policy-Engineering Optimization with Visual Representation and Separation-of-Duty Constraints in Attribute-Based Access Control. Future Internet 2020, 12, 164.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop