| Popis: |
Recent years have seen a growing interest in Attribute-based Access Control (ABAC) because it can provide fine-grained, domain independent authorizations suitable for a wide range of applications. One important issue that arises with the evaluation of ABAC policies is that complete information may be unavailable and, thus, the policy decision point may have to reason with and make access decisions based on missing attributes. In this paper, we explore the use of attribute similarity to exploit the available information for decision making. Our approach relies on an attribute graph encoding the relationships and semantic closeness between attributes to compute the similarity between attributes and encompasses a novel probabilistic policy evaluation function to compute a likelihood estimation of reaching a certain decision based on attribute similarity. Determining the applicability of policies based on attribute similarity, however, can introduce the risks of wrongly granting/denying access. To this end, we show how such risks can be quantified and accounted for to reach a conclusive decision. |
