Workshop for Women in Cybersecurity Research (CyberW)

KeyNote by elisa bertino

Title:

Learning Attribute-Based Access Control Policies from Data

Abstract:

Attribute-based access control (ABAC) is being widely adopted due to its flexibility and universality in capturing authorizations in terms of the properties (attributes) of users and resources. However, specifying ABAC policies is a complex task due to the variety of such attributes. Moreover, migrating an access control system adopting a low-level model to ABAC can be challenging. An approach for generating ABAC policies is to learn them from data, namely from logs of historical access requests and their corresponding decisions. In this talk, we will present a novel framework for learning ABAC policies from data. The framework, referred to as Polisma, combines data mining, statistical, and machine learning techniques. Polisma capitalizes on potential context information obtained from external sources (e.g., LDAP directories) to enhance the learning process. The approach is evaluated empirically using two datasets (real and synthetic). Experimental results show that Polisma is able to generate ABAC policies that accurately control access requests and outperforms existing approaches

Bio:

Professor Elisa Bertino joined Purdue in January 2004 as professor in Computer Science and research director at CERIAS. Her research interests cover many areas in the fields of information security and database systems. Her research combines both theoretical and practical aspects, addressing applications on a number of domains, such as medicine and humanities. Current research includes: access control systems, secure publishing techniques and secure broadcast for XML data; advanced RBAC models and foundations of access control models; trust negotiation languages and privacy; data mining and security; multi-strategy filtering systems for Web pages and sites; security for grid computing systems; integration of virtual reality techniques and databases; and geographical information systems and spatial databases.

Professor Bertino serves or has served on the editorial boards of several journals - many of which are related to security, such as the ACM Transactions on Information and System Security, the IEEE Security & Privacy Magazine, and IEEE Transactions on Dependable and Secure Computing. She is currently serving as program chair of the 36th International Conference on Very Large Data Bases (VLDB 2010). Professor Bertino is a Fellow of the Institute of Electrical and Electronics Engineers and a Fellow of ACM. She received the IEEE Computer Society Technical Achievement award in 2002 for outstanding contributions to database systems and database security and advanced data management systems, and received the 2005 Tsutomu Kanai Award by the IEEE Computer Society for pioneering and innovative research contributions to secure distributed systems.

She is recently served in the IEEE Computer Society Board of Governors and as Chair of ACM SIGSAC.