U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

NISTIR 8360 (Draft)

Machine Learning for Access Control Policy Verification

Date Published: March 2021
Comments Due: May 7, 2021 (public comment period is CLOSED)
Email Questions to: ir8360-comments@nist.gov

Author(s)

Vincent Hu (NIST)

Announcement

Access control policy verification ensures that there are no faults within the policy that leak or block access privileges. To answer the challenges of traditional verification methods, this report proposes an efficient and straightforward method for access control policy verification by applying a classification algorithm of machine learning. This method does not require comprehensive test cases, oracle, or system translation but rather checks the logic of policy rules directly, making it more efficient and feasible compared to traditional methods. This report also demonstrates an experiment for the proposed method with an example that uses current available machine learning tools to facilitate the random forest classification algorithm. The result illustrates its capabilities as well as parameter settings for performing the verification steps. 

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications

Abstract

Keywords

ABAC; access control; access control test; access control verification; AI; authorization; machine learning; policy
Control Families

None selected

Documentation

Publication:
NISTIR 8360 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Document History:
03/23/21: NISTIR 8360 (Draft)

Topics

Security and Privacy
access authorization; access control

Technologies
artificial intelligence