Enhanced Adaptable and Distributed Access Control Decision Making Model Based on Machine Learning for Policy Conflict Resolution in BYOD Environment
-
Published:2023-06-14
Issue:12
Volume:13
Page:7102
-
ISSN:2076-3417
-
Container-title:Applied Sciences
-
language:en
-
Short-container-title:Applied Sciences
Author:
Ayedh M Aljuaid Turkea12ORCID, Wahab Ainuddin Wahid Abdul1ORCID, Idris Mohd Yamani Idna13
Affiliation:
1. Faculty of Computer Science and Information Technology, Universiti Malaya, Kuala Lumpur 50603, Malaysia 2. Faculty of Computing and Information Technology, Shaqra University, Shaqra 11961, Saudi Arabia 3. Center for Mobile Cloud Computing, Faculty of Computer Science and Information Technology, Universiti Malaya, Kuala Lumpur 50603, Malaysia
Abstract
Organisations are adopting new IT strategies such as “Bring Your Own Device” (BYOD) and remote working. These trends are highly beneficial both for enterprise owners and employees in terms of increased productivity and reduced costs. However, security issues such as unauthorised access as well as privacy concerns pose significant obstacles. These can be overcome by adopting access control techniques and a dynamic security and privacy policy that governs these issues where they arise. Policy decision points in traditional access control systems, such as role-based access control (RBAC), attribute-based access control (ABAC), or relationship-based access control (ReBAC), may be limited because the status of access control can vary in response to minor changes in user and resource properties. As a result, system administrators rely on a solution for constructing complex rules with many conditions and permissions for decision control. This results in access control issues, including policy conflicts, decision-making bottlenecks, delayed access response times and mediocre performance. This paper proposes a policy decision-making and access control-based supervised learning algorithm. The algorithm enhances policy decision points (PDPs). This is achieved by transforming the PDP’s problem into a binary classification for security access control that either grants or denies access requests. Also, a vector decision classifier based on the supervised machine learning algorithm is developed to generate an accurate, effective, distributed and dynamic policy decision point (PDP). Performance was evaluated using the Kaggle-Amazon access control policy dataset, which compared the effectiveness of the proposed mechanism to previous research benchmarks in terms of performance, time and flexibility. The proposed solution obtains a high level of privacy for access control policies because the PDP does not communicate directly with the policy administration point (PAP). In conclusion, PDP-based ML generates accurate decisions and can simultaneously fulfill multiple massive policies and huge access requests with 95% Accuracy in a short response time of around 0.15 s without policy conflicts. Access control security is improved by making it dynamic, adaptable, flexible and distributed.
Funder
University of Malaya Impact Oriented Interdisciplinary Research
Subject
Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science
Reference27 articles.
1. Preventing unauthorized access in information centric networking;AbdAllah;Secur. Priv.,2018 2. Compliance with Bring Your Own Device security policies in organizations: A systematic literature review;Palanisamy;Comput. Secur.,2020 3. Enhancing cloud security through access control models: A survey;Langaliya;Int. J. Comput. Appl.,2015 4. Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., and Reninger, A.S. (2007, January 20–23). Fuzzy multi-level security: An experiment on quantified risk-adaptive access control. Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP’07), Oakland, CA, USA. 5. Ferraiolo, D., Cugini, J., and Kuhn, D.R. (1995, January 11–15). Role-based access control (RBAC): Features and motivations. Proceedings of the 11th Annual Computer Security Application Conference, New Orleans, LA, USA.
|
|