Identification of Access Control Policy Sentences from Natural Language Policy Documents
作者: Masoud Narouei , Hamed Khanpour , Hassan Takabi
DOI: 10.1007/978-3-319-61176-1_5
关键词:
摘要: Access control mechanisms are a necessary and crucial design element to any application’s security. There plethora of accepted access models in the information security realm. However, attribute-based (ABAC) has been proposed as general model that could overcome limitations dominant (i.e., role-based control) while unifying their advantages. One issue with migrating an ABAC is needs be encoded typically buried within existing natural language artifacts, hence difficult interpret. This requires processing documents extracting policies from those documents. Software requirements policy main sources declaring organizational policies, but they often huge consist lot descriptive sentences lack content. Manually these extract then using them build laborious expensive process. paper first step towards new engineering approach for by identifying contents. We take advantage multiple techniques including pointwise mutual identify evaluate our on different domains conference management, education, healthcare. Our methodology effectively identifies average recall precision 90% all datasets, which bested state-of-the-art 5%.
springer.com
sci-hub.st 参考文章(27)
Nurit Gal-Oz, Yaron Gonen, Ran Yahalom, Ehud Gudes, Boris Rozenberg, Erez Shmueli, Mining roles from web application usage patterns trust and privacy in digital business. pp. 125- 137 ,(2011) , 10.1007/978-3-642-22890-2_11
Eric Medvet, Alberto Bartoli, Barbara Carminati, Elena Ferrari, Evolutionary Inference of Attribute-Based Access Control Policies international conference on evolutionary multi-criterion optimization. ,vol. 9018, pp. 351- 365 ,(2015) , 10.1007/978-3-319-15934-8_24
Masoud Narouei, Hassan Takabi, Automatic Top-Down Role Engineering Framework Using Natural Language Processing Techniques international conference information security theory and practice. pp. 137- 152 ,(2015) , 10.1007/978-3-319-24018-3_9
Christopher D. Manning, Prabhakar Raghavan, Hinrich Schutze, Probabilistic information retrieval Introduction to Information Retrieval. pp. 201- 217 ,(2008) , 10.1017/CBO9780511809071.012
George Forman, Ira Cohen, Learning from little: comparison of classifiers given little training european conference on principles of data mining and knowledge discovery. pp. 161- 172 ,(2004) , 10.1007/978-3-540-30116-5_17
Bill MacCartney, Marie-Catherine de Marneffe, Christopher D. Manning, Generating Typed Dependency Parses from Phrase Structure Parses language resources and evaluation. pp. 449- 454 ,(2006)
Peter D. Turney, Mining the web for synonyms: PMI-IR versus LSA on TOEFL european conference on machine learning. pp. 491- 502 ,(2001) , 10.1007/3-540-44795-4_42
Richard van de Stadt, CyberChair: A Web-Based Groupware Application to Facilitate the Paper Reviewing Process arXiv: Digital Libraries. ,(2012)
Deguang Kong, Lei Cen, Hongxia Jin, AUTOREB: Automatically Understanding the Review-to-Behavior Fidelity in Android Applications computer and communications security. pp. 530- 541 ,(2015) , 10.1145/2810103.2813689
Xiaofei Lu, Automatic analysis of syntactic complexity in second language writing International Journal of Corpus Linguistics. ,vol. 15, pp. 474- 496 ,(2010) , 10.1075/IJCL.15.4.02LU