Access Control Policy Generation Method Based on Access Control Logs

To overcome the policy generation problem faced by other access control mechanism in the process of migration to attribution-based access control mechanism, an access control policy generation method based on access control log is proposed. The recursive attribute elimination method is utilized to implement attribute selection. Based on information impurity, the attribute-permission relationship is extracted from the access control logs, and the result of entity attribute selection is combined to build the policy structure tree, so as to realize the policy generation of Attribute-Based Access Control (ABAC). In addition, an optimization algorithm based on binary search is designed to calculate quickly the parameters of the optimal policy generation. The experimental results show that only 32.56% of the attribute information in the original entity attribute set can be used to cover 95% of the permission in the log. The size of the policies is also reduced to 33.33% of the original size. The effectiveness of the scheme is proved.